Difference between revisions of "TSL"

From Department of Computer Science
 
(13 intermediate revisions by 2 users not shown)
Line 10: Line 10:
 
; Security Lug on PC: pc44
 
; Security Lug on PC: pc44
 
; Low Memory (256M): pc55
 
; Low Memory (256M): pc55
 +
; Bad HDD / BIOS: pc84
 +
; BIOS Locked: pc79
  
 
=== Known Unreliable machines ===
 
=== Known Unreliable machines ===
Line 23: Line 25:
  
 
=== Row 1 ===
 
=== Row 1 ===
;Working: 7
+
;Working: 6
 
;Power: pc48
 
;Power: pc48
 +
;No Power button: pc to the left of it
  
 
=== Row 2 ===
 
=== Row 2 ===
; Working: 8
+
; Working: 7
 +
; Missing: 1
  
 
=== Row 3 ===
 
=== Row 3 ===
Line 36: Line 40:
  
 
=== Row 5 ===
 
=== Row 5 ===
; Working: 6
+
; Working: 4
 
; Missing: 2
 
; Missing: 2
 +
; Dead HDD: pc77
 +
; Mouse cut: pc82
 +
; VGA cut: pc-missing
  
 
=== Row 6 ===
 
=== Row 6 ===
; Working: 4
+
; Working: 3
 +
; Missing: 1
 +
; All cables need tying
  
 
=== Long Row 1 ===
 
=== Long Row 1 ===
 
(by windows)
 
(by windows)
; Working: 14
+
; Working: 16
; Missing: 4
+
; Missing: 0
 +
; No flylead: pc02
 +
; Lock doesn't attach pc to desk: pc31
  
 
=== Long Row 2 ===
 
=== Long Row 2 ===
 
; Working: 15
 
; Working: 15
 
; Missing: 1
 
; Missing: 1
 +
; Dusty: pc30
 +
; No power button: next to pc40
  
 
== Wishlist for next rollout ==
 
== Wishlist for next rollout ==
Line 468: Line 481:
 
* any MTA
 
* any MTA
 
* old kernels
 
* old kernels
* network-manager, gdm-guest-session
 
 
* shut down unnecessary services
 
* shut down unnecessary services
 
* Spring clean /etc/xdg/autostart
 
* Spring clean /etc/xdg/autostart
Line 477: Line 489:
 
Configure:
 
Configure:
 
* /etc/apt/sources.list
 
* /etc/apt/sources.list
  deb http://ftp.leg.uct.ac.za/ubuntu jaunty main universe multiverse restricted
+
  deb http://ftp.leg.uct.ac.za/ubuntu lucid main universe multiverse restricted
  deb http://ftp.leg.uct.ac.za/ubuntu jaunty-updates main universe multiverse restricted
+
  deb http://ftp.leg.uct.ac.za/ubuntu lucid-updates main universe multiverse restricted
  deb http://ftp.leg.uct.ac.za/ubuntu jaunty-security main universe multiverse restricted
+
  deb http://ftp.leg.uct.ac.za/ubuntu lucid-security main universe multiverse restricted
  deb http://ftp.leg.uct.ac.za/medibuntu jaunty free non-free
+
  deb http://ftp.leg.uct.ac.za/medibuntu lucid free non-free
  deb http://tsl.uct.ac.za/repo tsl main
+
  deb http://ftp.leg.uct.ac.za/pub/linux/tsl-ppa lucid main
* /etc/network/interfaces
+
* Install
  auto lo
+
  medibuntu-keyring, tsl-desktop
iface lo inet loopback
 
 
auto eth0
 
iface eth0 inet dhcp
 
 
* /etc/openntpd/ntpd.conf
 
* /etc/openntpd/ntpd.conf
 
  server ntp1.uct.ac.za
 
  server ntp1.uct.ac.za
Line 505: Line 513:
 
  URI = http://ftp.leg.uct.ac.za/pub/linux/ubuntu-changelogs/leg/meta-release
 
  URI = http://ftp.leg.uct.ac.za/pub/linux/ubuntu-changelogs/leg/meta-release
 
  URI_LTS = http://ftp.leg.uct.ac.za/pub/linux/ubuntu-changelogs/leg/meta-release-lts
 
