aufgaben-verzeichnisse umbenannt:

Bei Aufgabe 3 geht es wieder bei 1 los. Deswegen habe ich jetzt überall eine 2 davor gehangen.
2013-11-13 15:31:08 +01:00 · 2013-11-13 15:31:08 +01:00 · d54efc0358
commit d54efc0358
parent 24eba4d551
29 changed files with 33 additions and 860 deletions
--- a/aufgabe2/computenode/internal
+++ b/aufgabe2/computenode/internal
@ -1,6 +0,0 @@
 Description='LAN Interface'
 Interface=enp1s0
 Connection=ethernet
 IP=static
 Address=('10.20.0.101/24')
 Gateway='10.20.0.1'
--- a/aufgabe2/headnode/internal
+++ b/aufgabe2/headnode/internal
@ -1,17 +0,0 @@
 Description='LAN Interface'
 Interface=eth1
 Connection=ethernet
 IP=static
 Address=('10.20.0.1/24')
 #Routes=('192.168.0.0/24 via 192.168.1.2')
 #Gateway='141.76.90.1'
 #DNS=('8.8.8.8')
 ## For IPv6 autoconfiguration
 #IP6=stateless
 ## For IPv6 static address configuration
 #IP6=static
 #Address6=('1234:5678:9abc:def::1/64' '1234:3456::123/96')
 #Routes6=('abcd::1234')
 #Gateway6='1234:0:123::abcd'
--- a/aufgabe2/headnode/network
+++ b/aufgabe2/headnode/network
@ -1,17 +0,0 @@
 Description='A basic static ethernet connection'
 Interface=eth0
 Connection=ethernet
 IP=static
 Address=('141.76.90.104/24')
 #Routes=('192.168.0.0/24 via 192.168.1.2')
 Gateway='141.76.90.1'
 DNS=('8.8.8.8')
 ## For IPv6 autoconfiguration
 #IP6=stateless
 ## For IPv6 static address configuration
 #IP6=static
 #Address6=('1234:5678:9abc:def::1/64' '1234:3456::123/96')
 #Routes6=('abcd::1234')
 #Gateway6='1234:0:123::abcd'
--- a/aufgabe3/deleteuser
+++ b/aufgabe3/deleteuser
@ -1,9 +0,0 @@
 #!/bin/bash
 # check for arguments
 if [[ $# -ne 1 || -z "$1" ]]; then
        echo "USAGE: $0 username" 1>&2
        exit 1
 fi
 userdel -r "$1"
--- a/aufgabe3/iptables.rules
+++ b/aufgabe3/iptables.rules
@ -1,58 +0,0 @@
 *filter
 :INPUT DROP [0:0]
 :FORWARD DROP [0:0]
 :OUTPUT ACCEPT [0:0] 
 # allow established connections
 -A INPUT   -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 # allow traffic from private LAN
 -A INPUT   -i eth1 -j ACCEPT
 -A FORWARD -i eth1 -j ACCEPT
 # allow icmp
 -A INPUT -p icmp -j ACCEPT
 # allow loopback
 -A INPUT -i lo -j ACCEPT
 # uni subnets
 :uni - [0:0]
 -A INPUT -s 141.30.0.0/16 -j uni
 -A INPUT -s 141.76.0.0/16 -j uni
 # reject unknown traffic with nice errors
 -A INPUT -p tcp -j REJECT --reject-with tcp-reset
 -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -j REJECT --reject-with icmp-proto-unreachable
 # ---------------------------------------------------------------
 # internal traffic
 #
 :internal - [0:0]
 -A uni -j internal
 -A internal -p tcp --dport 22 -j ACCEPT
 -A internal -p tcp --dport 80 -j ACCEPT
 -A internal -p tcp --dport 443 -j ACCEPT
 # ---------------------------------------------------------------
 # public traffic  
 :public - [0:0]
 -A INPUT -j public
 # ---------------------------------------------------------------
 COMMIT
 *nat
 :PREROUTING ACCEPT [0:0]
 :POSTROUTING ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0] 
 # masquerading
 -A POSTROUTING -o eth0 -j MASQUERADE
 COMMIT
--- a/aufgabe3/newuser
+++ b/aufgabe3/newuser
@ -1,48 +0,0 @@
 #!/bin/bash
 set -e
 # check for root
 if [[ $EUID -ne 0 ]]; then
  echo "This script must be run as root" 1>&2
  exit 1
 fi
 # check for arguments
 if [[ $# -ne 1 ]]; then
  echo "USAGE: $0 username" 1>&2
  exit 1
 fi
 # check if user already exists
 if ! id "$1" &> /dev/null; then
  echo "Adding user..."
  useradd --base-dir /home --create-home "$1"
 fi
 # check if SSH key for user already exists
 if [[ ! -f "/home/$1/.ssh/id_ecdsa" ]]; then
  echo "Generating SSH key for user..."
