Difference between revisions of "TSL"

From Department of Computer Science
(→‎System: openntpd)
 
(126 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 
== TSL Todo list ==
 
== TSL Todo list ==
  
* Shorten / tie up flyleads
+
* Set BIOS passwords
* Provide tied down flyleads in the laptop areas (areas without PCs)
+
* Lock down network ports (MAC address)
* Build new image & re-image computers
 
 
* Install replaced / fixed computers
 
* Install replaced / fixed computers
 +
* Roll out Karmic
  
 
== Current problems ==
 
== Current problems ==
;Network Sockets: SLAB013 SLAB016.
+
; Power Sockets: pc44
;Power Sockets: pc48
+
; Security Lug on PC: pc44
;Bad Images: 1,2,3,5,12,14,17,20,44,45,47,70,74
+
; Low Memory (256M): pc55
;Grub broken: 7, 8, 9, 12, 23, 35
+
; Bad HDD / BIOS: pc84
 +
; BIOS Locked: pc79
 +
 
 +
=== Known Unreliable machines ===
 +
; pc59: Unknown (2 Oct 2009)
 +
; pc09: Bad network card, sensitive to cable position (2 Oct 2009)
 +
; pc69: Thermal event (9 Oct 2009)
 +
; pc07: BIOS Battery? (9 Oct 2009)
 +
; pc21: BIOS Battery? (9 Oct 2009)
 +
; pc76: Cold boot reqd (16 Oct 2009)
 +
; pc46: Broken facade (16 Oct 2009)
 +
; pc16: BIOS Battery? (16 Oct 2009)
 +
; pc56: Lock cable doesn't pass through loop
 +
 
 +
=== Row 1 ===
 +
;Working: 6
 +
;Power: pc48
 +
;No Power button: pc to the left of it
 +
 
 +
=== Row 2 ===
 +
; Working: 7
 +
; Missing: 1
 +
 
 +
=== Row 3 ===
 +
; Working: 8
 +
 
 +
=== Row 4 ===
 +
; Working: 8
 +
 
 +
=== Row 5 ===
 +
; Working: 4
 +
; Missing: 2
 +
; Dead HDD: pc77
 +
; Mouse cut: pc82
 +
; VGA cut: pc-missing
 +
 
 +
=== Row 6 ===
 +
; Working: 3
 +
; Missing: 1
 +
; All cables need tying
 +
 
 +
=== Long Row 1 ===
 +
(by windows)
 +
; Working: 16
 +
; Missing: 0
 +
; No flylead: pc02
 +
; Lock doesn't attach pc to desk: pc31
 +
 
 +
=== Long Row 2 ===
 +
; Working: 15
 +
; Missing: 1
 +
; Dusty: pc30
 +
; No power button: next to pc40
 +
 
 +
== Wishlist for next rollout ==
  
 
== Image ==
 
== Image ==
Line 18: Line 72:
  
 
to get a list you can install
 
to get a list you can install
 +
 +
=== Not available in Karmic, but wanted in future ===
 +
* eclipse-cdt
 +
* eclipse-pydev
 +
* dillo
 +
* trayer
  
 
=== Games ===
 
=== Games ===
 
* bsdgames
 
* bsdgames
 
* bzflag
 
* bzflag
 +
* dosbox
 +
* einstein
 
* frozen-bubble
 
* frozen-bubble
 
* gnome-games
 
* gnome-games
 
* gtetrinet
 
* gtetrinet
 +
* kobodeluxe
 
* neverball
 
* neverball
 +
* nexuiz
 
* openarena
 
* openarena
 
* openttd
 
* openttd
 
* pingus
 
* pingus
 +
* scummvm
 
* teeworlds
 
* teeworlds
 
* tetrinet-client
 
* tetrinet-client
 
* wesnoth
 
* wesnoth
 
* wormux
 
* wormux
 +
* xmoto
 +
 +
=== Themes ===
 +
* arc-colors
 +
* community-themes
 +
* gdm-themes
 +
* gnome-backgrounds
 +
* gnome-colors
 +
* gnome-themes
 +
* gnome-themes-extras
 +
* gnome-themes-more
 +
* metacity-themes
 +
* shiki-colors
  
 
=== Editors ===
 
=== Editors ===
Line 39: Line 117:
 
* codeblocks
 
* codeblocks
 
* eclipse
 
* eclipse
 +
* eclipse-cdt
 +
* eclipse-pydev
 
* emacs
 
* emacs
 
* emacs-snapshot
 
* emacs-snapshot
 +
* emacs-goodies-el
 
* eric
 
* eric
 
* geany
 
* geany
 
* idle
 
* idle
 +
* idle-python2.5
 +
* idle3
 
* joe
 
* joe
 
* kate
 
* kate
 
* kdevelop
 
* kdevelop
 
* lyx
 
* lyx
 +
* monodevelop
 +
* monodevelop-java
 
* netbeans
 
* netbeans
 
* scite
 
* scite
 
* spe
 
* spe
* vim-full
+
* vim-gtk
 +
* vim-nox
 +
* vim-latexsuite
 +
* vim-vimoutliner
 
* xemacs21
 
* xemacs21
  
 
=== Docs ===
 
=== Docs ===
 +
* ant-doc
 +
* apache2-doc
 +
* aspell-doc
 +
* autoconf-doc
 +
* automake1.9-doc
 +
* bash-doc
 +
* cdrkit-doc
 +
* ddd-doc
 