  URI_LTS = http://ftp.leg.uct.ac.za/pub/linux/ubuntu-changelogs/leg/meta-release-lts
* /etc/yp.conf
+
* /etc/apt/apt.conf.d/50unattended-upgrades
  ypserver 137.158.56.6
+
Unattended-Upgrade::Allowed-Origins {
 +
        "Ubuntu lucid-security";
 +
        "Ubuntu lucid-updates";
 +
        "Ubuntu lucid";
 +
        "Medibuntu lucid";
 +
        "LP-PPA-stefanor-tsl lucid";
 +
  };
 +
Unattended-Upgrade::Remove-Unused-Dependencies "true";
 +
Unattended-Upgrade::Automatic-Reboot "true";
 +
* /etc/grub.d/01_tsl_password
 +
#!/bin/sh
 +
set -e
 +
cat << EOF
 +
set superusers="root"
 +
password_pbkdf2 root grub.pbkdf2.sha512.10000.3712EBD4A97D0FAAA7008F8AB0FFDB733EFB913434799BC1A5E1CE2C91345A61E06BE8A1C8F9276AD46B99B7DE721B00151318B186DD33104239DF4161936A1A.7F07A1B5B046FBA4F6BE254C3923A391B2D668CF6F074C78FC77D9613434FA4F8F12E74F8A2DC74B85CBAC590F1B92A5AC285035D6915AD0A8FFE676FFC85F5D
 +
EOF
 +
 
 
* /etc/nsswitch.conf
 
* /etc/nsswitch.conf
  passwd:        nis files
+
  passwd:        files ldap
  group:          compat nis files
+
  group:          files ldap
  shadow:        nis files
+
  shadow:        files ldap
 
* /etc/fstab:
 
* /etc/fstab:
 
  tsl.uct.ac.za:/home /home nfs rw,sync 0 0
 
  tsl.uct.ac.za:/home /home nfs rw,sync 0 0
 
* /etc/ldap.conf:
 
* /etc/ldap.conf:
  uri ldaps://ucttldap1.uct.ac.za/ ldaps://ucttldap2.uct.ac.za/ ldaps://ucttldap3.uct.ac.za/
+
  base dc=tsl,dc=uct,dc=ac,dc=za
  base  ou=main, o=uct
+
uri ldaps://tsl.uct.ac.za/
pam_filter objectclass=ndsloginproperties
+
  ldap_version 3
pam_login_attribute cn
+
  pam_password md5
  pam_password nds
 
 
  tls_checkpeer no
 
  tls_checkpeer no
 
* /etc/security/group.conf
 
* /etc/security/group.conf
Line 531: Line 554:
 
* /etc/firefox-homepage.properties
 
* /etc/firefox-homepage.properties
 
  browser.startup.homepage=http://www.tsl.uct.ac.za/
 
  browser.startup.homepage=http://www.tsl.uct.ac.za/
* sudo -u gdm gconftool-2 --set --type boolean /apps/gdm/simple-greeter/disable_user_list true
 
 
* /etc/gconf/gconf.xml.mandatory/%gconf-tree.xml
 
* /etc/gconf/gconf.xml.mandatory/%gconf-tree.xml
 
  <nowiki><?xml version="1.0"?>
 
  <nowiki><?xml version="1.0"?>
Line 539: Line 561:
 
  <dir name="preferences">
 
  <dir name="preferences">
 
  <entry name="thumbnail_limit" mtime="1252410114" type="int" value="512000"/>
 
  <entry name="thumbnail_limit" mtime="1252410114" type="int" value="512000"/>
 +
</dir>
 +
</dir>
 +
<dir name="gdm">
 +
<dir name="simple-greeter">
 +
<entry name="banner_message_enable" mtime="1268226887" type="bool" value="true"/>
 +
<entry name="banner_message_text" mtime="1268226887" type="string">
 +
<stringvalue>Any problems? Email help@tsl.uct.ac.za</stringvalue>
 +
</entry>
 +
<entry name="disable_user_list" mtime="1268226887" type="bool" value="true"/>
 
  </dir>
 
  </dir>
 
  </dir>
 
  </dir>
Line 589: Line 620:
 