  sudo --user "$1" ssh-keygen -t ecdsa -N "" -b 521 -f "/home/$1/.ssh/id_ecdsa" > /dev/null
 fi
 # check if SSH key is already added to list of authorized keys
 sudo -u "$1" touch /home/$1/.ssh/authorized_keys
 if ! grep -q "`cat /home/$1/.ssh/id_ecdsa.pub`" /home/$1/.ssh/authorized_keys; then
  echo "Adding SSH key to list of authorized keys for user..."
  cat "/home/$1/.ssh/id_ecdsa.pub" | sudo --user "$1" tee "/home/$1/.ssh/authorized_keys" > /dev/null
 fi
 export DIR="`mktemp -d`"
 trap "cd /; rm -rf $DIR" EXIT
 cd "$DIR"
 export GIT_AUTHOR_NAME=$SUDO_USER
 git clone "git@zotac0:gitolite-admin" "$DIR" > /dev/null
 # check if SSH key is already registered with git
 if [[ ! -f "$DIR/keydir/$1@$HOSTNAME.pub" ]]; then
  echo "Adding SSH key to git..."
  cp "/home/$1/.ssh/id_ecdsa.pub" "$DIR/keydir/$1@$HOSTNAME.pub"
  git add "$DIR/keydir/$1@$HOSTNAME.pub"
  git commit --all --message="User \"$1\" added" > /dev/null
  git push > /dev/null
 fi
--- a/aufgabe3/sshd_config
+++ b/aufgabe3/sshd_config
@ -1,130 +0,0 @@
 #	$OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
 # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
 # The strategy used for options in the default sshd_config shipped with
 # OpenSSH is to specify options with their default value where
 # possible, but leave them commented.  Uncommented options override the
 # default value.
 #Port 22
 #AddressFamily any
 #ListenAddress 0.0.0.0
 #ListenAddress ::
 # The default requires explicit activation of protocol 1
 #Protocol 2
 # HostKey for protocol version 1
 #HostKey /etc/ssh/ssh_host_key
 # HostKeys for protocol version 2
 #HostKey /etc/ssh/ssh_host_rsa_key
 #HostKey /etc/ssh/ssh_host_dsa_key
 #HostKey /etc/ssh/ssh_host_ecdsa_key
 # Lifetime and size of ephemeral version 1 server key
 #KeyRegenerationInterval 1h
 #ServerKeyBits 1024
 # Ciphers and keying
 #RekeyLimit default none
 # Logging
 # obsoletes QuietMode and FascistLogging
 #SyslogFacility AUTH
 #LogLevel INFO
 # Authentication:
 #LoginGraceTime 2m
 PermitRootLogin no
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
 #RSAAuthentication yes
 #PubkeyAuthentication yes
 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
 # but this is overridden so installations will only check .ssh/authorized_keys
 AuthorizedKeysFile	.ssh/authorized_keys
 #AuthorizedPrincipalsFile none
 #AuthorizedKeysCommand none
 #AuthorizedKeysCommandUser nobody
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
 #RhostsRSAAuthentication no
 # similar for protocol version 2
 #HostbasedAuthentication no
 # Change to yes if you don't trust ~/.ssh/known_hosts for
 # RhostsRSAAuthentication and HostbasedAuthentication
 #IgnoreUserKnownHosts no
 # Don't read the user's ~/.rhosts and ~/.shosts files
 #IgnoreRhosts yes
 # To disable tunneled clear text passwords, change to no here!
 PasswordAuthentication no
 #PermitEmptyPasswords no
 # Change to no to disable s/key passwords
 ChallengeResponseAuthentication no
 # Kerberos options
 #KerberosAuthentication no
 #KerberosOrLocalPasswd yes
 #KerberosTicketCleanup yes
 #KerberosGetAFSToken no
 # GSSAPI options
 #GSSAPIAuthentication no
 #GSSAPICleanupCredentials yes
 # Set this to 'yes' to enable PAM authentication, account processing, 
 # and session processing. If this is enabled, PAM authentication will 
 # be allowed through the ChallengeResponseAuthentication and
 # PasswordAuthentication.  Depending on your PAM configuration,
 # PAM authentication via ChallengeResponseAuthentication may bypass
 # the setting of "PermitRootLogin without-password".
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
 UsePAM yes
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no
 #X11Forwarding no
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 PrintMotd no # pam does that
 #PrintLastLog yes
 #TCPKeepAlive yes
 #UseLogin no
 UsePrivilegeSeparation sandbox		# Default for new installations.
