| Age | Commit message (Collapse) | Author |
|---|
|
Bug 6705
(cherry picked from commit 00466b9a779647047ce432b971bf8329b2255126)
|
|
(cherry picked from commit d09218920b376f65c69bda2b8b571a7611731463)
|
|
SSH config file is based off of Debian distributed version
which does not have SSH protocol version 1 key path.
|
|
If cpufrequtils is installed, then want the default to be full performance.
|
|
Bug 4970
New CLI control of UseDNS option to sshd_config
set service ssh disable-host-validation
|
|
In Debian Squeeze ethtool is in /sbin
|
|
By default, turn console screenblanking off.
If user wants to enable it, they can use:
set system console powersave
|
|
Configuration file is /etc/rsyslog.conf and it is supports
directory of include parameters so do not need to edit
rsyslog.conf directly
|
|
Udev rules have moved from /etc/udev to /lib/udev on Debian Squeeze
|
|
|
|
|
|
The sound blacklist should be in a seprate file, and check for
entry before creating
|
|
In squeeze, modprobe wants config files named .conf or it will
generate warning.
|
|
For upgrade, don't touch root password.
For new installation, root password is reset during build-iso
Bug 6066
|
|
For serviceablity put core files in /var/core.
But core file will still not be created unless process is running
with permission to write there, and has ulimit permission.
|
|
Unionfs should copyup the xattr automatically, but it doesn't
so use touch to force a copyup before setting attributes.
|
|
|
|
This sets file capability attributes during package
installation (and build) to allow better security models.
|
|
The pam-config mechanism will insert Radius pam module if it is
in /usr/share/pam-configs. Therefore hold off installing file until
Radius really needed.
|
|
|
|
This reverts commit 59cae244d055a7b5ba9de460d3ebbb5700d6ab17.
Don't want to do this this way.
|
|
This sets extended capablities on some common utilities
|
|
* move fix to vyatta-ravpn to make sure init script stays
modified even if xl2tpd gets installed after vyatta-cfg-sytem
during full-upgrade
(cherry picked from commit bdc317666828bad9dac2edef20d3919d943a5e9e)
|
|
Bug 5386
Since vyatta-cfg-system is the place where Vyatta does lots
of busted package fixups; fix xl2tpd init script there.
|
|
The upgrade process doesn't always remove old vyatta-ofr init script
|
|
Bug 5301
Need to setup sshd_config during install to allow configure later
|
|
Instead of white-listing special system users, just go with the
Debian policy that all users with uid < 1000 are system accounts
|
|
|
|
|
|
Bug 5252
The boot script needs to restore default settings, and the
templates are then used to enable root access.
|
|
1. Move vyatta-sysctl.conf from rl-system.init to procps
This makes configuration happen early (before networking)
2. Do IPV6 configuration for address_flush in rl-system.init
(after IPV6 is loaded)
3. Cleanup shell code for ipv6_params:
* no sudo needed in startup scripts
* use cleaner iteration
|
|
/usr/sbin/dpkg-reconfigure
|
|
The vyatta administrator needs to use Vyatta tools to change account
password. Bug 4927
|
|
The file is protected-user (not protected-users) and it is already
installed.
|
|
This makes sure there is no working password for user root in ISO.
|
|
Breaks setup of account during install. Useradd calls passwd.
|
|
Bug 4927
This blocks user from changing fields in password file.
Note: adding removing users is not allowed unless user is root,
but then all bets are off anyway.
|
|
Warning:
cp '/opt/vyatta/etc/level' and '/opt/vyatta/etc/level' are the same file
|
|
See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=412989
The udev scripts expect user tss, but it isn't there.
For Vyatta, just create it; debian developers can't agree on proper
fix!
|
|
Vyatta sets up hostap for wireless later in config process if needed.
So remove default startup.
|
|
1. Complete migration of protected-users from hardcoded in User.pm
to /opt/vyatta/etc/protected-user
2. Put mapping from level to group in file.
|
|
Use a reasonable suffix for file type
|
|
Bug 4975
|
|
This keeps radius from fighting with tacacs+
|
|
|
|
replaced with Debian branding during full-upgrade to Jenner
(cherry picked from commit cbdcd18b2e5328d24a9dfe04dfa015f8375b50ac)
|
|
This fix changes the way that the /etc/ntp.conf file is generated. Now
it is generated at boot time using a fixed section that contains
only parameters that users don't change, plus a section that is generated
from any "system ntp-servers" parameters that are configured. The fixed
section does not contain any "server" definitions, so all server definitions
come from the Vyatta config.
The Vyatta configuration template for this parameter and code
at other places in the system will now start the NTP server ONLY if
there is at least one NTP server configured. So the user can "turn off"
the NTP server by just deleting all NTP servers from the configuration.
The default "config.boot" file does contiain one built-in "system ntp-servers"
parameter, so a newly installed system will start the NTP server.
(cherry picked from commit 08d0d9ed2d8824a446bfe6a1ba660db854f1a8f5)
|
|
Bug 4591
Consolidate check for telnet login
Don't remove /etc/securetty edit it
(cherry picked from commit c6c477f2ffb0f2fd4cf12882f22c2c44ab57cc46)
|
|
Reopens bug 3985 but closes problems with loopback startup.
(cherry picked from commit a139c41faf9ccc7210218fcdf637a234967a6136)
Conflicts:
debian/vyatta-cfg-system.postinst.in
|
|
|