  </gconf>
 
  </gconf>
 
</nowiki>
 
</nowiki>
 +
* chmod 500 /var/lib/gdm/.gconf
 +
* /var/lib/gdm/.gconf.path
 +
# treat system-wide settings as mandatory
 +
xml:readonly:/etc/gconf/gconf.xml.system
 +
 +
# override some settings
 +
# we treat settings in this location as
 +
# owned by GDM.  Sysadmins should create
 +
# another source if they wish to override them.
 +
xml:readonly:$(HOME)/.gconf.mandatory
 +
 +
# distribution default values
 +
xml:readonly:$(HOME)/.gconf.defaults
 
* /etc/cntlm.conf
 
* /etc/cntlm.conf
 
  Domain          WF
 
  Domain          WF
Line 594: Line 638:
 
  Listen          8080
 
  Listen          8080
 
  NTLMToBasic    yes
 
  NTLMToBasic    yes
 
=== Groupwise ===
 
* extract to /tmp/ somewhere
 
* alien novell-groupwise-gwcheck-8.0.0HP-87328.i586.rpm
 
* dpkg -i novell-groupwise-gwclient_8.0.0HP-87329_i386.deb
 
* rm /opt/novell/groupwise/client/jre/
 
* ln -s /usr/lib/jvm/java-6-sun/jre /opt/novell/groupwise/client/
 
* Edit /usr/share/applications/gwclient.desktop
 
Exec=/opt/novell/groupwise/client/bin/groupwise --ipa=ngwnameserver.uct.ac.za
 
 
=== JGrasp ===
 
* Extract to /opt/jgrasp
 
* ln -s /opt/jgrasp/bin/jgrasp /usr/local/bin
 
* /usr/local/share/applications/jgrasp.desktop
 
[Desktop Entry]
 
Name=jGRASP IDE
 
Comment=Integrated Development Environment
 
Exec=/usr/local/bin/jgrasp
 
Icon=/opt/jgrasp/data/gric48.png
 
Categories=Development;Java;IDE;
 
Terminal=false
 
Type=Application
 
StartupNotify=true
 
 
=== ArgoUML ===
 
* Extract to /opt/argouml-0.28.1/
 
* unzip -j argouml.jar org/argouml/Images/ArgoIcon32x32.png
 
* ln -s /opt/argouml-0.28.1/argouml.sh /usr/local/bin/argouml
 
* /usr/local/share/applications/argouml.desktop
 
[Desktop Entry]
 
Name=ArgoUML
 
Comment=UML Modelling tool
 
Exec=/usr/local/bin/argouml
 
Icon=/opt/argouml-0.28.1/ArgoIcon32x32.png
 
Terminal=0
 
Type=Application
 
Categories=Java;Development;
 
 
=== CUDA Emulator ===
 
 
* Download cuda-toolkit from nvidia
 
* Install to /opt
 
* ln -s /opt/cuda/bin/* /usr/local/bin
 
  
 
=== Pre-imaging ===
 
=== Pre-imaging ===
  
* /usr/local/sbin/post-image
 
<nowiki>
 
#!/bin/sh -e
 
 
echo Generating new OpenSSH host keys
 
rm /etc/ssh/ssh_host_[rd]sa_key*
 
ssh-keygen -q -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
 
ssh-keygen -q -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
 
rm /etc/rcS.d/S99post-image
 
</nowiki>
 
* ln -s /usr/local/sbin/post-image /etc/rcS.d/S99post-image
 
 
* Remove the two lines from /etc/udev/rules.d/70-persistent-net.rules
 
* Remove the two lines from /etc/udev/rules.d/70-persistent-net.rules
 +
* A bunch of other useful things to remove: http://live.debian.net/gitweb?p=live-build.git;a=blob;f=scripts/build/lb_chroot_hacks

Latest revision as of 16:10, 12 October 2011

TSL Todo list

  • Set BIOS passwords
  • Lock down network ports (MAC address)
  • Install replaced / fixed computers
  • Roll out Karmic

Current problems

Power Sockets
pc44
Security Lug on PC
pc44
Low Memory (256M)
pc55
Bad HDD / BIOS
pc84
BIOS Locked
pc79