* devhelp
 
* devhelp
 
* diveintopython
 
* diveintopython
 +
* doxygen-doc
 +
* flex-doc
 +
* gawk-doc
 +
* gcc-doc
 +
* gdb-doc
 +
* git-doc
 +
* glut-doc
 +
* gmp-doc
 +
* gnuplot-doc
 +
* graphviz-doc
 
* gtkmm-documentation
 
* gtkmm-documentation
 +
* haskell-doc
 +
* jlint-doc
 +
* libboost-doc
 
* manpages-dev
 
* manpages-dev
 +
* octave-doc
 +
* perl-doc
 +
* php-doc
 
* python-doc
 
* python-doc
 +
* python-matplotlib-doc
 +
* python-numpy-doc
 +
* python-qt4-doc
 +
* qt4-doc
 +
* r-doc-html
 +
* rubybook
 +
* splint-doc-html
 
* stl-manual
 
* stl-manual
 +
* sun-java6-doc
 +
* tidy-doc
 +
* xchm
 +
* zsh-doc
  
 
=== Version Control ===
 
=== Version Control ===
Line 78: Line 201:
 
=== Debugging ===
 
=== Debugging ===
 
* ddd
 
* ddd
 +
* d-feet
 
* lsof
 
* lsof
 
* ltrace
 
* ltrace
Line 88: Line 212:
 
* bicyclerepair
 
* bicyclerepair
 
* bison
 
* bison
 +
* bpython
 
* bsh
 
* bsh
 
* build-essential
 
* build-essential
 
* clisp
 
* clisp
 
* cmake
 
* cmake
 +
* csstidy
 
* devscripts
 
* devscripts
 +
* dh-make
 
* docbook
 
* docbook
 
* flex
 
* flex
Line 106: Line 233:
 
* graphviz
 
* graphviz
 
* ipython
 
* ipython
 +
* jlint
 
* kiki
 
* kiki
 +
* libboost-dev
 +
* libcurl4-openssl-dev
 
* libghc6-xmonad-dev
 
* libghc6-xmonad-dev
 
* libgtkmm-2.4-dev
 
* libgtkmm-2.4-dev
Line 122: Line 252:
 
* libsdl-stretch-dev
 
* libsdl-stretch-dev
 
* libsdl-ttf2.0-dev
 
* libsdl-ttf2.0-dev
 +
* linklint
 +
* malbolge
 
* mesa-utils
 
* mesa-utils
 +
* mono-debugger
 
* octave
 
* octave
 +
* perltidy
 +
* php5-cli
 +
* php5-tidy
 +
* posh
 
* pyflakes
 
* pyflakes
 
* pylint
 
* pylint
Line 133: Line 270:
 
* python-crypto
 
* python-crypto
 
* python-dateutil
 
* python-dateutil
 +
* python-django
 +
* python-fuse
 +
* python-gmpy
 
* python-html5lib
 
* python-html5lib
 
* python-jinja
 
* python-jinja
 
* python-matplotlib
 
* python-matplotlib
 +
* python-profiler
 +
* python-psyco
 +
* python-pydot
 
* python-pygame
 
* python-pygame
 
* python-pysqlite2
 
* python-pysqlite2
 +
* python-qt4
 +
* python-sphinx
 
* python-simplejson
 
* python-simplejson
 
* python-scipy
 
* python-scipy
 
* python-soappy
 
* python-soappy
 
* python-sqlalchemy
 
* python-sqlalchemy
 +
* python-turbogears
 
* python-twisted
 
* python-twisted
 
* python-visual
 
* python-visual
 
* qt4-designer
 
* qt4-designer
 
* r-recommended
 
* r-recommended
 +
* ruby-full
 +
* ruby-gnome2
 +
* ruby-kde4
 
* speedcrunch
 
* speedcrunch
 +
* splint
 
* sun-java6-jdk
 
* sun-java6-jdk
 
* sun-java6-plugin
 
* sun-java6-plugin
 +
* tidy
 
* texlive-full
 
* texlive-full
 
* wxmaxima
 
* wxmaxima
  
 
=== Command Line ===
 
=== Command Line ===
 +
* ascii
 
* ack-grep
 
* ack-grep
 +
* cadaver
 +
* clusterssh
 +
* cowsay
 +
* curl
 +
* dot2tex
 +
* elinks
 +
* figlet
 +
* fortune-mod
 +
* hping3
 
* htop
 
* htop
 +
* indent
 
* imagemagick
 
* imagemagick
 
* irssi
 
* irssi
 +
* links
 +
* links2
 
* lftp
 
* lftp
 +
* lynx
 
* manpages
 
* manpages
 
* moreutils
 
* moreutils
 
* mtr-tiny
 
* mtr-tiny
 
* openssl
 
* openssl
 +
* p7zip-full
 +
* p7zip-rar
 +
* pdfjam
 +
* pdftk
 
* poppler-utils
 
* poppler-utils
 +
* pssh
 +
* pwgen
 +
* qemu
 
* quota
 
* quota
 
* rsync
 
* rsync
 
* screen
 
* screen
 +
* sl
 +
* socat
 +
* star
 +
* toilet
 
* traceroute
 
* traceroute
 
* tsocks
 
* tsocks
Line 171: Line 347:
 
