Table of Contents
Overview
lab46.offbyone.lan is the LAIR public access point / shell system for students and users.
hostname | RAM | disk | swap | OS | Kernel |
---|---|---|---|---|---|
lab46.offbyone.lan | 1536MB | 4GB (/) | 128MB | Debian 8.0 “Jessie” (AMD64) | 3.14-1-amd64 |
lab46.corning-cc.edu | 512MB (/tmp/) |
lab46.offbyone.lan created on sokraits on 07/10/2014.
News
- 07/10/2014 - re-recreated lab46(new), and deployed it as the new production lab46 VM
- 04/11/2014 - created lab46new, for the next lab46 iteration
- 09/20/2010 - due to CVE-2010-3081, I had to update the kernel on Lab46 and reboot
- 06/23/2010 - installed packages, announced user beta testing
- 06/14/2010 - lab46new.offbyone.lan created, DNS updates made on caprisun and jb2
TODO
- install necessary packages
- configure things
- test
Network Configuration
Machine | Interface | IP Address | MAC Address | Other Names |
---|---|---|---|---|
lab46.offbyone.lan | eth0 | 10.80.2.38 | 00:16:3e:5d:88:d8 | lab46.corning-cc.edu, lab46.lair.lan |
Packages
The following packages have been installed on lab46:
- lair-std
- lair-ldap (libnss-ldapd nslcd)
- lair-nfs
- nslcd
- tmux
- build-essential
- irssi
- locate
- whois
- host
- alpine
- bsdgames
- emacs24
- strace
- dnsutils
- links2 sc bvi hexedit talk talkd utalk
- indent indent-doc
- fakeroot debhelper automake debomatic
- manpages-dev
- mosh
- ruby2.1
- mercurial git subversion
- openssl ca-certificates
- lynx
- telnet
- bsd-mailx
- dateutils
- libgd-dev
- lair-std lair-nfs lair-vm lair-ldap
- alpine apg at gnupg
- aspell aspell-doc aspell-en iamerican ispell
- build-essential flex gawk gdb valgrind mawk gprolog nasm
- php5-cli php5-mysql php5-curl
- python3-all python3-doc python3-examples libncurses5-dev
- ruby1.9.1-full ruby1.9.1-examples clisp clisp-doc sun-java6-jdk subversion
- tcl8.4 tcl8.4-dev libtcltk-ruby1.9.1
- tcl8.5 tcl8.5-dev tcl8.5-doc
- alpine mutt nullmailer mailutils nmh
- finger finger-ldap iproute traceroute telnet
- curl ftp lftp ncftp irssi elinks links2 lynx
- bvi hexedit pilot imagemagick inotify-tools lsof mc mysql-client unzip
- bsdgames netcat nethack
- ia32-libs zshdb zsh-doc
- flex bison zlib1g-dev xkb-data indent-doc indent cppcheck
- libx11-dev libxext-dev libxt-dev
- usbutils
- mercurial-common
- x11-xserver-utils
Things I had to fix
- /etc/security/access.conf (comment out last line)
- install nslcd
- configure /etc/nslcd.conf, /etc/pam_ldap.conf, /etc/libnss_ldap.conf
- deployed new (hopefully simpler) /etc/pam.d/common-*
- custom /etc/rc.local
- /tmp needed to be perms 1777 (mount option???)
