lab46.offbyone.lan is the LAIR public access point / shell system for students and users.

lab46.offbyone.lan created on sokraits on 07/10/2014.

• 07/10/2014 - re-recreated lab46(new), and deployed it as the new production lab46 VM
• 04/11/2014 - created lab46new, for the next lab46 iteration
• 09/20/2010 - due to CVE-2010-3081, I had to update the kernel on Lab46 and reboot
• 06/23/2010 - installed packages, announced user beta testing
• 06/14/2010 - lab46new.offbyone.lan created, DNS updates made on caprisun and jb2

• install necessary packages
• configure things
• test

The following packages have been installed on lab46:

• lair-std
• lair-ldap (libnss-ldapd nslcd)
• lair-nfs
• nslcd
• tmux
• build-essential
• irssi
• locate
• whois
• host
• alpine
• bsdgames
• emacs24
• strace
• dnsutils
• links2 sc bvi hexedit talk talkd utalk
• indent indent-doc
• fakeroot debhelper automake debomatic
• manpages-dev
• mosh
• ruby2.1
• mercurial git subversion
• openssl ca-certificates
• lynx
• telnet
• bsd-mailx
• dateutils
• libgd-dev

• lair-std lair-nfs lair-vm lair-ldap
• alpine apg at gnupg
• aspell aspell-doc aspell-en iamerican ispell
• build-essential flex gawk gdb valgrind mawk gprolog nasm
• php5-cli php5-mysql php5-curl
• python3-all python3-doc python3-examples libncurses5-dev
• ruby1.9.1-full ruby1.9.1-examples clisp clisp-doc sun-java6-jdk subversion
• tcl8.4 tcl8.4-dev libtcltk-ruby1.9.1
• tcl8.5 tcl8.5-dev tcl8.5-doc
• alpine mutt nullmailer mailutils nmh
• finger finger-ldap iproute traceroute telnet
• curl ftp lftp ncftp irssi elinks links2 lynx
• bvi hexedit pilot imagemagick inotify-tools lsof mc mysql-client unzip
• bsdgames netcat nethack
• ia32-libs zshdb zsh-doc
• flex bison zlib1g-dev xkb-data indent-doc indent cppcheck
• libx11-dev libxext-dev libxt-dev
• usbutils
• mercurial-common
• x11-xserver-utils

• /etc/security/access.conf (comment out last line)
• install nslcd
  • configure /etc/nslcd.conf, /etc/pam_ldap.conf, /etc/libnss_ldap.conf
  • deployed new (hopefully simpler) /etc/pam.d/common-*
• custom /etc/rc.local
• /tmp needed to be perms 1777 (mount option???)
• copy over /var/log/wtmp* /var/log/lastlog from old lab46
• copy over wtmp logrotate.conf config from old lab46
• /etc/sysctl.d/swappiness
• manual fix to enable VM to boot R/W: http://blog.smartlogicsolutions.com/2009/06/04/mount-options-to-improve-ext4-file-system-performance/
• moved over some root/wedge cron jobs
  • copied over various files in /usr/local
• check/sanitize NSS/PAM/NSLCD config
• /etc/idmapd.conf rpc_pipefs path needed to change (/run/rpc_pipefs or something)

lab46 is a Xen virtual machine. Pertinent configuration information follows:

The Xen config file for this VM is as follows:

lab46.cfg

######################################################################
##
## LAIR Xen VM configuration file
##
##     created by xen-tools 4.4 on Thu Jul 10 09:33:02 2014.
##
######################################################################
 
######################################################################
##
## PyGRUB
##
bootloader  = '/usr/lib/xen-4.3/bin/pygrub'
 
######################################################################
##
## CPU(s) + memory size
##
memory      = '1536'
vcpus       = '2'
 
