This is an automated report from petzi. Recent changes to /root/ChangeLog: 44 -rw-r--r-- 1 root root 42201 2010-06-26 17:43 /root/ChangeLog
diff -u /var/cache/diffmon/old_file_dir/petzi:!root!ChangeLog.gz /root/ChangeLog --- /tmp/diffmon10159 2010-06-27 06:25:02.000000000 +0200 +++ /root/ChangeLog 2010-06-26 17:43:14.000000000 +0200 @@ -1,6 +1,25 @@ +2010-06-26 Beuc + + * Moved bart/chroot/www to an independent VServer + + * Replaced bart with bart/chroot/db, as 'gna-db' + + * Merged bart's ChangeLog with this one + + * Update backup exclusion rules at [email protected] + accordingly + + *** All the old chroot-based setup is gone! *** + + * Upgrade gna-db etch->lenny + + * Install openssh-server in gna-db for backup purposes (in the + past, it was done through bart) + 2010-06-24 Beuc - * Replaced lisa with lisa/chroot/download, as 'gna-sftp' + * Replaced lisa with lisa/chroot/download, as + 'gna-sftp' (download, arch, homepage) * Merged lisa's ChangeLog with this one @@ -348,6 +367,10 @@ /vservers/gna-subversion, as was done in lisa - I forgot to duplicate this job when I migrated subversion to VServer. +2009-10-12 Beuc (in bart) + + * Revoved /etc/cron.weekly/exim-stats (moved to mail.gna.org) + 2009-10-10 Beuc * Suppress error output when restarting syslog-ng from @@ -357,6 +380,23 @@ * gna-subversion: Removed AllowOverride call within <Location>, which caused a warning in /etc/apache2/conf.d/websvn . +2009-10-10 Beuc (in bart) + + * Removed reference to deleted list 'ucl-announce' in the DB + (mail_group_list), causing errors in + sv_mailman_and_mailarchivedotcom + +2009-10-10 Beuc (in bart) + + * Removed reference to deleted list 'miniftpd-dev' in the DB + (mail_group_list), causing errors in + sv_mailman_and_mailarchivedotcom + +2009-10-06 Beuc (in bart) + + * Dans MySQL, suppression de l'utilisateur ''@'%' qui a accès + complet sur Savannah + 2009-10-03 Beuc * Moved SVN to a separate VServer @@ -407,6 +447,11 @@ * Unslaved cvs, arch and subversion (i.e. purged gnapgnap-slave there) +2009-10-01 Beuc (in bart) + + * Upgraded bart to new gnapgnap-bart and gnapgnap-master packages + (but not the chroot subsystems) + 2009-09-29 Beuc * Internal mail is now OK, but external mail can get delayed for @@ -530,6 +575,12 @@ La RAM passe de 2 à 4G, les 4 barettes sont identiques (cette fois). +2009-09-04 Beuc (in bart) + + * Restarted mail's apache-ssl, which was started when shorewall + was emptied by 'vserver bart stop' just before, causing a DNS + timeout, causing apache-ssl not to start + 2009-09-03 Beuc (in lisa) * Restarted lisa to take the locks cleaning into account @@ -538,6 +589,10 @@ dependencies in the gnapgnap packages, so I just disabled it for now. +2009-09-03 Beuc (in bart) + + * Restarted bart to take the locks cleaning into account + 2009-09-02 Beuc (in lisa) * Applied MySQL security update. More often than not, it was an @@ -549,6 +604,15 @@ * Fixedboot clean-up for chroot so it removes ".clean" files in /var/lock/ on start-up, allowing the clean-up task to work. +2009-09-02 Beuc (in bart) + + * Applied MySQL security update + + * Removed stale lock for the mail archives cron job + + * Fixed boot clean-up for chroot so it removes ".clean" files in + /var/lock/ on start-up, allowing the clean-up task to work. + 2009-08-31 Dennis (in lisa) * /etc/xinetd.d/rsync on lisa.g.o contained invalid chars in the @@ -557,6 +621,14 @@ * Ran /usr/local/bin/homepage-update.pl on homepage.g.o +2009-08-30 Beuc (in bart) + + * Security upgrades in 'www' + + * Security upgrades in 'mail'; attempted to upgrade to volatile's + spamassassin 3.2, but since it doesn't run anymore, I reverted to + the previous 3.1 version. + 2009-08-29 Beuc * Changed