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0
 #ClientAliveCountMax 3
 #UseDNS yes
 #PidFile /run/sshd.pid
 #MaxStartups 10:30:100
 #PermitTunnel no
 #ChrootDirectory none
 #VersionAddendum none
 # no default banner path
 #Banner /etc/motd
 # override default of no subsystems
 Subsystem	sftp	/usr/lib/ssh/sftp-server
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
 #	X11Forwarding no
 #	AllowTcpForwarding no
 #	ForceCommand cvs server
--- a/aufgabe4/cron.daily/etckeeper
+++ b/aufgabe4/cron.daily/etckeeper
@ -1,20 +0,0 @@
 #!/bin/sh
 set -e
 if [ -x /usr/bin/etckeeper ] && [ -e /etc/etckeeper/etckeeper.conf ]; then
        . /etc/etckeeper/etckeeper.conf
        if [ "$AVOID_DAILY_AUTOCOMMITS" != "1" ]; then
                # avoid autocommit if an install run is in progress
                lockfile=/var/cache/etckeeper/packagelist.pre-install
                if [ -e "$lockfile" ] && [ -n "$(find "$lockfile" -mtime +1)" ];
 then
                        rm -f "$lockfile" # stale
                fi
                if [ ! -e "$lockfile" ]; then
                        AVOID_SPECIAL_FILE_WARNING=1
                        export AVOID_SPECIAL_FILE_WARNING
                        if etckeeper unclean; then
                                etckeeper commit "daily autocommit" >/dev/null
                        fi
                fi
        fi
 fi
--- a/aufgabe4/cron.daily/git-log-rotate
+++ b/aufgabe4/cron.daily/git-log-rotate
@ -1,7 +0,0 @@
 #!/bin/bash
 set -e
 cd /var/log
 find . -iname \*.log | xargs git add 
 git commit --all --message "daily autocommit"
 git push --force origin master:logs
--- a/aufgabe4/etckeeper.conf
+++ b/aufgabe4/etckeeper.conf
@ -1,42 +0,0 @@
 # The VCS to use.
 #VCS="hg"
 VCS="git"
 #VCS="bzr"
 #VCS="darcs"
 # Options passed to git commit when run by etckeeper.
 GIT_COMMIT_OPTIONS=""
 # Options passed to hg commit when run by etckeeper.
 HG_COMMIT_OPTIONS=""
 # Options passed to bzr commit when run by etckeeper.
 BZR_COMMIT_OPTIONS=""
 # Options passed to darcs record when run by etckeeper.
 DARCS_COMMIT_OPTIONS="-a"
 # Uncomment to avoid etckeeper committing existing changes
 # to /etc automatically once per day.
 #AVOID_DAILY_AUTOCOMMITS=1
 # Uncomment the following to avoid special file warning
 # (the option is enabled automatically by cronjob regardless).
 #AVOID_SPECIAL_FILE_WARNING=1
 # Uncomment to avoid etckeeper committing existing changes to 
 # /etc before installation. It will cancel the installation,
 # so you can commit the changes by hand.
 #AVOID_COMMIT_BEFORE_INSTALL=1
 # The high-level package manager that's being used.
 # (apt, pacman-g2, yum, zypper etc)
 HIGHLEVEL_PACKAGE_MANAGER=yaourt
 # The low-level package manager that's being used.
 # (dpkg, rpm, pacman, pacman-g2, etc)
 LOWLEVEL_PACKAGE_MANAGER=pacman
 # To push each commit to a remote, put the name of the remote here.
 # (eg, "origin" for git).
 PUSH_REMOTE="origin"
--- a/aufgabe4/gitolite-admin
+++ b/aufgabe4/gitolite-admin
@ -1 +0,0 @@
 Subproject commit 3643f6f3f70143cdfa3b0206f87f202fa59b0e93
--- a/aufgabe4/journald.conf
+++ b/aufgabe4/journald.conf
@ -1,33 +0,0 @@
 #  This file is part of systemd.
 #
 #  systemd is free software; you can redistribute it and/or modify it
 #  under the terms of the GNU Lesser General Public License as published by
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 #
 # See journald.conf(5) for details
 [Journal]
 #Storage=auto
 #Compress=yes
 #Seal=yes
 #SplitMode=login
 #SyncIntervalSec=5m
 #RateLimitInterval=30s
 #RateLimitBurst=1000
 #SystemMaxUse=
 #SystemKeepFree=
 #SystemMaxFileSize=
 #RuntimeMaxUse=
 #RuntimeKeepFree=
 #RuntimeMaxFileSize=
 #MaxRetentionSec=
 #MaxFileSec=1month
 ForwardToSyslog=yes
 #ForwardToKMsg=no
 #ForwardToConsole=no
 #TTYPath=/dev/console
 #MaxLevelStore=debug
 #MaxLevelSyslog=debug
 #MaxLevelKMsg=notice
 #MaxLevelConsole=info
--- a/aufgabe4/pacman
+++ b/aufgabe4/pacman
@ -1,14 +0,0 @@
 #!/bin/bash
 if [[ "$1" != -S && "$1" != -S*u && "$1" != -U ]]; then
    /usr/bin/pacman "$@"
    exit $?
 fi
 [[ $EUID -eq 0 ]] && etckeeper pre-install
 /usr/bin/pacman "$@"
 EXIT_CODE=$?
