Lab46 Wiki

Overview

lab46.offbyone.lan is the LAIR public access point / shell system for students and users.

hostname	RAM	disk	swap	OS	Kernel
lab46.offbyone.lan	1536MB	4GB (/)	128MB	Debian 8.0 “Jessie” (AMD64)	3.14-1-amd64
lab46.corning-cc.edu	1536MB	512MB (/tmp/)	128MB	Debian 8.0 “Jessie” (AMD64)	3.14-1-amd64

lab46.offbyone.lan created on sokraits on 07/10/2014.

News

07/10/2014 - re-recreated lab46(new), and deployed it as the new production lab46 VM
04/11/2014 - created lab46new, for the next lab46 iteration
09/20/2010 - due to CVE-2010-3081, I had to update the kernel on Lab46 and reboot
06/23/2010 - installed packages, announced user beta testing
06/14/2010 - lab46new.offbyone.lan created, DNS updates made on caprisun and jb2

TODO

install necessary packages
configure things
test

Network Configuration

Machine	Interface	IP Address	MAC Address	Other Names
lab46.offbyone.lan	eth0	10.80.2.38	00:16:3e:5d:88:d8	lab46.corning-cc.edu, lab46.lair.lan

Packages

The following packages have been installed on lab46:

lair-std
lair-ldap (libnss-ldapd nslcd)
lair-nfs
nslcd
tmux
build-essential
irssi
locate
whois
host
alpine
bsdgames
emacs24
strace
dnsutils
links2 sc bvi hexedit talk talkd utalk
indent indent-doc
fakeroot debhelper automake debomatic
manpages-dev
mosh
ruby2.1
mercurial git subversion
openssl ca-certificates
lynx
telnet
bsd-mailx
dateutils
libgd-dev

lair-std lair-nfs lair-vm lair-ldap
alpine apg at gnupg
aspell aspell-doc aspell-en iamerican ispell
build-essential flex gawk gdb valgrind mawk gprolog nasm
php5-cli php5-mysql php5-curl
python3-all python3-doc python3-examples libncurses5-dev
ruby1.9.1-full ruby1.9.1-examples clisp clisp-doc sun-java6-jdk subversion
tcl8.4 tcl8.4-dev libtcltk-ruby1.9.1
tcl8.5 tcl8.5-dev tcl8.5-doc
alpine mutt nullmailer mailutils nmh
finger finger-ldap iproute traceroute telnet
curl ftp lftp ncftp irssi elinks links2 lynx
bvi hexedit pilot imagemagick inotify-tools lsof mc mysql-client unzip
bsdgames netcat nethack
ia32-libs zshdb zsh-doc
flex bison zlib1g-dev xkb-data indent-doc indent cppcheck
libx11-dev libxext-dev libxt-dev
usbutils
mercurial-common
x11-xserver-utils

Things I had to fix

/etc/security/access.conf (comment out last line)
install nslcd
- configure /etc/nslcd.conf, /etc/pam_ldap.conf, /etc/libnss_ldap.conf
- deployed new (hopefully simpler) /etc/pam.d/common-*
custom /etc/rc.local
/tmp needed to be perms 1777 (mount option???)
copy over /var/log/wtmp* /var/log/lastlog from old lab46
copy over wtmp logrotate.conf config from old lab46
/etc/sysctl.d/swappiness
manual fix to enable VM to boot R/W: http://blog.smartlogicsolutions.com/2009/06/04/mount-options-to-improve-ext4-file-system-performance/
moved over some root/wedge cron jobs
- copied over various files in /usr/local
check/sanitize NSS/PAM/NSLCD config
/etc/idmapd.conf rpc_pipefs path needed to change (/run/rpc_pipefs or something)

Xen Configuration

lab46 is a Xen virtual machine. Pertinent configuration information follows:

Creation

Configuration

The Xen config file for this VM is as follows:

lab46.cfg

######################################################################
##
## LAIR Xen VM configuration file
##
##     created by xen-tools 4.4 on Thu Jul 10 09:33:02 2014.
##
######################################################################
 
######################################################################
##
## PyGRUB
##
bootloader  = '/usr/lib/xen-4.3/bin/pygrub'
 
######################################################################
##
## CPU(s) + memory size
##
memory      = '1536'
vcpus       = '2'
 