all IPs to 192.168.11.0/24 (same last digit) - to ease @@ -583,6 +655,61 @@ * Remove deprecated KERNEL_RINGBUF_SIZE parameter in /etc/default/syslog-ng which triggers a warning on boot. +2009-08-29 Beuc (in bart) + + * Changed all IPs to 192.168.11.0/24 (same last digit) - to ease + IP migration next month, and physical location change later + + * Etch security updates + + * Removed some unused or pre-etch packages: ash base-config + busybox console-common console-data console-tools cramfsprogs dash + db4.2-util dnsutils dpkg-awk elinks fakeroot gcc-3.3-base gettext + gettext-el host html2text i2c-2.4.27-3-686-smp initramfs-tools + initrd-tools kernel-image-2.4-686-smp + kernel-image-2.4.27-3-686-smp klibc-utils libapr0 libbind9-0 + libc6-i686 libconsole libdb1-compat libdb3 libdns16 libdns22 + libdns5 libglib1.2 libice6 libisc11 libisc4 libisc7 libisccc0 + libisccfg1 libklibc liblua50 liblualib50 liblwres1 liblwres9 + libmysqlclient12 libneon24 libnewt0 libsigc++-1.2-5c102 libsm6 + libsnmp5 libssl0.9.7 libstdc++2.10-glibc2.2 libstdc++5 libsvn0 + libxext6 libxi6 libxmu6 libxmuu1 libxp6 libxrandr2 libxrender1 + libxt6 libxtrap6 libxtst6 links-ssl linux-image-2.6.18-4-686 + linux-image-2.6.18-5-686 lm-sensors-2.4.27-3-686-smp modconf + ntpdate openssl shellutils slang1a-utf8 strace telnet whiptail + x86info xaw3dg xbitmaps xcursor-themes xlibs-data + + * Remove dsbl.org from the Exim blacklists: "DSBL is GONE and + highly unlikely to return" -- dsbl.org + +2009-08-27 Beuc (in bart) + + * Fix chroot_* start-up scripts to they can be used when the + system is shutdown too (KXX... scripts) + + * Remove deprecated KERNEL_RINGBUF_SIZE parameter in + /etc/default/syslog-ng which triggers a warning on boot. + +2009-08-26 Beuc (in bart) + + * Installed rcconf + + * In /etc/init.d, renamed db_chroot.sh to chroot_db, www_chroot.sh + to chroot_www, mail_chroot.sh to chroot_mail to 1) spot all the + chroot_* start-up scripts at once and 2) make rcconf happy because + it didn't like the .sh extension + + * Installed /etc/rc?.d/ symlinks for the chroot_* init scripts in + all runlevels, using rcconf. + + * Removed DES passphrase on www's private key (used for https), + which requires manually entering the passphrase each time we + restarted the service (openssl rsa -in key.pem > key-nopass.pem). + + * Apparently bart turns read-only when the vserver is stopped - + needs investigating, but not tonight. Fix using: + remount -o remount,rw /var/.... + 2009-08-24 Beuc * Lenny updates, including new kernel that fixes recent user->root @@ -596,6 +723,17 @@ '!~ODebian' | grep '^i' | cut -b5- | awk '{ print $1 }'`). Didn't touch xen stuff. +2009-08-21 Beuc (in bart) + + * Made myself admin in the web interace so I can close support + requests I reply to :P + +2009-08-17 Beuc (in bart) + + * Fix list 'project': + withlist -l -r fix_url project -u mail.gna.org + (was using old :8080 url which messed web forms) + 2009-08-15 Beuc (in lisa) * Removed obsolete (non-etch && non-gnap, or unused libs) @@ -614,9 +752,12 @@ * Disabled logalert which is just spamming private@ these days -2009-08-15 Beuc +2009-08-15 Beuc (in bart) - * Cf. ChangeLog in bart, maggie + * Purged old messages in support-requests@, mailman@, postmaster@, + news@ + + * Disabled logalert which is just spamming private@ these days 2009-08-14 Beuc (in lisa) @@ -665,6 +806,13 @@ during the backup (mass chgrp from within each chroot, based on /usr/lib/perl5/Savane/$VCS.pm). +2009-06-10 Beuc (in bart) + + * /etc/apache-ssl/httpd.conf: disable forced http->https + redirection: allows ssl-less browsers to connect, and avoid the + crytpo overhead of SSL; we might get more crawlers traffic, maybe + have