 [[ $EUID -eq 0 ]] && etckeeper post-install
 exit $EXIT_CODE
--- a/aufgabe4/yaourt
+++ b/aufgabe4/yaourt
@ -1,9 +0,0 @@
 #!/bin/bash
 sudo etckeeper pre-install
 /usr/bin/yaourt "$@"
 EXIT_CODE=$?
 sudo etckeeper post-install
 exit $EXIT_CODE
--- a/aufgabe5/genders
+++ b/aufgabe5/genders
@ -1,2 +0,0 @@
 zotac0		headnode
 zotac[1-4]	computenode
--- a/aufgabe5/pdsh
+++ b/aufgabe5/pdsh
@ -1,3 +0,0 @@
 #!/bin/sh
 PDSH_RCMD_TYPE="`cat /etc/pdsh/rcmd_default`" /usr/bin/pdsh $@
--- a/aufgabe5/rcmd_default
+++ b/aufgabe5/rcmd_default
@ -1 +0,0 @@
 ssh
--- a/aufgabe6/munin-node.conf
+++ b/aufgabe6/munin-node.conf
@ -1,64 +0,0 @@
 #
 # Example config-file for munin-node
 #
 log_level 4
 log_file /var/log/munin/munin-node.log
 pid_file /run/munin/munin-node.pid
 background 1
 setsid 1
 user root
 group root
 # This is the timeout for the whole transaction.
 # Units are in sec. Default is 15 min
 #
 # global_timeout 900
 # This is the timeout for each plugin.
 # Units are in sec. Default is 1 min
 #
 # timeout 60
 # Regexps for files to ignore
 ignore_file [\#~]$
 ignore_file DEADJOE$
 ignore_file \.bak$
 ignore_file %$
 ignore_file \.dpkg-(tmp|new|old|dist)$
 ignore_file \.rpm(save|new)$
 ignore_file \.pod$
 # Set this if the client doesn't report the correct hostname when
 # telnetting to localhost, port 4949
 #
 #host_name myhostname
 # A list of addresses that are allowed to connect.  This must be a
 # regular expression, since Net::Server does not understand CIDR-style
 # network notation unless the perl module Net::CIDR is installed.  You
 # may repeat the allow line as many times as you'd like
 allow ^127\.0\.0\.1$
 allow ^10\.42\.0
 allow ^::1$
 # If you have installed the Net::CIDR perl module, you can use one or more
 # cidr_allow and cidr_deny address/mask patterns.  A connecting client must
 # match any cidr_allow, and not match any cidr_deny.  Note that a netmask
 # *must* be provided, even if it's /32
 #
 # Example:
 #
 # cidr_allow 127.0.0.1/32
 # cidr_allow 192.0.2.0/24
 # cidr_deny  192.0.2.42/32
 # Which address to bind to;
 host *
 # host 127.0.0.1
 # And which port
 port 4949
--- a/aufgabe6/munin.conf
+++ b/aufgabe6/munin.conf
@ -1,149 +0,0 @@
 # Example configuration file for Munin, generated by 'make build'
 # The next three variables specifies where the location of the RRD
 # databases, the HTML output, logs and the lock/pid files.  They all
 # must be writable by the user running munin-cron.  They are all
 # defaulted to the values you see here.
 #
 #dbdir	/var/lib/munin
 htmldir /usr/share/munin/www
 #logdir /var/log/munin
 #rundir  /run/munin
 # Where to look for the HTML templates
 #
 #tmpldir	/etc/munin/templates
 # Where to look for the static www files
 #
 #staticdir /etc/munin/static
 # temporary cgi files are here. note that it has to be writable by 
 # the cgi user (usually nobody or httpd).
 #
 # cgitmpdir /var/lib/munin/cgi-tmp
 # (Exactly one) directory to include all files from.
 includedir /etc/munin/munin-conf.d
 # You can choose the time reference for "DERIVE" like graphs, and show
 # "per minute", "per hour" values instead of the default "per second"
 #
 #graph_period second
 # Graphics files are generated either via cron or by a CGI process.
 # See http://munin-monitoring.org/wiki/CgiHowto2 for more
 # documentation.
 # Since 2.0, munin-graph has been rewritten to use the cgi code. 
 # It is single threaded *by design* now.
 #
 graph_strategy cgi
 # munin-cgi-graph is invoked by the web server up to very many times at the
 # same time.  This is not optimal since it results in high CPU and memory
 # consumption to the degree that the system can thrash.  Again the default is
 # 6.  Most likely the optimal number for max_cgi_graph_jobs is the same as
 # max_graph_jobs.
 #
 #munin_cgi_graph_jobs 6
 # If the automatic CGI url is wrong for your system override it here:
 #
 #cgiurl_graph /munin-cgi/munin-cgi-graph
 # max_size_x and max_size_y are the max size of images in pixel.
 # Default is 4000. Do not make it too large otherwise RRD might use all
 # RAM to generate the images.
 # 
 #max_size_x 4000
 #max_size_y 4000
 # HTML files are normally generated by munin-html, no matter if the
 # files are used or not. You can change this to on-demand generation
 # by following the instructions in http://munin-monitoring.org/wiki/CgiHowto2
 # 
 # Notes: 
 # - moving to CGI for HTML means you cannot have graph generated by cron.
 # - cgi html has some bugs, mostly you still have to launch munin-html by hand
 # 
 html_strategy cgi
 # munin-update runs in parallel.
 #
 # The default max number of processes is 16, and is probably ok for you.
 #
 # If set too high, it might hit some process/ram/filedesc limits.
 # If set too low, munin-update might take more than 5 min.
 #
 # If you want munin-update to not be parallel set it to 0.
 #
 #max_processes 16
 # RRD updates are per default, performed directly on the rrd files.
 # To reduce IO and enable the use of the rrdcached, uncomment it and set it to
 # the location of the socket that rrdcached uses.
 #
 #rrdcached_socket /var/run/rrdcached.sock
 # Drop somejuser@fnord.comm and anotheruser@blibb.comm an email everytime
 # something changes (OK -> WARNING, CRITICAL -> OK, etc)
 #contact.someuser.command mail -s "Munin notification" somejuser@fnord.comm
 #contact.anotheruser.command mail -s "Munin notification" anotheruser@blibb.comm
 #
 # For those with Nagios, the following might come in handy. In addition,
 # the services must be defined in the Nagios server as well.
 #contact.nagios.command /usr/bin/send_nsca nagios.host.comm -c /etc/nsca.conf
 # a simple host tree
 [zotac0]
    address 127.0.0.1
    use_node_name yes
 [zotac1]
