James S White fapestniegd
fapestniegd
/ gist:744154
Created
December 16, 2010 22:40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # An example hook script that is called after a successful | |
| # commit is made. | |
| # | |
| # To enable this hook, make this file executable. | |
| if [ ! -z ${RT_TICKET} ]; then | |
| /usr/bin/git push | |
| comment=`/usr/bin/git log|/usr/bin/head -5|/usr/bin/tail -1`; | |
| hash=`/usr/bin/git log|/usr/bin/head -1`; |
fapestniegd
/ gist:744030
Created
December 16, 2010 21:17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| body agent control | |
| { | |
| # if default runtime is 5 mins we need this for long jobs | |
| ifelapsed => "15"; | |
| default_repository => "/var/cfengine/repository"; | |
| debian:: | |
| environment => { "DEBIAN_FRONTEND=noninteractive" }; | |
| } |
fapestniegd
/ gist:742757
Created
December 15, 2010 23:10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bundle agent rsyslog { | |
| packages: | |
| debian:: | |
| "rsyslog" | |
| depend_on => "apt_prefernces", | |
| package_policy => "add", | |
| package_method => apt, | |
| package_architectures => { "i386" }; | |
| "/etc/apt/preferences" | |
| handle => "apt_preferences", |
fapestniegd
/ gist:742434
Created
December 15, 2010 19:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Package: * | |
| Pin: release a=lenny | |
| Pin-Priority: 500 | |
| Package: * | |
| Pin: release a=lenny-backports | |
| Pin-Priority: 200 | |
| # rsyslog with tls and local buffering |
fapestniegd
/ gist:741451
Created
December 15, 2010 01:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Configuration Management Maturity Model: | |
| level_1: configurations edited by hand on separate machines | |
| level_2: configurations edited by hand but stored in a central location, | |
| pulled to infrastructure | |
| level_3: centrally stored configurations are normalized to reduce redundancy, | |
| (only one copy stored of files common to all hosts) but site-specific | |
| data still exists within all the files |
fapestniegd
/ gist:741436
Created
December 15, 2010 00:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1) get your domain $(dnsdomainname) | |
| 2) get all top-level namingcontexts: | |
| namingcontexts(){ | |
| CONTEXTS=$( | |
| ldapsearch -xLH ldaps://$(hostname -f):636 -b '' -s base \ | |
| -D "cn=$(hostname -s),ou=Hosts,dc=websages,dc=com" \ | |
| -w $(secret) "(objectclass=*)" namingContexts |\ | |
| grep -i "^namingContexts:" | sed -e 's/namingContexts://g' | tr '\n' ' ' | |
| ) |
fapestniegd
/ gist:741408
Created
December 15, 2010 00:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| namingcontexts(){ | |
| CONTEXTS=$( | |
| ldapsearch -xLH ldaps://$(hostname -f):636 -b '' -s base \ | |
| -D "cn=$(hostname -s),ou=Hosts,dc=websages,dc=com" \ | |
| -w $(secret) "(objectclass=*)" namingContexts |\ | |
| grep -i "^namingContexts:" | sed -e 's/namingContexts://g' | tr '\n' ' ' | |
| ) | |
| echo ${CONTEXTS} | |
| } |
fapestniegd
/ gist:741405
Created
December 15, 2010 00:29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #INTERFACE #SOURCE #SNAT | |
| eth0:172.16.0.0/12 72.14.177.235/32 172.16.0.1 | |
| eth0:10.0.0.0/8 72.14.177.235/32 172.16.0.1 | |
| eth0:192.168.0.0/16 72.14.177.235/32 172.16.0.1 |
fapestniegd
/ gist:740922
Created
December 14, 2010 19:22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| rm -fr /dev/shm/certificate.* | |
| ################################################################### | |
| # Requires: gpg-init, secret-init, rotate-secret | |
| ################################################################### | |
| export PATH="/usr/local/bin:/usr/bin:/bin:/usr/sbin:/usr/local/sbin:/sbin" | |
| ################################################################### | |
| # These need to be set up in DNS (and this should be documented) | |
| ################################################################### |
fapestniegd
/ gist:740920
Created
December 14, 2010 19:21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "test"|openssl dgst -sha1 -sign /etc/ssl/private/$(hostname -f).key -out /tmp/test.sha1 | |
| openssl x509 -pubkey -noout -in /etc/ssl/certs/$(hostname -f).pem> /tmp/pubkey.pem | |
| echo "test"|openssl dgst -sha1 -verify /tmp/pubkey.pem -signature /tmp/test.sha1 | |