an additional redirection that keep those on http + 2009-07-30 Beuc * Lance bart/mail qui n'a pas été redémarré après la coupure de @@ -678,6 +826,11 @@ perl-doc perl-modules python2.5 python2.5-minimal ssmtp util-vserver (security) +2008-11-29 Mathieu Roy <[email protected]> (in bart) + * dist-upgrade. + * put back gna-selfsigned certificates, as the other one prevents + apache from starting. + 2008-11-17 17:55 [email protected] * Finished half-done Etch->Lenny upgrade. Now keeping Etch's Linux @@ -701,10 +854,16 @@ * Finished dist-upgrade to Lenny, after [email protected] started the move by mistake. +2008-09-08 Vincent Caron <[email protected]> (in bart) + * aptitude remove ud + 2008-08-01 11:23 [email protected] * change /etc/default/snmpd for listening in lan ip +2008-06-20 Mathieu Roy <[email protected]> (in bart) + * ~/.ssh/authorized_keys regenerated from proposed_keys. + 2008-05-15 20:59 [email protected] * aptitude update $todo (security) @@ -713,6 +872,9 @@ * aptitude update (security) +2008-04-01 Mathieu Roy <[email protected]> (in bart) + * dist-upgrade. + 2008-03-28 22:18 [email protected] * aptitude update cpio libc6 libsnmp-base libsnmp9 @@ -735,6 +897,13 @@ libss2 libuuid1 linux-image-2.6.18-5-amd64 locales lvm2 mount tzdata util-linux +2008-01-08 Vincent Caron <[email protected]> (in bart) + * /etc/apt/sources.list: added logalert deb repo + * apt-get upgrade + +2008-01-03 Mathieu Roy <[email protected]> (in bart) + * dist-upgrade. + 2007-11-27 21:22 [email protected] * aptitude update linux-image-2.6-amd64 perl perl-base perl-modules @@ -749,6 +918,10 @@ * aptitude update debian-archive-keyring debootstrap initramfs-tools libc6 locales lsb-base + +2007-08-25 Mathieu Roy <[email protected]> (in bart) + * dist-upgrade. + * ssl certificates renewed. 2007-05-19 14:24 [email protected] @@ -776,3 +949,357 @@ * apt-get install ssh less vim lvm2 ntpdate ntp-simple +*** bart *** + +2007-06-03 Mathieu Roy <[email protected]> + * ssl certificates renewed. + * kernel upgraded. + +2007-04-09 Mathieu Roy <[email protected]> + * dist-upgrade to Debian 4.0 (etch). + * upgrade to linux 2.6. + +2006-12-27 Vincent Caron <[email protected]> + * /etc/seeyoulater.conf.pl: changed hostname from 'localhost' to + '127.0.0.1', forcing an IP-based MySQL connection (socket is not + available from outside the MySQL chroot) + +2006-09-22 Mathieu Roy <[email protected]> + * /chroot/db/etc/mysql/my.cnf max_allowed_packet set to 3M for the + server (useful for Savane file upload). + +2006-09-15 Mathieu Roy <[email protected]> + * logrotate now is daily by default. daemon.log and auth.log are + getting too big. + +2006-06-04 Mathieu Roy <[email protected]> + * Added .newloc files planning the nextcoming migration. + +2006-03-24 Mathieu Roy <[email protected]> + * Installed new 2.4 kernel (see DSA), remove old kernels. + +2005-12-18 Mathieu Roy <[email protected]> + * lm-sensors activated. + +2005-12-06 Mathieu Roy <[email protected]> + * Savane upgrade to 1.3 on all systems. + +2005-11-28 Mathieu Roy <[email protected]> + * /chroot/mail/etc/apache-ssl/http.conf: disallow access into + savane include/ + * All slave systems: add [email protected] as crontab + address. There is too much useless noise that get to private. + Most of the stuff here is interesting to be archived just in case, + not to get to our mailboxes daily. + +2005-11-18 Mathieu Roy <[email protected]> + * /chroot/mail/etc/apache-ssl/http.conf: tiny change to make + robots.txt being available! We dont want /public/spam to increase + google rank of spammers! + +2005-11-14 Mathieu Roy <[email protected]> + * /chroot/www/etc/php4/apache/php.ini tuned a bit (allow_url_fopen + = Off