Known Unreliable machines

pc59
Unknown (2 Oct 2009)
pc09
Bad network card, sensitive to cable position (2 Oct 2009)
pc69
Thermal event (9 Oct 2009)
pc07
BIOS Battery? (9 Oct 2009)
pc21
BIOS Battery? (9 Oct 2009)
pc76
Cold boot reqd (16 Oct 2009)
pc46
Broken facade (16 Oct 2009)
pc16
BIOS Battery? (16 Oct 2009)
pc56
Lock cable doesn't pass through loop

Row 1

Working
6
Power
pc48
No Power button
pc to the left of it

Row 2

Working
7
Missing
1

Row 3

Working
8

Row 4

Working
8

Row 5

Working
4
Missing
2
Dead HDD
pc77
Mouse cut
pc82
VGA cut
pc-missing

Row 6

Working
3
Missing
1
All cables need tying

Long Row 1

(by windows)

Working
16
Missing
0
No flylead
pc02
Lock doesn't attach pc to desk
pc31

Long Row 2

Working
15
Missing
1
Dusty
pc30
No power button
next to pc40

Wishlist for next rollout

Image

Paste the source of the following into:

sed -ne 's/^* // p' | tr '\n' ' '; echo

to get a list you can install

Not available in Karmic, but wanted in future

  • eclipse-cdt
  • eclipse-pydev
  • dillo
  • trayer

Games

  • bsdgames
  • bzflag
  • dosbox
  • einstein
  • frozen-bubble
  • gnome-games
  • gtetrinet
  • kobodeluxe
  • neverball
  • nexuiz
  • openarena
  • openttd
  • pingus
  • scummvm
  • teeworlds
  • tetrinet-client
  • wesnoth
  • wormux
  • xmoto

Themes

  • arc-colors
  • community-themes
  • gdm-themes
  • gnome-backgrounds
  • gnome-colors
  • gnome-themes
  • gnome-themes-extras
  • gnome-themes-more
  • metacity-themes
  • shiki-colors

Editors

  • anjuta
  • bluefish
  • codeblocks
  • eclipse
  • eclipse-cdt
  • eclipse-pydev
  • emacs
  • emacs-snapshot
  • emacs-goodies-el
  • eric
  • geany
  • idle
  • idle-python2.5
  • idle3
  • joe
  • kate
  • kdevelop
  • lyx
  • monodevelop
  • monodevelop-java
  • netbeans
  • scite
  • spe
  • vim-gtk
  • vim-nox
  • vim-latexsuite
  • vim-vimoutliner
  • xemacs21

Docs

  • ant-doc
  • apache2-doc
  • aspell-doc
  • autoconf-doc
  • automake1.9-doc
  • bash-doc
  • cdrkit-doc
  • ddd-doc
  • devhelp
  • diveintopython
  • doxygen-doc
  • flex-doc
  • gawk-doc
  • gcc-doc
  • gdb-doc
  • git-doc
  • glut-doc
  • gmp-doc
  • gnuplot-doc
  • graphviz-doc
  • gtkmm-documentation
  • haskell-doc
  • jlint-doc
  • libboost-doc
  • manpages-dev
  • octave-doc
  • perl-doc
  • php-doc
  • python-doc
  • python-matplotlib-doc
  • python-numpy-doc
  • python-qt4-doc
  • qt4-doc
  • r-doc-html
  • rubybook
  • splint-doc-html
  • stl-manual
  • sun-java6-doc
  • tidy-doc
  • xchm
  • zsh-doc

Version Control

  • cvs
  • bzr
  • bzr-gtk
  • bzr-svn
  • bzrtools
  • darcs
  • git-core
  • meld
  • mercurial
  • subversion
  • subversion-tools
  • svk