* unrar
 
* unrar
 
* unzip
 
* unzip
 +
* w3m
 
* whois
 
* whois
 +
* zsh
  
 
=== System ===
 
=== System ===
 +
* alien
 +
* cntlm
 +
* fusedav
 +
* fuseiso
 +
* fusesmb
 
* ldap-auth-client
 
* ldap-auth-client
 
* ldap-utils
 
* ldap-utils
Line 182: Line 365:
 
* openssh-server
 
* openssh-server
 
* smartmontools
 
* smartmontools
 +
* sshfs
 
* tmpreaper
 
* tmpreaper
 
* wbritish
 
* wbritish
 +
 +
=== Databases ===
 +
* mysql-client
 +
* mysql-doc-5.0
 +
* libmysqlclient-dev
 +
* libmysql++-dev
 +
* libpg-java
 +
* libpq-dev
 +
* libpqxx-dev
 +
* libsqlite-dev
 +
* php5-mysql
 +
* php5-sqlite
 +
* php5-pgsql
 +
* postgresql-client
 +
* postgresql-doc
 +
* python-mysqldb
 +
* python-psycopg2
 +
* sqlite3
 +
* sqlite3-doc
  
 
=== Other ===
 
=== Other ===
Line 190: Line 393:
 
* blender
 
* blender
 
* dia
 
* dia
* firefox-3.5
+
* dwm-tools
 +
* epiphany-browser
 
* flashplugin-nonfree
 
* flashplugin-nonfree
 
* fluxbox
 
* fluxbox
 +
* gajim
 
* gnumeric
 
* gnumeric
 +
* gwibber
 +
* impressive
 
* inkscape
 
* inkscape
 
* konsole
 
* konsole
Line 199: Line 406:
 
* konversation
 
* konversation
 
* linuxdcpp
 
* linuxdcpp
* mplayer
+
* midori
* non-free-codecs
 
 
* openoffice.org-draw
 
* openoffice.org-draw
 +
* openoffice.org-pdfimport
 +
* pcmanfm
 
* pdfedit
 
* pdfedit
 +
* pidgin-plugin-pack
 
* planner
 
* planner
 
* rdesktop
 
* rdesktop
 
* scribus
 
* scribus
 +
* stalonetray
 
* ubuntu-restricted-extras
 
* ubuntu-restricted-extras
 
* wine
 
* wine
Line 212: Line 422:
 
* xtightvncviewer
 
* xtightvncviewer
 
* xmonad
 
* xmonad
 +
 +
=== Multimedia ===
 +
* ffmpeg
 +
* non-free-codecs
 +
* libavdevice-unstripped-52
 +
* libavfilter-unstripped-0
 +
* libavformat-unstripped-52
 +
* mencoder
 +
* mplayer
 +
* vlc
 +
* youtube-dl
  
 
=== Fonts ===
 
=== Fonts ===
* ttf-adf
 
 
* ttf-aenigma
 
* ttf-aenigma
 
* ttf-atarismall
 
* ttf-atarismall
Line 261: Line 481:
 
* any MTA
 
* any MTA
 
* old kernels
 
* old kernels
* network-manager
+
* shut down unnecessary services
 +
* Spring clean /etc/xdg/autostart
 +
* Use the PolicyKit Authorizations manager to disable suspend and hibernate for normal users.
 +
* rm /etc/hostname
 +
* Remove the 127.0.1.1 line from /etc/hosts
  
 
Configure:
 
Configure:
 
* /etc/apt/sources.list
 
* /etc/apt/sources.list
  deb http://ftp.leg.uct.ac.za/pub/linux/ubuntu jaunty main universe multiverse restricted
+
  deb http://ftp.leg.uct.ac.za/ubuntu lucid main universe multiverse restricted
  deb http://ftp.leg.uct.ac.za/pub/linux/ubuntu jaunty-security main universe multiverse restricted
+
deb http://ftp.leg.uct.ac.za/ubuntu lucid-updates main universe multiverse restricted
  deb http://ftp.leg.uct.ac.za/pub/linux/medibuntu jaunty free non-free
+
  deb http://ftp.leg.uct.ac.za/ubuntu lucid-security main universe multiverse restricted
* /etc/ntp.conf
+
deb http://ftp.leg.uct.ac.za/medibuntu lucid free non-free
  server ntp1.uct.ac.za iburst prefer
+
  deb http://ftp.leg.uct.ac.za/pub/linux/tsl-ppa lucid main
  server ntp2.uct.ac.za iburst
+
* Install
  server ntp3.uct.ac.za iburst
+
medibuntu-keyring, tsl-desktop
  server dreamcoat.che.uct.ac.za iburst
+
* /etc/openntpd/ntpd.conf
  server emperor.che.uct.ac.za iburst
+
  server ntp1.uct.ac.za
 +
  server ntp2.uct.ac.za
 +
  server ntp3.uct.ac.za
 +
  server dreamcoat.che.uct.ac.za
 +
  server emperor.che.uct.ac.za
 +
* visudo
 +
Defaults        env_reset
 +
root    ALL=(ALL) ALL
 +
%admin ALL=(ALL) NOPASSWD: ALL
 +
* /root/.ssh/authorized_keys
 +
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAw4nGVrw+0uJpjJecuL8qjhm0O67ZrXux79fgN2ChdJoiB47KrIfgbWbpdHQiBWWDQjm9ttyf48/kLWwWbSW/DYKxRAH2vSCbpPaabqHB+ixaDKX9Vh8S0fNiOrZnWLwKmgnsdUV08ivk25k5d4NFSjmKvr6Dsp8RyCr+1sZfpdKOu+J1thwlNVkOFJxKxWwezgfflc/+KGbhFCH8Ya0hzellYQiX3px659Ydx4PdSGhT/Td7MK0onC1lK5X2hU3QSr49fwji06lAig1dpHeS4dnOFu2gxFRvlLZqmj31rwIVXQqoZyiIUuAs9EnFKfUVR34k5v20baXQ1bRqd4HgEQ== TSL Key
 