etc). + * Yearly reboot, to check whether the kernel shipped with sarge + runs and to check the boot process since upgrade to sarge. + +2005-11-13 Mathieu Roy <[email protected]> + * Regenerated active iptable rule with coupefeu. Latest changes in + coupefeu were applied but not saved. And since the latest reboot, + the port 2703 necessary for razor-admin was closed. As result, + we had plenty process of razor-admin, one added each week, since + the reboot. + I additionally added a timeout on the script that call razor-admin + for updates. + +2005-10-03 Mathieu Roy <[email protected]> + * upgraded mysql. + +2005-09-07 Mathieu Roy <[email protected]> + * installed kernel-image-2.4-686-smp on main system, grub + conf updated. It will be rebooted later accordingly to task #1995. + +2005-07-09 Mathieu Roy <[email protected]> + * mail upgraded to sarge. Bart as been freed of woody! :^) + +2005-07-08 Mathieu Roy <[email protected]> + * Main system migrated to sarge. Only mail remains to be upgraded. + +2005-07-08 Vincent Caron <[email protected]> + * chroot/cvs: cvs 1.11.1p1debian-12gnap1 security upgrade + +2005-06-22 Mathieu Roy <[email protected]> + * Savane is now installed with the debian packages, no longer from + the source code. It is documented in the gnapgnap package. + +2005-06-07 Mathieu Roy <[email protected]> + * Migrated to sarge: db and www. + (mail is the latest on the upgrade list) + +2005-06-06 Vincent Caron <[email protected]> + * Switched APT sources from 'stable' to 'Woody' (migration has to + be prepared and planned a bit) + * apt-got update (gzip: late security update from 2004/11!) + +2005-06-03 Vincent Caron <[email protected]> + * Apt-got-all update (chkrootkit from sarge + mysql Woody 3.0r6 + update) + +2005-05-26 Vincent Caron <[email protected]> + * Apt-get update (cvs 1.11.1p1debian-10gnap1) + +2005-03-21 Mathieu Roy <[email protected]> + * Remove anacron: looks like it quite badly handles load, and + since the box is up 24h/24... + +2005-03-13 Mathieu Roy <[email protected]> + * Activate mod_throttle in www and mail system, restricting + to 50 request that can be issued from on IP in one second. + This should avoid load increased caused by crapping crawler, + wget commands... + (in fact, restricting to 43 on www) + +2005-02-04 Mathieu Roy <[email protected]> + * Remove 'news' user on /chroot/mail system, as it makes a fuss + with the newly created mailing-list named news. And as we do + not provide news services, there's no reason for us to keep this + account. + +2004-12-06 Vincent Caron <[email protected]> + * ~/.ssh/authorized_keys: added TTimo + +2004-10-11 Vincent Caron <[email protected]> + * mysql debian security upgrade + +2004-09-16 Mathieu Roy <[email protected]> + * /usr/src/savane-www: running on test version of the CERN + branch. Not on the head! At a later point, cvs update -A run will + be necessary. + +2004-08-31 Mathieu Roy <[email protected]> + * ud apt-got. + +2004-08-21 Mathieu Roy <[email protected]> + * mysql debian upgrade. + +2004-08-18 Jean-Louis Bergamo <[email protected]> + * applied patch from debian (mysl and rsync) + +2004-07-21 Mathieu Roy <[email protected]> + * /chroot/www/etc/php4/apache/php.ini: reactivate memory_limit + after debian upgrade. + +2004-07-18 Mathieu Roy <[email protected]> + * /chroot/www/etc/php4/apache/php.ini: comment out memory_limit + to avoid remote code execution, as long as the debian package is + not available. + <http://www.net-security.org/vuln.php?id=3571> + +2004-05-27 Vincent Caron <[email protected]> + * replaced logwatch with logalert (dumb package name change) + +2004-05-17 Vincent Caron <[email protected]> + * uninstalled logcheck, logwatch is now on