Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.

LCFG Project

LCFG Project

Recent Activity for the LCFG project

  1. LCFG Project
  2. Uncategorised
  3. Weekly Changes – 06/12/2021

Weekly Changes – 06/12/2021

This release constitutes 2 weeks of changes rather than the usual 1 so appears somewhat larger than normal. Having said that, there are no individual changes which we expect to have a particularly big impact. Here are all the details…

lightdm and trimspaces

The DICE desktop login manager – lightdm – on Ubuntu Focal now has the PAM trimspaces module enabled. This ensures that any whitespace characters in the username field are automatically removed, see the previous blog entry for more details.

RFE server

The RFE server, used in Informatics to allow remote edits of various configuration data, has gained support for a principal-to-username mapping file which allows authorisation of principals as usernames. The package has also gained support for Ubuntu but this has not yet been thoroughly tested.

apacheconf Ubuntu support

The expected user and group for the apache service on Ubuntu have been fixed and the systemd services are now correctly configured. Also, some resource defaults for the apacheconf component have been updated to support Ubuntu. At this stage various parts of the configuration remain incomplete, in particular the default list of modules is empty which prevents the daemon from starting. The component code still needs to be updated to support the configuration of the /etc/apache2/envvars file, see bug#1289 for details.

apache and cron

By default on DICE web servers the apache user is now blocked from creating cron and atd jobs. This is for security reasons to prevent an attacker installing a crontab after a successful compromise of a web service. A local survey suggests that running cron jobs as the apache user is rare, when required it can be re-enabled by defining the DICE_OPTIONS_CRON_ALLOW_APACHE macro prior to including the apacheconf headers in a profile. This strategy has been used by attackers for a long time, recently it has been abused in a new novel way known as CronRAT malware.

Systemd service presets

The systemd component on Ubuntu has gained support for configuring service presets. There is now also a macro – LCFG_SYSTEMD_PRESET – which makes it easy to specify presets. An example of how to configure service presets is given in our Systemd cookbook.

resolv.conf and Ubuntu

The resolv.conf file on Ubuntu has gained a default sortlist. This matches more closely with how we have it configured on SL7. This avoids addresses on certain local unrouted networks being sorted higher than routed addresses. This should fix some issues we have seen with accessing services, such as rfe, from Ubuntu client machines. We still need to consider tweaking this further to completely match with SL7.

avahi daemon

The avahi-daemon service will now only be enabled by default for desktop systems on Ubuntu. This matches with the avahi-daemon package only being included in the lcfg_ubu2004_desktop.pkgs package list by standard.

DICE KVM shutdown policy

It is now possible to simply configure the guest VM policy for shutdown of a DICE KVM server. The default policy remains as suspend but it can now be changed to shutdown by defining the DICE_OPTIONS_KVM_SERVER_GUEST_SHUTDOWN macro ahead of including the dice/options/kvm-server.h header in a profile.

Tartarus report

Enhanced the crontabs reports. Now reports on which files are managed or unmanaged and which might have been locally modified. Also reports on any which are for users which no longer exist or have expired accounts.

New Software

The a2ps and enscript packages have been added for DICE Ubuntu desktops.

An LCFG_OPTIONS_WORKRAVE option has been added which can be used to include the workrave – Repetitive Strain Injury prevention tool – and all of its dependencies. That option can be enabled by adding the option name to the profile.pkgcppopts resource, for example:

!profile.pkgcppopts mADD(LCFG_OPTIONS_WORKRAVE)
Weekly Changes – 06/12/2021 / LCFG Project by blogadmin is licensed under a Creative Commons Attribution CC BY 3.0

Posted by

Categories

Uncategorised

Tags

No tags have been added to this post.

Previous post

Next post

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

css.php

Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.

  Cancel