* /etc/tmpreaper.conf
 
* /etc/tmpreaper.conf
 
  SHOWWARNING=false
 
  SHOWWARNING=false
* /etc/eclipse/java_home
 
/usr/lib/jvm/java-6-sun
 
* /usr/lib/eclipse/configuration/config.ini
 
org.eclipse.jdt.core.classpathVariable.JRE_LIB=/usr/lib/jvm/java-6-sun/jre/lib/rt.jar
 
 
* /etc/update-manager/meta-release
 
* /etc/update-manager/meta-release
 
  URI = http://ftp.leg.uct.ac.za/pub/linux/ubuntu-changelogs/leg/meta-release
 
  URI = http://ftp.leg.uct.ac.za/pub/linux/ubuntu-changelogs/leg/meta-release
 
  URI_LTS = http://ftp.leg.uct.ac.za/pub/linux/ubuntu-changelogs/leg/meta-release-lts
 
  URI_LTS = http://ftp.leg.uct.ac.za/pub/linux/ubuntu-changelogs/leg/meta-release-lts
* /etc/yp.conf
+
* /etc/apt/apt.conf.d/50unattended-upgrades
  ypserver 137.158.56.6
+
Unattended-Upgrade::Allowed-Origins {
 +
        "Ubuntu lucid-security";
 +
        "Ubuntu lucid-updates";
 +
        "Ubuntu lucid";
 +
        "Medibuntu lucid";
 +
        "LP-PPA-stefanor-tsl lucid";
 +
  };
 +
Unattended-Upgrade::Remove-Unused-Dependencies "true";
 +
Unattended-Upgrade::Automatic-Reboot "true";
 +
* /etc/grub.d/01_tsl_password
 +
#!/bin/sh
 +
set -e
 +
cat << EOF
 +
set superusers="root"
 +
password_pbkdf2 root grub.pbkdf2.sha512.10000.3712EBD4A97D0FAAA7008F8AB0FFDB733EFB913434799BC1A5E1CE2C91345A61E06BE8A1C8F9276AD46B99B7DE721B00151318B186DD33104239DF4161936A1A.7F07A1B5B046FBA4F6BE254C3923A391B2D668CF6F074C78FC77D9613434FA4F8F12E74F8A2DC74B85CBAC590F1B92A5AC285035D6915AD0A8FFE676FFC85F5D
 +
EOF
 +
 
 
* /etc/nsswitch.conf
 
* /etc/nsswitch.conf
  passwd:        nis files
+
  passwd:        files ldap
  group:          compat nis files
+
  group:          files ldap
  shadow:        nis files
+
  shadow:        files ldap
 
* /etc/fstab:
 
* /etc/fstab:
 
  tsl.uct.ac.za:/home /home nfs rw,sync 0 0
 
  tsl.uct.ac.za:/home /home nfs rw,sync 0 0
 
* /etc/ldap.conf:
 
* /etc/ldap.conf:
  uri ldaps://ucttldap1.uct.ac.za/ ldaps://ucttldap2.uct.ac.za/ ldaps://ucttldap3.uct.ac.za/
+
  base dc=tsl,dc=uct,dc=ac,dc=za
  base  ou=main, o=uct
+
uri ldaps://tsl.uct.ac.za/
pam_filter objectclass=ndsloginproperties
+
  ldap_version 3
pam_login_attribute cn
+
  pam_password md5
  pam_password nds
 
 
  tls_checkpeer no
 
  tls_checkpeer no
 
* /etc/security/group.conf
 
* /etc/security/group.conf
  *;*;*;Al0000-2400; audio,floppy,video,cdrom,plugdev
+
  *;*;*;Al0000-2400; audio,floppy,video,cdrom,plugdev,fuse
 
* /etc/firefox-3.[05]/pref/firefox.js
 
* /etc/firefox-3.[05]/pref/firefox.js
 
  // UCT Proxy
 
  // UCT Proxy
Line 309: Line 554:
 
* /etc/firefox-homepage.properties
 
* /etc/firefox-homepage.properties
 
  browser.startup.homepage=http://www.tsl.uct.ac.za/
 
  browser.startup.homepage=http://www.tsl.uct.ac.za/
* /usr/share/gdm/themes/Human/Human.xml
 
  <!-- TSL Help -->
 
  <item type="rect" id="custom-tsl-help">
 
    <pos y="10%" width="box" height="box" x="50%" anchor="n"/>
 
    <box spacing="2" orientation="vertical">
 
      <item type="label">
 
        <pos x="50%" anchor="n"/>
 
        <normal font="Sans 14" color="#ffffff"/>
 
        <text>Problems?</text>
 
      </item>
 
      <item type="label">
 
        <normal font="Sans 12" color="#ffffff"/>
 
        <text>e-mail help@tsl.uct.ac.za</text>
 
      </item>
 
    </box>
 
  </item>
 
 
* /etc/gconf/gconf.xml.mandatory/%gconf-tree.xml
 
* /etc/gconf/gconf.xml.mandatory/%gconf-tree.xml
  <?xml version="1.0"?>
+
  <nowiki><?xml version="1.0"?>
 