Debugging

  • ddd
  • d-feet
  • lsof
  • ltrace
  • strace
  • valgrind

Programming

  • ant
  • ant-optional
  • bicyclerepair
  • bison
  • bpython
  • bsh
  • build-essential
  • clisp
  • cmake
  • csstidy
  • devscripts
  • dh-make
  • docbook
  • flex
  • freeglut3-dev
  • fpc
  • gcc-4.1
  • gdc
  • g++-4.1
  • gengetopt
  • ghc
  • gnome-devel
  • gnuplot
  • graphviz
  • ipython
  • jlint
  • kiki
  • libboost-dev
  • libcurl4-openssl-dev
  • libghc6-xmonad-dev
  • libgtkmm-2.4-dev
  • libphobos-4.2-dev
  • libqt4-dev
  • libqwt-dev
  • libsdl-console-dev
  • libsdl-dev
  • libsdl-gfx1.2-dev
  • libsdl-image1.2-dev
  • libsdl-mixer1.2-dev
  • libsdl-net1.2-dev
  • libsdl-pango-dev
  • libsdl-sound1.2-dev
  • libsdl-stretch-dev
  • libsdl-ttf2.0-dev
  • linklint
  • malbolge
  • mesa-utils
  • mono-debugger
  • octave
  • perltidy
  • php5-cli
  • php5-tidy
  • posh
  • pyflakes
  • pylint
  • python3
  • python-all-dev
  • python-beautifulsoup
  • python-celementtree
  • python-configobj
  • python-crypto
  • python-dateutil
  • python-django
  • python-fuse
  • python-gmpy
  • python-html5lib
  • python-jinja
  • python-matplotlib
  • python-profiler
  • python-psyco
  • python-pydot
  • python-pygame
  • python-pysqlite2
  • python-qt4
  • python-sphinx
  • python-simplejson
  • python-scipy
  • python-soappy
  • python-sqlalchemy
  • python-turbogears
  • python-twisted
  • python-visual
  • qt4-designer
  • r-recommended
  • ruby-full
  • ruby-gnome2
  • ruby-kde4
  • speedcrunch
  • splint
  • sun-java6-jdk
  • sun-java6-plugin
  • tidy
  • texlive-full
  • wxmaxima

Command Line

  • ascii
  • ack-grep
  • cadaver
  • clusterssh
  • cowsay
  • curl
  • dot2tex
  • elinks
  • figlet
  • fortune-mod
  • hping3
  • htop
  • indent
  • imagemagick
  • irssi
  • links
  • links2
  • lftp
  • lynx
  • manpages
  • moreutils
  • mtr-tiny
  • openssl
  • p7zip-full
  • p7zip-rar
  • pdfjam
  • pdftk
  • poppler-utils
  • pssh
  • pwgen
  • qemu
  • quota
  • rsync
  • screen
  • sl
  • socat
  • star
  • toilet
  • traceroute
  • tsocks
  • units
  • unrar
  • unzip
  • w3m
  • whois
  • zsh

System

  • alien
  • cntlm
  • fusedav
  • fuseiso
  • fusesmb
  • ldap-auth-client
  • ldap-utils
  • ncpfs
  • nis
  • nfs-common
  • openntpd
  • openssh-server
  • smartmontools
  • sshfs
  • tmpreaper
  • wbritish

Databases

  • mysql-client
  • mysql-doc-5.0
  • libmysqlclient-dev
  • libmysql++-dev
  • libpg-java
  • libpq-dev
  • libpqxx-dev
  • libsqlite-dev
  • php5-mysql
  • php5-sqlite
  • php5-pgsql
  • postgresql-client
  • postgresql-doc
  • python-mysqldb
  • python-psycopg2
  • sqlite3
  • sqlite3-doc

Other

  • abiword
  • amarok
  • blender
  • dia
  • dwm-tools
  • epiphany-browser
  • flashplugin-nonfree
  • fluxbox
  • gajim
  • gnumeric
  • gwibber
  • impressive
  • inkscape
  • konsole
  • konqueror
  • konversation
  • linuxdcpp
  • midori
  • openoffice.org-draw
  • openoffice.org-pdfimport
  • pcmanfm
  • pdfedit
  • pidgin-plugin-pack
  • planner
  • rdesktop
  • scribus
  • stalonetray
  • ubuntu-restricted-extras
  • wine
  • yakuake
  • xchat
  • xtightvncviewer
  • xmonad

Multimedia

  • ffmpeg
  • non-free-codecs
  • libavdevice-unstripped-52
  • libavfilter-unstripped-0
  • libavformat-unstripped-52
  • mencoder
  • mplayer
  • vlc
  • youtube-dl