    address 10.20.0.101
    use_node_name yes
 #
 # A more complex example of a host tree
 #
 ## First our "normal" host.
 # [fii.foo.com]
 #       address foo
 #
 ## Then our other host...
 # [fay.foo.com]
 #       address fay
 #
 ## IPv6 host. note that the ip adress has to be in brackets
 # [ip6.foo.com]
 #       address [2001::1234:1]
 #
 ## Then we want totals...
 # [foo.com;Totals] #Force it into the "foo.com"-domain...
 #       update no   # Turn off data-fetching for this "host".
 #
 #   # The graph "load1". We want to see the loads of both machines...
 #   # "fii=fii.foo.com:load.load" means "label=machine:graph.field"
 #       load1.graph_title Loads side by side
 #       load1.graph_order fii=fii.foo.com:load.load fay=fay.foo.com:load.load
 #
 #   # The graph "load2". Now we want them stacked on top of each other.
 #       load2.graph_title Loads on top of each other
 #       load2.dummy_field.stack fii=fii.foo.com:load.load fay=fay.foo.com:load.load
 #       load2.dummy_field.draw AREA # We want area instead the default LINE2.
 #       load2.dummy_field.label dummy # This is needed. Silly, really.
 #
 #   # The graph "load3". Now we want them summarised into one field
 #       load3.graph_title Loads summarised
 #       load3.combined_loads.sum fii.foo.com:load.load fay.foo.com:load.load
 #       load3.combined_loads.label Combined loads # Must be set, as this is
 #                                                 # not a dummy field!
 #
 ## ...and on a side note, I want them listen in another order (default is
 ## alphabetically)
 #
 # # Since [foo.com] would be interpreted as a host in the domain "com", we
 # # specify that this is a domain by adding a semicolon.
 # [foo.com;]
 #       node_order Totals fii.foo.com fay.foo.com
 #
--- a/aufgabe6/nginx/fastcgi.conf
+++ b/aufgabe6/nginx/fastcgi.conf
@ -1,25 +0,0 @@
 fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
 fastcgi_param  QUERY_STRING       $query_string;
 fastcgi_param  REQUEST_METHOD     $request_method;
 fastcgi_param  CONTENT_TYPE       $content_type;
 fastcgi_param  CONTENT_LENGTH     $content_length;
 fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
 fastcgi_param  REQUEST_URI        $request_uri;
 fastcgi_param  DOCUMENT_URI       $document_uri;
 fastcgi_param  DOCUMENT_ROOT      $document_root;
 fastcgi_param  SERVER_PROTOCOL    $server_protocol;
 fastcgi_param  HTTPS              $https if_not_empty;
 fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
 fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
 fastcgi_param  REMOTE_ADDR        $remote_addr;
 fastcgi_param  REMOTE_PORT        $remote_port;
 fastcgi_param  SERVER_ADDR        $server_addr;
 fastcgi_param  SERVER_PORT        $server_port;
 fastcgi_param  SERVER_NAME        $server_name;
 # PHP only, required if PHP was built with --enable-force-cgi-redirect
 fastcgi_param  REDIRECT_STATUS    200;
--- a/aufgabe6/nginx/fastcgi_params
+++ b/aufgabe6/nginx/fastcgi_params
@ -1,24 +0,0 @@
 fastcgi_param  QUERY_STRING       $query_string;
 fastcgi_param  REQUEST_METHOD     $request_method;
 fastcgi_param  CONTENT_TYPE       $content_type;
 fastcgi_param  CONTENT_LENGTH     $content_length;
 fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
 fastcgi_param  REQUEST_URI        $request_uri;
 fastcgi_param  DOCUMENT_URI       $document_uri;
 fastcgi_param  DOCUMENT_ROOT      $document_root;
 fastcgi_param  SERVER_PROTOCOL    $server_protocol;
 fastcgi_param  HTTPS              $https if_not_empty;
 fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
 fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
 fastcgi_param  REMOTE_ADDR        $remote_addr;
 fastcgi_param  REMOTE_PORT        $remote_port;
 fastcgi_param  SERVER_ADDR        $server_addr;
 fastcgi_param  SERVER_PORT        $server_port;
 fastcgi_param  SERVER_NAME        $server_name;
 # PHP only, required if PHP was built with --enable-force-cgi-redirect
 fastcgi_param  REDIRECT_STATUS    200;
--- a/aufgabe6/nginx/mime.types
+++ b/aufgabe6/nginx/mime.types