  <gconf>
 
  <gconf>
 
  <dir name="apps">
 
  <dir name="apps">
Line 332: Line 561:
 
  <dir name="preferences">
 
  <dir name="preferences">
 
  <entry name="thumbnail_limit" mtime="1252410114" type="int" value="512000"/>
 
  <entry name="thumbnail_limit" mtime="1252410114" type="int" value="512000"/>
 +
</dir>
 +
</dir>
 +
<dir name="gdm">
 +
<dir name="simple-greeter">
 +
<entry name="banner_message_enable" mtime="1268226887" type="bool" value="true"/>
 +
<entry name="banner_message_text" mtime="1268226887" type="string">
 +
<stringvalue>Any problems? Email help@tsl.uct.ac.za</stringvalue>
 +
</entry>
 +
<entry name="disable_user_list" mtime="1268226887" type="bool" value="true"/>
 
  </dir>
 
  </dir>
 
  </dir>
 
  </dir>
Line 344: Line 582:
 
  </dir>
 
  </dir>
 
  </dir>
 
  </dir>
 +
</dir>
 +
</dir>
 +
<dir name="system">
 +
<dir name="http_proxy">
 +
<entry name="ignore_hosts" mtime="1252519008" type="list" ltype="string">
 +
<li type="string">
 +
<stringvalue>localhost</stringvalue>
 +
</li>
 +
<li type="string">
 +
<stringvalue>127.0.0.0/8</stringvalue>
 +
</li>
 +
<li type="string">
 +
<stringvalue>*.local</stringvalue>
 +
</li>
 +
<li type="string">
 +
<stringvalue>137.158.0.0/16</stringvalue>
 +
</li>
 +
<li type="string">
 +
<stringvalue>*.uct.ac.za</stringvalue>
 +
</li>
 +
</entry>
 +
<entry name="host" mtime="1252518985" type="string">
 +
<stringvalue>localhost</stringvalue>
 +
</entry>
 +
<entry name="use_http_proxy" mtime="1252519071" type="bool" value="true"/>
 +
</dir>
 +
<dir name="proxy">
 +
<entry name="secure_port" mtime="1252518992" type="int" value="8080"/>
 +
<entry name="secure_host" mtime="1252518987" type="string">
 +
<stringvalue>localhost</stringvalue>
 +
</entry>
 +
<entry name="mode" mtime="1252518982" type="string">
 +
<stringvalue>manual</stringvalue>
 +
</entry>
 
  </dir>
 
  </dir>
 
  </dir>
 
  </dir>
 
  </gconf>
 
  </gconf>
 +
</nowiki>
 +
* chmod 500 /var/lib/gdm/.gconf
 +
* /var/lib/gdm/.gconf.path
 +
# treat system-wide settings as mandatory
 +
xml:readonly:/etc/gconf/gconf.xml.system
 +
 +
# override some settings
 +
# we treat settings in this location as
 +
# owned by GDM.  Sysadmins should create
 +
# another source if they wish to override them.
 +
xml:readonly:$(HOME)/.gconf.mandatory
 +
 +
# distribution default values
 +
xml:readonly:$(HOME)/.gconf.defaults
 +
* /etc/cntlm.conf
 +
Domain          WF
 +
Proxy          campusnet.uct.ac.za:8080
 +
Listen          8080
 +
NTLMToBasic    yes
 +
 +
=== Pre-imaging ===
 +
 +
* Remove the two lines from /etc/udev/rules.d/70-persistent-net.rules
 +
* A bunch of other useful things to remove: http://live.debian.net/gitweb?p=live-build.git;a=blob;f=scripts/build/lb_chroot_hacks

Latest revision as of 16:10, 12 October 2011

TSL Todo list

  • Set BIOS passwords
  • Lock down network ports (MAC address)
  • Install replaced / fixed computers
  • Roll out Karmic

Current problems

Power Sockets
pc44
Security Lug on PC
pc44
Low Memory (256M)
pc55
Bad HDD / BIOS
pc84
BIOS Locked
pc79

Known Unreliable machines

pc59
Unknown (2 Oct 2009)
pc09
Bad network card, sensitive to cable position (2 Oct 2009)
pc69
Thermal event (9 Oct 2009)
pc07
BIOS Battery? (9 Oct 2009)
pc21
BIOS Battery? (9 Oct 2009)
pc76
Cold boot reqd (16 Oct 2009)
pc46
Broken facade (16 Oct 2009)
pc16
BIOS Battery? (16 Oct 2009)
pc56
Lock cable doesn't pass through loop

Row 1

Working
6
Power
pc48
No Power button
pc to the left of it

Row 2

Working
7
Missing
1

Row 3

Working
8

Row 4

Working
8

Row 5

Working
4
Missing
2
Dead HDD
pc77
Mouse cut
pc82
VGA cut
pc-missing

Row 6

Working
3
Missing
1
All cables need tying

Long Row 1

(by windows)