######################################################################
##
## Disk device(s).
##
root        = '/dev/xvda1 ro'
disk        = [ 'file:/xen/images/lab46.disk,xvda1,w',
                'file:/xen/images/lab46tmp.disk,xvda2,w',
                'file:/xen/images/lab46.swap,xvda3,w' ]
 
######################################################################
##
## Hostname
##
name        = 'lab46'
 
######################################################################
##
## Networking
##
dhcp        = 'dhcp'
vif         = [ 'mac=00:16:3E:5D:88:D8,bridge=xenbr1' ]                                   
 
######################################################################
##
## Behaviour
##
on_poweroff = 'destroy'
on_reboot   = 'restart'
on_crash    = 'restart'

rc.local settings

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
 
# Try to fix NFS callback stupidity
modprobe nfs
sysctl fs.nfs.nfs_callback_tcpport=2049
/etc/init.d/nfs-common restart
 
# Force motd
cat /etc/motd.tail > /var/run/motd
 
# Mount home directories from NFS
mkdir -m 1755 -p /home
mount -t nfs4 -o proto=tcp,intr nfs:/home /home
 
# Enable IP Forwarding
echo "1" >/proc/sys/net/ipv4/ip_forward
 
# Redirect/Masquerade port 80 traffic to WWW
iptables -t nat -A PREROUTING -p tcp -m tcp -d 10.80.2.38 --dport 80 -j DNAT --to 10.80.2.18:80
iptables -t nat -A POSTROUTING -p tcp -d 10.80.2.18 --dport 80 -j MASQUERADE

GNU indent

Students these days have very messy coding styles. I've always formatted my code to the ANSI/Allman coding style. So to enhance laziness, I installed GNU indent and figured out how to use it, so it can quickly attempt to convert non-compliant code into something far more readable in a short span of time.

I went and figured out the particular options to produce just what I want, and that turns out to be:

-linux -bl -bli0 -nce -saf -sai -saw -sob -bad -bap -cdw -l86

With the exception of -l86, of course, because not everyone's terminal may be 90 chars wide. So in /etc/indent.conf, the following was placed:

-linux -bl -bli0 -nce -saf -sai -saw -sob -bad -bap -cdw

And in /etc/profile, the following was added:

######################################################################
##
## Configure GNU indent
##
INDENT_PROFILE="/etc/indent.conf"

From the manual page, it would seem that if a user places their own ~/.indent.pro, it may override the system settings.. so if someone was really particular about a certain style, they'd have that flexibility.

limits.conf

In order to prevent abuses (both accidental and intentional), /etc/limits.conf has some resource limitations specified:

# /etc/security/limits.conf
#
@lab46          soft    nproc           48
@lab46          hard    nproc           64
@lab46          hard    priority        18
@lab46          hard    nice            16
@lab46          hard    maxlogins       12
@lab46          hard    nofile          128
@lab46          hard    locks           128
@lab46          hard    data            393216
@lab46          hard    rss             393216
@lab46          hard    as              393216
@lab46          hard    memlock         393216
@lab46          hard    fsize           65536

@lair           hard    fsize           524288
appelthp        hard    fsize           131072
root            hard    fsize           524288

Regular users will have a maximum size of 64MB for individual files (strictly enforced), which will help in those occasional “runaway” infinite loop programs/scripts.

Plan9Port

Plan 9 from User Space has been installed on Lab46.

I installed it in: /usr/local/plan9

Users that wish to make use of it can add the follow to their login files:

export PLAN9=/usr/local/plan9
export PATH=${PATH}:${PLAN9}/bin

aptitude auto-remounting /tmp for exec/noexec

lab46:/etc/apt/apt.conf.d# cat 73_tmp 
DPkg::Pre-Invoke {"mount -o remount,exec /tmp";};
DPkg::Post-Invoke {"mount -o remount /tmp";};
lab46:/etc/apt/apt.conf.d#

apt norecommends config

lab46:/etc/apt/apt.conf.d# cat 99_norecommends 
APT::Install-Recommends "false";
APT::AutoRemove::RecommendsImportant "false";
APT::AutoRemove::SuggestsImportant "false";
lab46:/etc/apt/apt.conf.d#

Table of Contents