its own + +2004-05-13 Vincent Caron <[email protected]> + * installed logwatch, running concurrently with logcheck + +2004-04-06 Vincent Caron <[email protected]> + * www: installed swpat protestation page on frontend from + http://bh.udev.org/filez/swpat/onlinedemo2/. Simple redirection + done via DirectoryIndex in .htaccess. + +2004-03-20 Mathieu Roy <[email protected]> + * db:/etc/logrotate.d/savannah, add + /usr/local/bin/myqldumpsavannah as postrotate script, to make sure + we keep a valid dump after rotation (maybe the dedicated cronjob + should be removed). + + +2004-03-05 Mathieu Roy <[email protected]> + * db:/usr/local/bin/myqldumpsavannah, one line script to avoid an + issue when running mysqldump from a cronjob directly. + +2004-02-19 Mathieu Roy <[email protected]> + * kernel update (DSA). + * /chroot/db/etc/cron.d/savannah fix $PATH to restore dumps of the + database. + +2004-02-15 JLB <[email protected]> + * installation of snmpd agent + +2004-02-13 Mathieu Roy <[email protected]> + * /chroot/mail/var/log/exim: now rotated daily and not weekly + * fix mailman qrunner process that was blocked due to a mail not + parsable for qrunner. See [email protected] archives of today for + more information. + * add root-direct mail alias that do not rely on mailman. + +2004-02-09 Mathieu Roy <[email protected]> + * mailman: deb security update done. + +2004-02-08 Mathieu Roy <[email protected]> + * test account set up. + +2004-02-07 Mathieu Roy <[email protected]> + * Update the savannah frontend. + +2004-02-02 Mathieu Roy <[email protected]> + * pdbv installed, configured to monitor all systems. + * mhonarc for sarged installed, needed for mail addresse + obfuscation in the body of mails. + +2004-01-31 Mathieu Roy <[email protected]> + * Switch to savane. + +2004-01-28 Mathieu Roy <[email protected]> + * silenced spamd logcheck + +2004-01-27 Mathieu Roy <[email protected]> + * Fixed [support #110] logcheck checks. + +2004-01-26 Vincent Caron <[email protected]> + * updated motd + +2004-01-24 Mathieu Roy <[email protected]> + * integcheck-victim installed (now an autonomous package). + +2004-01-22 Mathieu Roy <[email protected]> + * removed yeupou, loic and zerodeux accounts, currently + they are + purposeless on lisa. If someone have a use for such an + account, he + is free to create one for himself. Until then, there no + point in + keeping an account we do not check and that could be use + without + us noticing it. + +2004-01-21 Mathieu Roy <[email protected]> + * mailing-list archival is now operational. Remains to be done: + automatic redirection of spam to the list spam, restricting access + to the private list (ideally with savannah session, but it means + that we need ssl on mail), monthly mbox archival (currently mbox + are kept in their original location). + Also, import mbox should be added. It is trivial to use the + current scripts for that, but it can work cleanly only with + a separate mbox per mail. + * reactivate eth0:1, to use 213.228.62.13 + +2004-01-20 Mathieu Roy <[email protected]> + * activate spamassassin for mail transiting on mail.gna.org. + Mails are currently only tagged. In the future, mails addressed to + mailing-list will be redirected to + * debian security update: slocate + +2004-01-19 Mathieu Roy <[email protected]> + * activate mailman, including cronjobs. + +2004-01-18 Mathieu Roy <[email protected]> + * syslog-ng installed on every systems + +2004-01-16 Mathieu Roy <[email protected]> + * add firewall rule (via coupefeu.pl) to forbid martian + packets + * hddtemp apt-got. + * logchek/ignore.d.lisa/mrtg: silenced sudo for mrtg. + +2004-01-15 vincent Caron <[email protected]> + * xinetd: removed