@ -1,80 +0,0 @@
 types {
    text/html                             html htm shtml;
    text/css                              css;
    text/xml                              xml;
    image/gif                             gif;
    image/jpeg                            jpeg jpg;
    application/x-javascript              js;
    application/atom+xml                  atom;
    application/rss+xml                   rss;
    text/mathml                           mml;
    text/plain                            txt;
    text/vnd.sun.j2me.app-descriptor      jad;
    text/vnd.wap.wml                      wml;
    text/x-component                      htc;
    image/png                             png;
    image/tiff                            tif tiff;
    image/vnd.wap.wbmp                    wbmp;
    image/x-icon                          ico;
    image/x-jng                           jng;
    image/x-ms-bmp                        bmp;
    image/svg+xml                         svg svgz;
    image/webp                            webp;
    application/java-archive              jar war ear;
    application/mac-binhex40              hqx;
    application/msword                    doc;
    application/pdf                       pdf;
    application/postscript                ps eps ai;
    application/rtf                       rtf;
    application/vnd.ms-excel              xls;
    application/vnd.ms-powerpoint         ppt;
    application/vnd.wap.wmlc              wmlc;
    application/vnd.google-earth.kml+xml  kml;
    application/vnd.google-earth.kmz      kmz;
    application/x-7z-compressed           7z;
    application/x-cocoa                   cco;
    application/x-java-archive-diff       jardiff;
    application/x-java-jnlp-file          jnlp;
    application/x-makeself                run;
    application/x-perl                    pl pm;
    application/x-pilot                   prc pdb;
    application/x-rar-compressed          rar;
    application/x-redhat-package-manager  rpm;
    application/x-sea                     sea;
    application/x-shockwave-flash         swf;
    application/x-stuffit                 sit;
    application/x-tcl                     tcl tk;
    application/x-x509-ca-cert            der pem crt;
    application/x-xpinstall               xpi;
    application/xhtml+xml                 xhtml;
    application/zip                       zip;
    application/octet-stream              bin exe dll;
    application/octet-stream              deb;
    application/octet-stream              dmg;
    application/octet-stream              eot;
    application/octet-stream              iso img;
    application/octet-stream              msi msp msm;
    audio/midi                            mid midi kar;
    audio/mpeg                            mp3;
    audio/ogg                             ogg;
    audio/x-m4a                           m4a;
    audio/x-realaudio                     ra;
    video/3gpp                            3gpp 3gp;
    video/mp4                             mp4;
    video/mpeg                            mpeg mpg;
    video/quicktime                       mov;
    video/webm                            webm;
    video/x-flv                           flv;
    video/x-m4v                           m4v;
    video/x-mng                           mng;
    video/x-ms-asf                        asx asf;
    video/x-ms-wmv                        wmv;
    video/x-msvideo                       avi;
 }
--- a/aufgabe6/nginx/nginx.conf
+++ b/aufgabe6/nginx/nginx.conf
@ -1,59 +0,0 @@
 user http;
 worker_processes  1;
 error_log  /var/log/nginx/error.log;
 #pid        logs/nginx.pid;
 events {
    worker_connections  1024;
 }
 http {
    include       mime.types;
    default_type  application/octet-stream;
    access_log  /var/log/nginx/access.log;
    sendfile        on;
    keepalive_timeout  65;
    gzip  on;
    gzip_static on;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_vary on;
    gzip_disable "msie6";
    gzip_min_length 1100;
