- if ! egrep '^root:' /etc/aliases > /dev/null; then
- echo "root: debian-admin@debian.org" >> /etc/aliases
- elif ! egrep '^root:.*debian-admin@debian.org' /etc/aliases > /dev/null; then
- sed -i -e 's/^root: .*/&, debian-admin@debian.org/' /etc/aliases
- fi
- newaliases
-}}}
-
-* sane default editor
-{{{
- apt-get install vim && update-alternatives --set editor /usr/bin/vim.basic
-}}}
-
-* setup sudo
-{{{
- grep '^%adm' /etc/sudoers || echo '%adm ALL=(ALL) ALL' >> /etc/sudoers
- grep '^%adm.*apt-get' /etc/sudoers || echo '%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none' >> /etc/sudoers
-
- apt-get install libpam-pwdfile
- cat > /etc/pam.d/sudo << EOF
-#%PAM-1.0
-
-auth [authinfo_unavail=ignore success=done ignore=ignore default=die] pam_pwdfile.so pwdfile=/var/lib/misc/thishost/sudo-passwd
-auth required pam_unix.so nullok_secure try_first_pass
-#@include common-auth
-@include common-account
-
-session required pam_permit.so
-session required pam_limits.so
-EOF
-}}}
-
-* OPEN A NEW SHELL - DO _NOT_ LOG OUT OF THIS ONE:<BR>
- test that the dedicated sudo password works. if not, undo the pam sudo config.
- (comment out the auth lines and include common-auth again)
-
-* setup ldap.conf:
-{{{
- grep '^URI.*db.debian.org' /etc/ldap/ldap.conf || cat >> /etc/ldap/ldap.conf << EOF
-
-URI ldap://db.debian.org
-BASE dc=debian,dc=org
-
-TLS_CACERT /etc/ssl/certs/spi-cacert-2008.pem
-TLS_REQCERT hard
-EOF
+ if ! egrep '^root:' /etc/aliases > /dev/null; then
+ echo "root: debian-admin@debian.org" >> /etc/aliases
+ elif ! egrep '^root:.*debian-admin@debian.org' /etc/aliases > /dev/null; then
+ sed -i -e 's/^root: .*/&, debian-admin@debian.org/' /etc/aliases
+ fi
+ newaliases