- copy over /var/log/wtmp* /var/log/lastlog from old lab46
- copy over wtmp logrotate.conf config from old lab46
- /etc/sysctl.d/swappiness
- manual fix to enable VM to boot R/W: http://blog.smartlogicsolutions.com/2009/06/04/mount-options-to-improve-ext4-file-system-performance/
- moved over some root/wedge cron jobs
- copied over various files in /usr/local
- check/sanitize NSS/PAM/NSLCD config
- /etc/idmapd.conf rpc_pipefs path needed to change (/run/rpc_pipefs or something)
Xen Configuration
lab46 is a Xen virtual machine. Pertinent configuration information follows:
Creation
Configuration
The Xen config file for this VM is as follows:
- lab46.cfg
###################################################################### ## ## LAIR Xen VM configuration file ## ## created by xen-tools 4.4 on Thu Jul 10 09:33:02 2014. ## ###################################################################### ###################################################################### ## ## PyGRUB ## bootloader = '/usr/lib/xen-4.3/bin/pygrub' ###################################################################### ## ## CPU(s) + memory size ## memory = '1536' vcpus = '2' ###################################################################### ## ## Disk device(s). ## root = '/dev/xvda1 ro' disk = [ 'file:/xen/images/lab46.disk,xvda1,w', 'file:/xen/images/lab46tmp.disk,xvda2,w', 'file:/xen/images/lab46.swap,xvda3,w' ] ###################################################################### ## ## Hostname ## name = 'lab46' ###################################################################### ## ## Networking ## dhcp = 'dhcp' vif = [ 'mac=00:16:3E:5D:88:D8,bridge=xenbr1' ] ###################################################################### ## ## Behaviour ## on_poweroff = 'destroy' on_reboot = 'restart' on_crash = 'restart'
rc.local settings
#!/bin/sh -e # # rc.local # # This script is executed at the end of each multiuser runlevel. # Make sure that the script will "exit 0" on success or any other # value on error. # # In order to enable or disable this script just change the execution # bits. # # Try to fix NFS callback stupidity modprobe nfs sysctl fs.nfs.nfs_callback_tcpport=2049 /etc/init.d/nfs-common restart # Force motd cat /etc/motd.tail > /var/run/motd # Mount home directories from NFS mkdir -m 1755 -p /home mount -t nfs4 -o proto=tcp,intr nfs:/home /home # Enable IP Forwarding echo "1" >/proc/sys/net/ipv4/ip_forward # Redirect/Masquerade port 80 traffic to WWW iptables -t nat -A PREROUTING -p tcp -m tcp -d 10.80.2.38 --dport 80 -j DNAT --to 10.80.2.18:80 iptables -t nat -A POSTROUTING -p tcp -d 10.80.2.18 --dport 80 -j MASQUERADE
GNU indent
Students these days have very messy coding styles. I've always formatted my code to the ANSI/Allman coding style. So to enhance laziness, I installed GNU indent and figured out how to use it, so it can quickly attempt to convert non-compliant code into something far more readable in a short span of time.
I went and figured out the particular options to produce just what I want, and that turns out to be:
-linux -bl -bli0 -nce -saf -sai -saw -sob -bad -bap -cdw -l86
With the exception of -l86, of course, because not everyone's terminal may be 90 chars wide. So in /etc/indent.conf, the following was placed:
-linux -bl -bli0 -nce -saf -sai -saw -sob -bad -bap -cdw
And in /etc/profile, the following was added:
###################################################################### ## ## Configure GNU indent ## INDENT_PROFILE="/etc/indent.conf"
From the manual page, it would seem that if a user places their own ~/.indent.pro, it may override the system settings.. so if someone was really particular about a certain style, they'd have that flexibility.
limits.conf
In order to prevent abuses (both accidental and intentional), /etc/limits.conf has some resource limitations specified:
# /etc/security/limits.conf # @lab46 soft nproc 48 @lab46 hard nproc 64 @lab46 hard priority 18 @lab46 hard nice 16 @lab46 hard maxlogins 12 @lab46 hard nofile 128 @lab46 hard locks 128 @lab46 hard data 393216 @lab46 hard rss 393216 @lab46 hard as 393216 @lab46 hard memlock 393216 @lab46 hard fsize 65536 @lair hard fsize 524288 appelthp hard fsize 131072 root hard fsize 524288
Regular users will have a maximum size of 64MB for individual files (strictly enforced), which will help in those occasional “runaway” infinite loop programs/scripts.
Plan9Port
Plan 9 from User Space has been installed on Lab46.
I installed it in: /usr/local/plan9
Users that wish to make use of it can add the follow to their login files:
export PLAN9=/usr/local/plan9 export PATH=${PATH}:${PLAN9}/bin
aptitude auto-remounting /tmp for exec/noexec
lab46:/etc/apt/apt.conf.d# cat 73_tmp DPkg::Pre-Invoke {"mount -o remount,exec /tmp";}; DPkg::Post-Invoke {"mount -o remount /tmp";}; lab46:/etc/apt/apt.conf.d#
apt norecommends config
lab46:/etc/apt/apt.conf.d# cat 99_norecommends APT::Install-Recommends "false"; APT::AutoRemove::RecommendsImportant "false"; APT::AutoRemove::SuggestsImportant "false"; lab46:/etc/apt/apt.conf.d#