    gzip_buffers 4 8k;
    gzip_proxied expired no-cache no-store private auth;
    gzip_types
 	# text/html is always compressed by HttpGzipModule
 	text/css
 	text/javascript
 	text/xml
 	text/plain
 	text/x-component
 	application/javascript
 	application/x-javascript
 	application/json
 	application/xml
 	application/rss+xml
 	font/truetype
 	font/opentype
 	application/vnd.ms-fontobject
 	image/svg+xml;
    server_tokens off;
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:RC4-SHA;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    upstream backend {
      server unix:/run/php-fpm/php-fpm.sock;
    }
    include sites/*.conf;
 }
--- a/aufgabe6/nginx/sites/default.conf
+++ b/aufgabe6/nginx/sites/default.conf
@ -1,27 +0,0 @@
 server {
  listen [::]:80;
  listen 80;
  #listen [::]:443 ssl;
  #listen 443 ssl;
  root /srv/http/lctp;
  location ^~ /munin-cgi/munin-cgi-graph/ {
    fastcgi_split_path_info ^(/munin-cgi/munin-cgi-graph)(.*);
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_pass unix:/var/run/munin/fcgi-graph.sock;
    include fastcgi_params;
  }
  location /munin/static/ {
    alias /etc/munin/static/;
    expires modified +1w;
  }
  location /munin/ {
    fastcgi_split_path_info ^(/munin)(.*);
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_pass unix:/var/run/munin/fcgi-html.sock;
    include fastcgi_params;
  }
 }
--- a/bericht/abschnitte/bs-git.tex
+++ b/bericht/abschnitte/bs-git.tex
@ -16,7 +16,7 @@ Nun kann die eigentliche Konfiguration per git heruntergeladen werden:
 Wir legten in dieser Konfiguration das Repository {\tt lctp} an und gaben allen
 Benutzern Zugriff darauf. Die gitolite-Konfiguration befindet sich als
-Git-Submodule im Verzeichnis {\tt aufgabe4/gitolite-admin}.
+Git-Submodule im Verzeichnis {\tt aufgabe2.4/gitolite-admin}.
 Das lctp-Repository wiederum lässt sich mit folgendem Befehl clonen:
 \shellcmd{git clone git@141.76.90.104:lctp.git lctp-gruppe4}
@ -40,22 +40,29 @@ im {\tt lctp}-Repository einzubinden:
 Anders als bei anderen Paketmanagern wie {\tt apt} auf Debian, existieren in {\tt pacman} (\ref{sec:pacman})
 keine Hooks.
-Um dennoch nach Systemaktualisierungen oder Paketinstallationen automatisch die neue Konfiguration zu commiten haben wir jeweils einen \href{https://gist.github.com/Mic92/7250403}{Wrapper-Script} für {\tt pacman} und {\tt yaourt} geschrieben und diese {\tt /usr/local/bin} abgelegt. Da in der Shell {\tt /usr/local/bin} für gewöhnlich eine höhere Priorität hat als {\tt /usr/bin} werden Programme in diesem Verzeichnis vorrangig ausgeführt. (Die Wrapper befinden sich in \emph{aufgabe4/yaourt} sowie in \emph{aufgabe4/pacman}).
+Um dennoch nach Systemaktualisierungen oder Paketinstallationen automatisch die
 neue Konfiguration zu commiten haben wir jeweils einen
 \href{https://gist.github.com/Mic92/7250403}{Wrapper-Script} für {\tt pacman}
 und {\tt yaourt} geschrieben und diese {\tt /usr/local/bin} abgelegt. Da in der
 Shell {\tt /usr/local/bin} für gewöhnlich eine höhere Priorität hat als {\tt
 /usr/bin} werden Programme in diesem Verzeichnis vorrangig ausgeführt. (Die
 Wrapper befinden sich in \emph{aufgabe2.4/yaourt} sowie in \emph{aufgabe2.4/pacman}).
 Darüber hinaus haben wir das Shell-Script für tägliche automatische Commits,
 welches im
 \href{https://github.com/joeyh/etckeeper/blob/master/debian/cron.daily}{Git-Repository}
 (Stand 07.11.2013)
 von {\tt etckeeper} liegt, als cronjob installiert (siehe
-\emph{aufgabe4/cron.daily/etckeeper}).
+\emph{aufgabe2.4/cron.daily/etckeeper}).
 \subsubsection{Logs in git}
 Arch Linux setzt in der Standard-Installation {\tt journald} als Logging-Daemon ein. Dieses benutzt im Unterschied zu herkömmlichen Syslog-Varianten ein Binärformat zum Speichern.
 Dieses Dateiformat eignet sich aus offensichtlichen Gründen nicht um mithilfe
 von git verwaltet zu werden. Deswegen haben wir zusätzlich {\tt syslog-ng}
-installiert und {\tt journald} so konfiguriert, das dieses ebenfalls in das syslog schreibt (siehe \emph{aufgabe4/journald.conf}).
