From d22788a7a2d611e8b8630717e8e2f79319a80a6d Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 2 Jan 2010 11:58:29 -0200
Subject: Initial import

---
 files/etc/crypttab                |  4 ++
 files/etc/fstab                   |  3 ++
 files/etc/initramfs-tools/modules | 15 ++++++++
 files/etc/modprobe.d/blacklist    | 78 +++++++++++++++++++++++++++++++++++++++
 files/etc/rc.local                | 22 +++++++++++
 files/etc/sudoers                 | 21 +++++++++++
 6 files changed, 143 insertions(+)
 create mode 100644 files/etc/crypttab
 create mode 100644 files/etc/fstab
 create mode 100644 files/etc/initramfs-tools/modules
 create mode 100644 files/etc/modprobe.d/blacklist
 create mode 100644 files/etc/rc.local
 create mode 100644 files/etc/sudoers

(limited to 'files')

diff --git a/files/etc/crypttab b/files/etc/crypttab
new file mode 100644
index 0000000..35f0521
--- /dev/null
+++ b/files/etc/crypttab
@@ -0,0 +1,4 @@
+# <target name> <source device>          <key file>      <options>
+root            /dev/mapper/vg-root      none            luks,cipher=aes-cbc-essiv:sha256
+cswap           /dev/sda1                /dev/random     swap,cipher=aes-cbc-essiv:sha256
+vservers        /dev/mapper/vg-vservers  none            luks,cipher=aes-cbc-essiv:sha256
diff --git a/files/etc/fstab b/files/etc/fstab
new file mode 100644
index 0000000..0878617
--- /dev/null
+++ b/files/etc/fstab
@@ -0,0 +1,3 @@
+/dev/mapper/cswap     none           swap  sw                                 0 0
+/dev/mapper/root      /              ext3  defaults,errors=remount-ro         0 1
+/dev/mapper/vservers  /var/vservers  ext3  defaults,errors=remount-ro         0 0
diff --git a/files/etc/initramfs-tools/modules b/files/etc/initramfs-tools/modules
new file mode 100644
index 0000000..265b8fd
--- /dev/null
+++ b/files/etc/initramfs-tools/modules
@@ -0,0 +1,15 @@
+# List of modules that you want to include in your initramfs.
+#
+# Syntax:  module_name [args ...]
+#
+# You must run update-initramfs(8) to effect this change.
+#
+# Examples:
+#
+# raid1
+# sd_mod
+dm-mod
+dm-crypt
+aes
+twofish
+sha256
diff --git a/files/etc/modprobe.d/blacklist b/files/etc/modprobe.d/blacklist
new file mode 100644
index 0000000..1505e86
--- /dev/null
+++ b/files/etc/modprobe.d/blacklist
@@ -0,0 +1,78 @@
+# This file lists modules which will not be loaded as the result of
+# alias expansion, with the purpose of preventing the hotplug subsystem
+# to load them. It does not affect autoloading of modules by the kernel.
+# This file is provided by the udev package.
+
+# evbug is a debug tool and should be loaded explicitly
+blacklist evbug
+
+# these drivers are very simple, the HID drivers are usually preferred
+blacklist usbmouse
+blacklist usbkbd
+
+# replaced by e100
+blacklist eepro100
+
+# replaced by tulip
+blacklist de4x5
+
+# replaced by tmscsim
+blacklist am53c974
+
+# watchdog drivers should be loaded only if a watchdog daemon is installed
+blacklist acquirewdt
+blacklist advantechwdt
+blacklist alim1535_wdt
+blacklist alim7101_wdt
+blacklist booke_wdt
+blacklist cpu5wdt
+blacklist eurotechwdt
+blacklist hpwdt
+blacklist i6300esb
+blacklist i8xx_tco
+blacklist ib700wdt
+blacklist ibmasr
+blacklist indydog
+blacklist ixp2000_wdt
+blacklist ixp4xx_wdt
+blacklist it8712f_wdt
+blacklist iTCO_wdt
+blacklist machzwd
+blacklist mixcomwd
+blacklist mpc8xx_wdt
+blacklist mpcore_wdt
+blacklist mv64x60_wdt
+blacklist pc87413_wdt
+blacklist pcwd
+blacklist pcwd_pci
+blacklist pcwd_usb
+blacklist s3c2410_wdt
+blacklist sa1100_wdt
+blacklist sbc60xxwdt
+blacklist sbc7240_wdt
+blacklist sbc8360
+blacklist sbc_epx_c3
+blacklist sc1200wdt
+blacklist sc520_wdt
+blacklist scx200_wdt
+blacklist shwdt
+blacklist smsc37b787_wdt
+blacklist softdog
+blacklist w83627hf_wdt
+blacklist w83697hf_wdt
+blacklist w83877f_wdt
+blacklist w83977f_wdt
+blacklist wafer5823wdt
+blacklist wdt285
+blacklist wdt977
+blacklist wdt
+blacklist wdt_pci
+
+# Physical memory attacks via Firewire/DMA Mitigation
+# Prevent automatic loading of the ohci1394 module.
+# See http://padrao.sarava.org/trac/wiki/Debian/Firewire
+blacklist ohci1394
+# Prevent manual loading of the ohci1394 module.
+install ohci1394 false
+# Iff we should ever load the ohci1394 module, force the use of the 'phys_dma=0' option.
+options ohci1394 phys_dma=0
diff --git a/files/etc/rc.local b/files/etc/rc.local
new file mode 100644
index 0000000..393c83e
--- /dev/null
+++ b/files/etc/rc.local
@@ -0,0 +1,22 @@
+#!/bin/sh -e
+#
+# rc.local
+#
+# This script is executed at the end of each multiuser runlevel.
+# Make sure that the script will "exit 0" on success or any other
+# value on error.
+#
+# In order to enable or disable this script just change the execution
+# bits.
+#
+# By default this script does nothing.
+
+# Force the hostname
+/bin/hostname `cat /etc/hostname`
+
+# Then restart puppet with the right hostname
+/etc/init.d/puppet stop
+/etc/init.d/puppet start
+
+# Then exit
+exit 0
diff --git a/files/etc/sudoers b/files/etc/sudoers
new file mode 100644
index 0000000..1026c16
--- /dev/null
+++ b/files/etc/sudoers
@@ -0,0 +1,21 @@
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+
+Defaults        env_reset
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+%sudo ALL=NOPASSWD: ALL
-- 
cgit v1.2.3