Working
16
Missing
0
No flylead
pc02
Lock doesn't attach pc to desk
pc31

Long Row 2

Working
15
Missing
1
Dusty
pc30
No power button
next to pc40

Wishlist for next rollout

Image

Paste the source of the following into:

sed -ne 's/^* // p' | tr '\n' ' '; echo

to get a list you can install

Not available in Karmic, but wanted in future

  • eclipse-cdt
  • eclipse-pydev
  • dillo
  • trayer

Games

  • bsdgames
  • bzflag
  • dosbox
  • einstein
  • frozen-bubble
  • gnome-games
  • gtetrinet
  • kobodeluxe
  • neverball
  • nexuiz
  • openarena
  • openttd
  • pingus
  • scummvm
  • teeworlds
  • tetrinet-client
  • wesnoth
  • wormux
  • xmoto

Themes

  • arc-colors
  • community-themes
  • gdm-themes
  • gnome-backgrounds
  • gnome-colors
  • gnome-themes
  • gnome-themes-extras
  • gnome-themes-more
  • metacity-themes
  • shiki-colors

Editors

  • anjuta
  • bluefish
  • codeblocks
  • eclipse
  • eclipse-cdt
  • eclipse-pydev
  • emacs
  • emacs-snapshot
  • emacs-goodies-el
  • eric
  • geany
  • idle
  • idle-python2.5
  • idle3
  • joe
  • kate
  • kdevelop
  • lyx
  • monodevelop
  • monodevelop-java
  • netbeans
  • scite
  • spe
  • vim-gtk
  • vim-nox
  • vim-latexsuite
  • vim-vimoutliner
  • xemacs21

Docs

  • ant-doc
  • apache2-doc
  • aspell-doc
  • autoconf-doc
  • automake1.9-doc
  • bash-doc
  • cdrkit-doc
  • ddd-doc
  • devhelp
  • diveintopython
  • doxygen-doc
  • flex-doc
  • gawk-doc
  • gcc-doc
  • gdb-doc
  • git-doc
  • glut-doc
  • gmp-doc
  • gnuplot-doc
  • graphviz-doc
  • gtkmm-documentation
  • haskell-doc
  • jlint-doc
  • libboost-doc
  • manpages-dev
  • octave-doc
  • perl-doc
  • php-doc
  • python-doc
  • python-matplotlib-doc
  • python-numpy-doc
  • python-qt4-doc
  • qt4-doc
  • r-doc-html
  • rubybook
  • splint-doc-html
  • stl-manual
  • sun-java6-doc
  • tidy-doc
  • xchm
  • zsh-doc

Version Control

  • cvs
  • bzr
  • bzr-gtk
  • bzr-svn
  • bzrtools
  • darcs
  • git-core
  • meld
  • mercurial
  • subversion
  • subversion-tools
  • svk

Debugging

  • ddd
  • d-feet
  • lsof
  • ltrace
  • strace
  • valgrind

Programming

  • ant
  • ant-optional
  • bicyclerepair
  • bison
  • bpython
  • bsh
  • build-essential
  • clisp
  • cmake
  • csstidy
  • devscripts
  • dh-make
  • docbook
  • flex
  • freeglut3-dev
  • fpc
  • gcc-4.1
  • gdc
  • g++-4.1
  • gengetopt
  • ghc
  • gnome-devel
  • gnuplot
  • graphviz
  • ipython
  • jlint
  • kiki
  • libboost-dev
  • libcurl4-openssl-dev
  • libghc6-xmonad-dev
  • libgtkmm-2.4-dev
  • libphobos-4.2-dev
  • libqt4-dev
  • libqwt-dev
  • libsdl-console-dev
  • libsdl-dev
  • libsdl-gfx1.2-dev
  • libsdl-image1.2-dev
  • libsdl-mixer1.2-dev
  • libsdl-net1.2-dev
  • libsdl-pango-dev
  • libsdl-sound1.2-dev
  • libsdl-stretch-dev
  • libsdl-ttf2.0-dev
  • linklint
  • malbolge
  • mesa-utils
  • mono-debugger
  • octave
  • perltidy
  • php5-cli
  • php5-tidy
  • posh
  • pyflakes
  • pylint
  • python3
  • python-all-dev
  • python-beautifulsoup
  • python-celementtree
  • python-configobj
  • python-crypto
  • python-dateutil
  • python-django
  • python-fuse
  • python-gmpy
  • python-html5lib
  • python-jinja
  • python-matplotlib
  • python-profiler
  • python-psyco
  • python-pydot
  • python-pygame
  • python-pysqlite2
  • python-qt4
  • python-sphinx
  • python-simplejson
  • python-scipy
  • python-soappy
  • python-sqlalchemy
  • python-turbogears
  • python-twisted
  • python-visual
  • qt4-designer
  • r-recommended
  • ruby-full
  • ruby-gnome2
  • ruby-kde4
  • speedcrunch
  • splint
  • sun-java6-jdk
  • sun-java6-plugin
  • tidy
  • texlive-full
  • wxmaxima

Command Line

  • ascii
  • ack-grep
  • cadaver
  • clusterssh
  • cowsay
  • curl
  • dot2tex
  • elinks
  • figlet
  • fortune-mod
  • hping3
  • htop
  • indent
  • imagemagick
  • irssi
  • links
  • links2
  • lftp
  • lynx
  • manpages
  • moreutils
  • mtr-tiny
  • openssl
  • p7zip-full
  • p7zip-rar
  • pdfjam
  • pdftk
  • poppler-utils
  • pssh
  • pwgen
  • qemu
  • quota
  • rsync
  • screen
  • sl
  • socat
  • star
  • toilet
  • traceroute
  • tsocks
  • units
  • unrar
  • unzip
  • w3m
  • whois
  • zsh

