- Remove sudoers file 'zabbix' in favour of new IPFire managed
'zabbix_agentd' and user managed 'zabbix_agentd_user' which is
included in the backup
- Provide migration of old sudoers file 'zabbix' or 'zabbix.user' to
new zabbix_agentd_user sudoers file if it was modified by user.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
- Restrict default main config to only the bare minimum options
and add upstream provided config as example file.
- Remove /etc/zabbix_agentd from backup and instead add only
zabbix_agentd.conf and subdirs 'scripts' and 'zabbix_agentd.d' to
the backup.
- Move ipfire managed userparameter_pakfire.conf from
user managed dir /etc/zabbix_agentd/zabbix_agent.d to
ipfire managed dir /var/ipfire/zabbix_agentd/userparameters
- Add Include line to existing zabbix_agentd.conf to include
the new ipfire managed config dir /var/ipfire/zabbix_agentd/...
- Add and include mandatory IPFire specific agent configuration
which should never be changed by the user.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
- Add agent modules-dir to backup
- Remove original, not used agent modules dir from rootfile
- Create modules-dir during install if it not already exists
- bugfix: Add existence check before creating log-dir, avoiding error
messages if it already exists from a previous install
- bugfix: add extract_backup_includes to update.sh script to make
sure backup includes exist when backup is taken.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
and a restore on install / update
The include file that was added in a previous commit allowed to manually
create a backup, but none was created when the addon was installed,
uninstalled or updated.
Signed-off-by: Daniel Weismueller <daniel.weismueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
- Rename lfs, rootfile and paks directory
- Change name in make.sh
- Tested out in a vm system and worked
Fixes: Bug#12772
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Backup definition missing - created ro backup config file
- Update of rootfile
- Addition of backup definition install into lfs file
- Addition of restore and backup statements into install.sh and uninstall.sh pak scripts
Fixes: 12710
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Since I only ran "find . -type f -name ...", I missed mostly directories
containing configuration and initscripts of recently dropped add-ons and
packages.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- What is it?
pmacct is a monitoring tool for network management tasks. Data collected
can be used for analysis and troubleshooting purposes to maintain the
health of the network. pmacct can collect, replicate and export network
information. It can cache in memory tables, store persistently to SQLite3
and output to flat-files like CSV, formatted, and JSON.
- Why is it needed?
To monitor data usage (IP-based or MAC-based data accounting) down to the
client level. Net-Traffic will monitor traffic for the entire RED, GREEN,
etc. networks, but it cannot pinpoint which client is using lots of data.
Connections will take a snapshot but not show day by day sums. pmacct can
help admins keep tabs on users that use too much data.
- What are the use cases?
An ISP may implement data caps and if the limit is over-run then you have
to pay for every additional xxGB of data used. Typical charges can be
around $10 per 50GB. With pmacct you can identify the high users and take
action, hopefully before the limit is breached.
- This is being introduced as a command line only tool. However, at a later
date, if it is useful to enough additional users a WUI page could be
developed as discussed in the development mailing list
https://lists.ipfire.org/pipermail/development/2021-January/009174.html
- Changes in V2 version
- Initscript is using IPFire template and installed with IPFire method.
- All other daemons except pmacct and pmacctd have been removed from the install.
- Example conf files have been removed from /etc/pmacct
Both example conf files are described in the pmacct wiki draft.
Tested-by: Jon Murphy <jon.murphy@ipfire.org>
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
With wireless device as members in bridges, we cannot predict the name
very well. So we will use the MAC address and find the correct device
name when we launch hostapd.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
It is not useful to set this on a modern server. The Linux
kernel will be tuning any send and receive buffer sizes.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update bacula from version 9.0.6 to 9.6.5
Version 9.0.6 is over two and a half years old.
- Update config options in lfs to include bacula recommended smartalloc option.
"This enables the inclusion of the Smartalloc orphaned buffer detection
code. This option is highly recommended. Because we never build without this option,
you may experience problems if it is not enabled. In this case, simply re-enable the
option. We strongly recommend keeping this option enabled as it helps detect memory
leaks. This configuration parameter is used while building Bacula"
- Add install, uninstall and update files in src/paks/bacula
- Updated backup/includes to backup the config file and the File Daemon state file.
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
this function allow to update the backup filelist before the backup was done in uninstall.sh at packet updates.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This package is outdated and unmaintained for many many years.
I am not sure if this even works and if there are any users.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This probably has only been used by me and we do not need
it any more.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
AWS Systems Manager Agent (SSM Agent) is Amazon software that can be
installed and configured on an Amazon EC2 instance, an on-premises
server, or a virtual machine (VM). SSM Agent makes it possible for
Systems Manager to update, manage, and configure these resources. The
agent processes requests from the Systems Manager service in the AWS
Cloud, and then runs them as specified in the request. SSM Agent then
sends status and execution information back to the Systems Manager
service by using the Amazon Message Delivery Service.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
The settings file must be writeable for group "nobody" so
users can change their Tor settings via WebUI. Since other
files in /var/ipfire/tor/ does not need this workaround, only
the settings file permissions are changed.
Sorry for the late fix; this was reported by various people
in the forum, too (I was unaware of so many Tor users in our
community).
Fixes#12117
Reported-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
We are not doing anything different from the default here,
so we do not need an extra copy of them.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Set permissions for /var/lib/tor and /var/ipfire/tor to
tor:tor, regardless whether Tor user has been created before
or not.
This ensures Tor starts properly on existing systems after
reinstallation of the add-on. Thanks to Michael for the hint.
Further, a comment for new Tor user in /etc/passwd has been added.
Fixes#11779.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This allows more-fine granular firewall rules (see first patch for
further information). Further, it prevents other services running as
"nobody" (Apache, ...) from reading Tor relay keys.
Fixes#11779.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