time/daytime/discard services + +2004-01-14 Mathieu Roy <[email protected]> + * update cvs (debian security). + * integcheck installed. + +2004-01-12 Mathieu Roy <[email protected]> + * harden-* apt-got on all systems. + * fdutils ipchains mbr pciutils setserial syslinux + purged on all systems, currently useless. + * chkrootkit installed, run daily test on every + systems on bart. + +2004-01-11 Mathieu Roy <[email protected]> + * Update of the www frontend. + * Add maggie repos in apt sources, get svbequilles + -common and -bart. + * sysctl.conf: (de)activate some kernel options as + advised at + <http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html>, reboot to take effect. + * Make sure exim on bart does not start as daemon (would disallow + exim of mail to bind the port 25) + * Setup the firewall, dpkg-reconfigure iptables to + activate it at boot. The only one rule of iptables + seems questionable, please check coupefeu.pl. + + nmap -sT -PT bart returned: + + (The 1548 ports scanned but not shown below are in state: + filtered) + Port State Service + 22/tcp open ssh + 25/tcp open smtp + 80/tcp open http + 443/tcp open https + 3306/tcp open mysql + 8080/tcp open http-proxy + +2004-01-08 Mathieu Roy <[email protected]> + * bitchx removed (should be used only on maggie since maggie is + on) + * /etc/cron.hourly/update_files added (update resolv.conf for now) + * /etc/crontab: add hourly entry. + * anacron apt-got. + +2004-01-07 Vincent Caron <[email protected]> + * upgraded physical memory to 1GB + +2004-01-05 Mathieu Roy <[email protected]> + * grub, kernel 2.4.18 smp apt-got and running. + * gcc and dev libs removed, maggie only should be used to compile + software. + +2004-01-05 Mathieu Roy <[email protected]> + * lftp upgraded (debian security). + * checks on reboot: every daemon seems to restart correctly. + * bitchx, screen apt-got. + +2004-01-04 Mathieu Roy <[email protected]> + * exim4: build package in /usr/src, installed on /chroot/mail + * lftp, gcc, libc6-dev, libdb3-dev, dpkg-dev, debhelper, hdparm, + equivs apt-got. + * exim3 is installed everywhere for delivery that comes only from + localhost. + * exim4, on mail system, will do the contrary: accept mail from + the outside but only for local recipients. + +2004-01-03 Mathieu Roy <[email protected]> + * emacs21, emacs-goodies-el, mailutils, wget, gawk, rcs, + darius-admin, links-ssl, lynx-ssl, popularity-contest, xinetd + apt-got. + * .emacs.el added, .bashrc completed. + * sshd_config: forbid login by password + * user yeupou,loic,zerodeux created, with no password but + authorized_keys. + * apt-get-all function created, that is a apt-get that act on + every systems on bart. + * /root/doc created, where we should describe how we installed the + system, to ease reinstallation. + * /chroot/* debian chrooted systems installed, following + doc/howto-install-debian-in-chroot-partitions + * /chroot/db: install mysql-server (include perl in deps), set + the password to 77proc (more info in doc/howto-install-db...) + * /chroot/www: install apache-ssl, php4 (include perl in deps), + configure http+https (more info in doc/howto-install-www...) + * /etc/xinetd.conf: exim devient chrooté + * /chroot/mail: install exim, ... in progress + +2004-..-.. Vincent Caron <[email protected]> + + This machine is a 'Debian Woody base install', plus the following + details : + + * apt-got less ntpdate ssh + * installed custom /root/.bashrc + * installed pubkeys in /root/.ssh/authorized_keys (Loic, Mathieu, + Vincent) + * exim configured as dummy local relay only
_______________________________________________ Project mailing list [email protected] https://mail.gna.org/listinfo/project