Fonts

  • ttf-aenigma
  • ttf-atarismall
  • ttf-beteckna
  • ttf-breip
  • ttf-droid
  • ttf-dustin
  • ttf-ecolier-court
  • ttf-ecolier-lignes-court
  • ttf-engadget
  • ttf-essays1743
  • ttf-f500
  • ttf-fifthhorseman-dkg-handwriting
  • ttf-georgewilliams
  • ttf-goudybookletter
  • ttf-inconsolata
  • ttf-isabella
  • ttf-jsmath
  • ttf-junicode
  • ttf-konatu
  • ttf-larabie-deco
  • ttf-larabie-straight
  • ttf-larabie-uncommon
  • ttf-linux-libertine
  • ttf-marvosym
  • ttf-mscorefonts-installer
  • ttf-ocr-a
  • ttf-oflb-asana-math
  • ttf-oflb-euterpe
  • ttf-radisnoir
  • ttf-sil-gentium
  • ttf-sil-gentium-basic
  • ttf-sjfonts
  • ttf-staypuft
  • ttf-summersby
  • ttf-tomsontalks
  • ttf-tuffy
  • ttf-ubuntu-title
  • ttf-unifont
  • ttf-xfree86-nonfree

Post Install

Get rid of:

  • any MTA
  • old kernels
  • shut down unnecessary services
  • Spring clean /etc/xdg/autostart
  • Use the PolicyKit Authorizations manager to disable suspend and hibernate for normal users.
  • rm /etc/hostname
  • Remove the 127.0.1.1 line from /etc/hosts

Configure:

  • /etc/apt/sources.list
deb http://ftp.leg.uct.ac.za/ubuntu lucid main universe multiverse restricted
deb http://ftp.leg.uct.ac.za/ubuntu lucid-updates main universe multiverse restricted
deb http://ftp.leg.uct.ac.za/ubuntu lucid-security main universe multiverse restricted
deb http://ftp.leg.uct.ac.za/medibuntu lucid free non-free
deb http://ftp.leg.uct.ac.za/pub/linux/tsl-ppa lucid main
  • Install
medibuntu-keyring, tsl-desktop
  • /etc/openntpd/ntpd.conf
server ntp1.uct.ac.za
server ntp2.uct.ac.za
server ntp3.uct.ac.za
server dreamcoat.che.uct.ac.za
server emperor.che.uct.ac.za
  • visudo
Defaults        env_reset
root    ALL=(ALL) ALL
%admin ALL=(ALL) NOPASSWD: ALL
  • /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAw4nGVrw+0uJpjJecuL8qjhm0O67ZrXux79fgN2ChdJoiB47KrIfgbWbpdHQiBWWDQjm9ttyf48/kLWwWbSW/DYKxRAH2vSCbpPaabqHB+ixaDKX9Vh8S0fNiOrZnWLwKmgnsdUV08ivk25k5d4NFSjmKvr6Dsp8RyCr+1sZfpdKOu+J1thwlNVkOFJxKxWwezgfflc/+KGbhFCH8Ya0hzellYQiX3px659Ydx4PdSGhT/Td7MK0onC1lK5X2hU3QSr49fwji06lAig1dpHeS4dnOFu2gxFRvlLZqmj31rwIVXQqoZyiIUuAs9EnFKfUVR34k5v20baXQ1bRqd4HgEQ== TSL Key
  • /etc/tmpreaper.conf
SHOWWARNING=false
  • /etc/update-manager/meta-release
URI = http://ftp.leg.uct.ac.za/pub/linux/ubuntu-changelogs/leg/meta-release
URI_LTS = http://ftp.leg.uct.ac.za/pub/linux/ubuntu-changelogs/leg/meta-release-lts
  • /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins {
        "Ubuntu lucid-security";
        "Ubuntu lucid-updates";
        "Ubuntu lucid";
        "Medibuntu lucid";
        "LP-PPA-stefanor-tsl lucid";
};
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "true";
  • /etc/grub.d/01_tsl_password
#!/bin/sh
set -e
cat << EOF
set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000.3712EBD4A97D0FAAA7008F8AB0FFDB733EFB913434799BC1A5E1CE2C91345A61E06BE8A1C8F9276AD46B99B7DE721B00151318B186DD33104239DF4161936A1A.7F07A1B5B046FBA4F6BE254C3923A391B2D668CF6F074C78FC77D9613434FA4F8F12E74F8A2DC74B85CBAC590F1B92A5AC285035D6915AD0A8FFE676FFC85F5D
EOF
  • /etc/nsswitch.conf
passwd:         files ldap
group:          files ldap
shadow:         files ldap
  • /etc/fstab:
tsl.uct.ac.za:/home	/home	nfs	rw,sync		0	0
  • /etc/ldap.conf:
base dc=tsl,dc=uct,dc=ac,dc=za
uri ldaps://tsl.uct.ac.za/
ldap_version 3
pam_password md5
tls_checkpeer no
  • /etc/security/group.conf
*;*;*;Al0000-2400; audio,floppy,video,cdrom,plugdev,fuse
  • /etc/firefox-3.[05]/pref/firefox.js
// UCT Proxy
pref("network.proxy.autoconfig_url", "http://www.uct.ac.za/cache.pac");
pref("network.proxy.type", 2);
pref("browser.cache.disk.capacity", 3000);
  • /etc/firefox-3.[05]/pref/ubufox.js
pref("browser.startup.homepage", "file:/etc/firefox-homepage.properties");
  • /etc/firefox-homepage.properties
browser.startup.homepage=http://www.tsl.uct.ac.za/
  • /etc/gconf/gconf.xml.mandatory/%gconf-tree.xml
<?xml version="1.0"?>
 <gconf>
 	<dir name="apps">
 		<dir name="nautilus">
 			<dir name="preferences">
 				<entry name="thumbnail_limit" mtime="1252410114" type="int" value="512000"/>
 			</dir>
 		</dir>
 		<dir name="gdm">
 			<dir name="simple-greeter">
				<entry name="banner_message_enable" mtime="1268226887" type="bool" value="true"/>
				<entry name="banner_message_text" mtime="1268226887" type="string">
					<stringvalue>Any problems? Email help@tsl.uct.ac.za</stringvalue>
				</entry>
				<entry name="disable_user_list" mtime="1268226887" type="bool" value="true"/>
 			</dir>
 		</dir>
 	</dir>
 	<dir name="desktop">
 		<dir name="gnome">
 			<dir name="applications">
 				<dir name="window_manager">
 					<entry name="default" mtime="1252403218" type="string">
 						<stringvalue>/usr/bin/metacity</stringvalue>
 					</entry>
 				</dir>
 			</dir>
 		</dir>
 	</dir>
 	<dir name="system">
 		<dir name="http_proxy">
 			<entry name="ignore_hosts" mtime="1252519008" type="list" ltype="string">
 				<li type="string">
 					<stringvalue>localhost</stringvalue>
 				</li>
 				<li type="string">
 					<stringvalue>127.0.0.0/8</stringvalue>
 				</li>
 				<li type="string">
 					<stringvalue>*.local</stringvalue>
 				</li>
 				<li type="string">
 					<stringvalue>137.158.0.0/16</stringvalue>
 				</li>
 				<li type="string">
 					<stringvalue>*.uct.ac.za</stringvalue>
 				</li>
 			</entry>
 			<entry name="host" mtime="1252518985" type="string">
 				<stringvalue>localhost</stringvalue>
 			</entry>
 			<entry name="use_http_proxy" mtime="1252519071" type="bool" value="true"/>
 		</dir>
 		<dir name="proxy">
 			<entry name="secure_port" mtime="1252518992" type="int" value="8080"/>
 			<entry name="secure_host" mtime="1252518987" type="string">
 				<stringvalue>localhost</stringvalue>
 			</entry>
 			<entry name="mode" mtime="1252518982" type="string">
 				<stringvalue>manual</stringvalue>
 			</entry>
 		</dir>
 	</dir>
 </gconf>

  • chmod 500 /var/lib/gdm/.gconf
  • /var/lib/gdm/.gconf.path
# treat system-wide settings as mandatory
xml:readonly:/etc/gconf/gconf.xml.system

# override some settings
# we treat settings in this location as
# owned by GDM.  Sysadmins should create
# another source if they wish to override them.
xml:readonly:$(HOME)/.gconf.mandatory

# distribution default values
xml:readonly:$(HOME)/.gconf.defaults
  • /etc/cntlm.conf
Domain          WF
Proxy           campusnet.uct.ac.za:8080
Listen          8080
NTLMToBasic     yes

Pre-imaging