######################################################################
##
## Disk device(s).
##
root        = '/dev/xvda1 ro'
disk        = [ 'file:/xen/images/lab46.disk,xvda1,w',
                'file:/xen/images/lab46tmp.disk,xvda2,w',
                'file:/xen/images/lab46.swap,xvda3,w' ]
 
######################################################################
##
## Hostname
##
name        = 'lab46'
 
######################################################################
##
## Networking
##
dhcp        = 'dhcp'
vif         = [ 'mac=00:16:3E:5D:88:D8,bridge=xenbr1' ]                                   
 
######################################################################
##
## Behaviour
##
on_poweroff = 'destroy'
on_reboot   = 'restart'
on_crash    = 'restart'

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
 
# Try to fix NFS callback stupidity
modprobe nfs
sysctl fs.nfs.nfs_callback_tcpport=2049
/etc/init.d/nfs-common restart
 
# Force motd
cat /etc/motd.tail > /var/run/motd
 
# Mount home directories from NFS
mkdir -m 1755 -p /home
mount -t nfs4 -o proto=tcp,intr nfs:/home /home
 
# Enable IP Forwarding
echo "1" >/proc/sys/net/ipv4/ip_forward
 
# Redirect/Masquerade port 80 traffic to WWW
iptables -t nat -A PREROUTING -p tcp -m tcp -d 10.80.2.38 --dport 80 -j DNAT --to 10.80.2.18:80
iptables -t nat -A POSTROUTING -p tcp -d 10.80.2.18 --dport 80 -j MASQUERADE

Students these days have very messy coding styles. I've always formatted my code to the ANSI/Allman coding style. So to enhance laziness, I installed GNU indent and figured out how to use it, so it can quickly attempt to convert non-compliant code into something far more readable in a short span of time.

I went and figured out the particular options to produce just what I want, and that turns out to be:

-linux -bl -bli0 -nce -saf -sai -saw -sob -bad -bap -cdw -l86

With the exception of -l86, of course, because not everyone's terminal may be 90 chars wide. So in /etc/indent.conf, the following was placed:

-linux -bl -bli0 -nce -saf -sai -saw -sob -bad -bap -cdw

And in /etc/profile, the following was added:

######################################################################
##
## Configure GNU indent
##
INDENT_PROFILE="/etc/indent.conf"

From the manual page, it would seem that if a user places their own ~/.indent.pro, it may override the system settings.. so if someone was really particular about a certain style, they'd have that flexibility.

In order to prevent abuses (both accidental and intentional), /etc/limits.conf has some resource limitations specified:

# /etc/security/limits.conf
#
@lab46          soft    nproc           48
@lab46          hard    nproc           64
@lab46          hard    priority        18
@lab46          hard    nice            16
@lab46          hard    maxlogins       12
@lab46          hard    nofile          128
@lab46          hard    locks           128
@lab46          hard    data            393216
@lab46          hard    rss             393216
@lab46          hard    as              393216
@lab46          hard    memlock         393216
@lab46          hard    fsize           65536

@lair           hard    fsize           524288
appelthp        hard    fsize           131072
root            hard    fsize           524288

Regular users will have a maximum size of 64MB for individual files (strictly enforced), which will help in those occasional “runaway” infinite loop programs/scripts.

Plan 9 from User Space has been installed on Lab46.

I installed it in: /usr/local/plan9

Users that wish to make use of it can add the follow to their login files:

export PLAN9=/usr/local/plan9
export PATH=${PATH}:${PLAN9}/bin

lab46:/etc/apt/apt.conf.d# cat 73_tmp 
DPkg::Pre-Invoke {"mount -o remount,exec /tmp";};
DPkg::Post-Invoke {"mount -o remount /tmp";};
lab46:/etc/apt/apt.conf.d# 

lab46:/etc/apt/apt.conf.d# cat 99_norecommends 
APT::Install-Recommends "false";
APT::AutoRemove::RecommendsImportant "false";
APT::AutoRemove::SuggestsImportant "false";
lab46:/etc/apt/apt.conf.d#