System

  • alien
  • cntlm
  • fusedav
  • fuseiso
  • fusesmb
  • ldap-auth-client
  • ldap-utils
  • ncpfs
  • nis
  • nfs-common
  • openntpd
  • openssh-server
  • smartmontools
  • sshfs
  • tmpreaper
  • wbritish

Databases

  • mysql-client
  • mysql-doc-5.0
  • libmysqlclient-dev
  • libmysql++-dev
  • libpg-java
  • libpq-dev
  • libpqxx-dev
  • libsqlite-dev
  • php5-mysql
  • php5-sqlite
  • php5-pgsql
  • postgresql-client
  • postgresql-doc
  • python-mysqldb
  • python-psycopg2
  • sqlite3
  • sqlite3-doc

Other

  • abiword
  • amarok
  • blender
  • dia
  • dwm-tools
  • epiphany-browser
  • flashplugin-nonfree
  • fluxbox
  • gajim
  • gnumeric
  • gwibber
  • impressive
  • inkscape
  • konsole
  • konqueror
  • konversation
  • linuxdcpp
  • midori
  • openoffice.org-draw
  • openoffice.org-pdfimport
  • pcmanfm
  • pdfedit
  • pidgin-plugin-pack
  • planner
  • rdesktop
  • scribus
  • stalonetray
  • ubuntu-restricted-extras
  • wine
  • yakuake
  • xchat
  • xtightvncviewer
  • xmonad

Multimedia

  • ffmpeg
  • non-free-codecs
  • libavdevice-unstripped-52
  • libavfilter-unstripped-0
  • libavformat-unstripped-52
  • mencoder
  • mplayer
  • vlc
  • youtube-dl

Fonts

  • ttf-aenigma
  • ttf-atarismall
  • ttf-beteckna
  • ttf-breip
  • ttf-droid
  • ttf-dustin
  • ttf-ecolier-court
  • ttf-ecolier-lignes-court
  • ttf-engadget
  • ttf-essays1743
  • ttf-f500
  • ttf-fifthhorseman-dkg-handwriting
  • ttf-georgewilliams
  • ttf-goudybookletter
  • ttf-inconsolata
  • ttf-isabella
  • ttf-jsmath
  • ttf-junicode
  • ttf-konatu
  • ttf-larabie-deco
  • ttf-larabie-straight
  • ttf-larabie-uncommon
  • ttf-linux-libertine
  • ttf-marvosym
  • ttf-mscorefonts-installer
  • ttf-ocr-a
  • ttf-oflb-asana-math
  • ttf-oflb-euterpe
  • ttf-radisnoir
  • ttf-sil-gentium
  • ttf-sil-gentium-basic
  • ttf-sjfonts
  • ttf-staypuft
  • ttf-summersby
  • ttf-tomsontalks
  • ttf-tuffy
  • ttf-ubuntu-title
  • ttf-unifont
  • ttf-xfree86-nonfree

Post Install

Get rid of:

  • any MTA
  • old kernels
  • shut down unnecessary services
  • Spring clean /etc/xdg/autostart
  • Use the PolicyKit Authorizations manager to disable suspend and hibernate for normal users.
  • rm /etc/hostname
  • Remove the 127.0.1.1 line from /etc/hosts

Configure:

  • /etc/apt/sources.list
deb http://ftp.leg.uct.ac.za/ubuntu lucid main universe multiverse restricted
deb http://ftp.leg.uct.ac.za/ubuntu lucid-updates main universe multiverse restricted
deb http://ftp.leg.uct.ac.za/ubuntu lucid-security main universe multiverse restricted
deb http://ftp.leg.uct.ac.za/medibuntu lucid free non-free
deb http://ftp.leg.uct.ac.za/pub/linux/tsl-ppa lucid main
  • Install
medibuntu-keyring, tsl-desktop
  • /etc/openntpd/ntpd.conf
server ntp1.uct.ac.za
server ntp2.uct.ac.za
server ntp3.uct.ac.za
server dreamcoat.che.uct.ac.za
server emperor.che.uct.ac.za
  • visudo
Defaults        env_reset
root    ALL=(ALL) ALL
%admin ALL=(ALL) NOPASSWD: ALL
  • /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAw4nGVrw+0uJpjJecuL8qjhm0O67ZrXux79fgN2ChdJoiB47KrIfgbWbpdHQiBWWDQjm9ttyf48/kLWwWbSW/DYKxRAH2vSCbpPaabqHB+ixaDKX9Vh8S0fNiOrZnWLwKmgnsdUV08ivk25k5d4NFSjmKvr6Dsp8RyCr+1sZfpdKOu+J1thwlNVkOFJxKxWwezgfflc/+KGbhFCH8Ya0hzellYQiX3px659Ydx4PdSGhT/Td7MK0onC1lK5X2hU3QSr49fwji06lAig1dpHeS4dnOFu2gxFRvlLZqmj31rwIVXQqoZyiIUuAs9EnFKfUVR34k5v20baXQ1bRqd4HgEQ== TSL Key
  • /etc/tmpreaper.conf
SHOWWARNING=false
  • /etc/update-manager/meta-release
URI = http://ftp.leg.uct.ac.za/pub/linux/ubuntu-changelogs/leg/meta-release
URI_LTS = http://ftp.leg.uct.ac.za/pub/linux/ubuntu-changelogs/leg/meta-release-lts
  • /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins {
        "Ubuntu lucid-security";
        "Ubuntu lucid-updates";
        "Ubuntu lucid";
        "Medibuntu lucid";
        "LP-PPA-stefanor-tsl lucid";
};
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "true";
  • /etc/grub.d/01_tsl_password
#!/bin/sh
set -e
cat << EOF
set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000.3712EBD4A97D0FAAA7008F8AB0FFDB733EFB913434799BC1A5E1CE2C91345A61E06BE8A1C8F9276AD46B99B7DE721B00151318B186DD33104239DF4161936A1A.7F07A1B5B046FBA4F6BE254C3923A391B2D668CF6F074C78FC77D9613434FA4F8F12E74F8A2DC74B85CBAC590F1B92A5AC285035D6915AD0A8FFE676FFC85F5D
EOF
  • /etc/nsswitch.conf
passwd:         files ldap
group:          files ldap
shadow:         files ldap
  • /etc/fstab:
tsl.uct.ac.za:/home	/home	nfs	rw,sync		0	0
  • /etc/ldap.conf:
base dc=tsl,dc=uct,dc=ac,dc=za
uri ldaps://tsl.uct.ac.za/
ldap_version 3
pam_password md5
tls_checkpeer no
  • /etc/security/group.conf
*;*;*;Al0000-2400; audio,floppy,video,cdrom,plugdev,fuse
  • /etc/firefox-3.[05]/pref/firefox.js
// UCT Proxy
pref("network.proxy.autoconfig_url", "http://www.uct.ac.za/cache.pac");
pref("network.proxy.type", 2);
pref("browser.cache.disk.capacity", 3000);
  • /etc/firefox-3.[05]/pref/ubufox.js
pref("browser.startup.homepage", "file:/etc/firefox-homepage.properties");
  • /etc/firefox-homepage.properties
browser.startup.homepage=http://www.tsl.uct.ac.za/
  • /etc/gconf/gconf.xml.mandatory/%gconf-tree.xml
<?xml version="1.0"?>
 <gconf>
 	<dir name="apps">
 		<dir name="nautilus">
 			<dir name="preferences">
 				<entry name="thumbnail_limit" mtime="1252410114" type="int" value="512000"/>
 			</dir>
 		</dir>
 		<dir name="gdm">
 			<dir name="simple-greeter">
				<entry name="banner_message_enable" mtime="1268226887" type="bool" value="true"/>
				<entry name="banner_message_text" mtime="1268226887" type="string">
					<stringvalue>Any problems? Email help@tsl.uct.ac.za</stringvalue>
				</entry>
				<entry name="disable_user_list" mtime="1268226887" type="bool" value="true"/>
 			</dir>
 		</dir>
 	</dir>
 	<dir name="desktop">
 		<dir name="gnome">
 			<dir name="applications">
 				<dir name="window_manager">
 					<entry name="default" mtime="1252403218" type="string">
 						<stringvalue>/usr/bin/metacity</stringvalue>
 					</entry>
 				</dir>
 			</dir>
 		</dir>
 	</dir>
 	<dir name="system">
 		<dir name="http_proxy">
 			<entry name="ignore_hosts" mtime="1252519008" type="list" ltype="string">
 				<li type="string">
 					<stringvalue>localhost</stringvalue>
 				</li>
 				<li type="string">
 					<stringvalue>127.0.0.0/8</stringvalue>
 				</li>
 				<li type="string">
 					<stringvalue>*.local</stringvalue>
 				</li>
 				<li type="string">
 					<stringvalue>137.158.0.0/16</stringvalue>
 				</li>
 				<li type="string">
 					<stringvalue>*.uct.ac.za</stringvalue>
 				</li>
 			</entry>
 			<entry name="host" mtime="1252518985" type="string">
 				<stringvalue>localhost</stringvalue>
 			</entry>
 			<entry name="use_http_proxy" mtime="1252519071" type="bool" value="true"/>
 		</dir>
 		<dir name="proxy">
 			<entry name="secure_port" mtime="1252518992" type="int" value="8080"/>
 			<entry name="secure_host" mtime="1252518987" type="string">
 				<stringvalue>localhost</stringvalue>
 			</entry>
 			<entry name="mode" mtime="1252518982" type="string">
 				<stringvalue>manual</stringvalue>
 			</entry>
 		</dir>
 	</dir>
 </gconf>

  • chmod 500 /var/lib/gdm/.gconf
  • /var/lib/gdm/.gconf.path
# treat system-wide settings as mandatory
xml:readonly:/etc/gconf/gconf.xml.system

# override some settings
# we treat settings in this location as
# owned by GDM.  Sysadmins should create
# another source if they wish to override them.
xml:readonly:$(HOME)/.gconf.mandatory

# distribution default values
xml:readonly:$(HOME)/.gconf.defaults
  • /etc/cntlm.conf
Domain          WF
Proxy           campusnet.uct.ac.za:8080
Listen          8080
NTLMToBasic     yes

Pre-imaging