+installiert und {\tt journald} so konfiguriert, das dieses ebenfalls in das
 syslog schreibt (siehe \emph{aufgabe2.4/journald.conf}).
 Für tägliche commits haben wir hierfür das Shell-Script {\tt git-commit-log}
 nach {\tt /etc/cron.daily/} installiert (siehe
-\emph{aufgabe4/cron.daily/git-commit-log}). Dieses pusht die Log-Dateien in das
+\emph{aufgabe2.4/cron.daily/git-commit-log}). Dieses pusht die Log-Dateien in das
 logs-Repository. Es ist als Submodule im Verzeichnis {\tt logs} im
 lctp-Repository eingebunden.
--- a/bericht/abschnitte/bs-pdsh.tex
+++ b/bericht/abschnitte/bs-pdsh.tex
@ -9,9 +9,9 @@ vorhanden, deshalb haben wir es über das AUR (siehe \ref{sec:aur}) installiert.
 \subsubsection{Gruppenverwaltung}
 Zur Verwaltung mehrerer Rechner in Gruppen (in unserem Fall Headnode und
 Computenodes) greift {\tt pdsh} auf die Gruppenbeschreibungsdatei {\tt
-/etc/genders} (siehe \emph{aufgabe5/genders}) zurück. Dort können mehrere Hosts
+/etc/genders} (siehe \emph{aufgabe2.5/genders}) zurück. Dort können mehrere Hosts
 in verschiedene Gruppen eingeteilt werden.
 Um zu gewährleisten, dass pdsh den richtigen Befehl beim Verbinden benutzt, muss
 die Umgebungsvariable {\tt PDS\_RCMD\_TYPE} auf den Wert {\tt ssh} gesetzt sein. Dies
 lösten wir durch ein Wrapper-Script in {\tt /usr/local/bin}, das die
-genannte Umgebungsvariable setzt (siehe \emph{aufgabe5/pdsh}).
+genannte Umgebungsvariable setzt (siehe \emph{aufgabe2.5/pdsh}).
--- a/bericht/abschnitte/bs-ssh.tex
+++ b/bericht/abschnitte/bs-ssh.tex
@ -5,7 +5,7 @@ Wir haben uns für {\tt OpenSSH} als SSH-Server entschieden. Diesen haben wir mi
 \shellcmd{pacman -S openssh}
-Desweiteren wurden in {\tt /etc/ssh/sshd\_config} (siehe \emph{aufgabe3/sshd\_config}) folgende Zeilen verändert, um den ''root-Account'' zu deaktivieren und den passwortlosen Zugriff zu aktivieren:
+Desweiteren wurden in {\tt /etc/ssh/sshd\_config} (siehe \emph{aufgabe2.3/sshd\_config}) folgende Zeilen verändert, um den ''root-Account'' zu deaktivieren und den passwortlosen Zugriff zu aktivieren:
 \begin{lstlisting}
 PermitRootLogin no
@ -15,7 +15,9 @@ ChallengeResponseAuthentication no
 \subsubsection{iptables}
-Um den Zugriff auf das universitätsinterne Netz zu beschränken wurde ein Filter-Chain {\tt uni} zur {\tt iptables.rules} unter {\tt /etc/iptables} (siehe \emph{aufgabe3/iptables.rules}) hinzugefügt, der nur IP-Adressen aus den Bereichen 141.30.0.0/16 und 141.76.0.0/16 akzeptiert und die Zugriffe auf Port 22, 80 und 443 beschränkt.
+Um den Zugriff auf das universitätsinterne Netz zu beschränken wurde ein
 Filter-Chain {\tt uni} zur {\tt iptables.rules} unter {\tt /etc/iptables} (siehe
 \emph{aufgabe2.3/iptables.rules}) hinzugefügt, der nur IP-Adressen aus den Bereichen 141.30.0.0/16 und 141.76.0.0/16 akzeptiert und die Zugriffe auf Port 22, 80 und 443 beschränkt.
 \subsubsection{Absicherung für externen Zugriff}
@ -23,4 +25,5 @@ Um den Zugriff aus einem externen Netz abzusichern, könnte man z.B. den externe
 \subsubsection{Automatisierung für neue Nutzer}
-Das automatisierte Hinzufügen neuer Nutzer haben wir über ein Script {\tt newuser} (siehe \emph{aufgabe3/newuser}) gelöst. Dieses Script legt einen neuen Benutzer an, erstellt sein Home-Verzeichnis, generiert ein neues Public-Private-Key-Paar für SSH und trägt den eigenen Public-Key in die {\tt authorized\_keys} sowie für den Zugriff auf das git-Repository ein.
+Das automatisierte Hinzufügen neuer Nutzer haben wir über ein Script {\tt
 newuser} (siehe \emph{aufgabe2.3/newuser}) gelöst. Dieses Script legt einen neuen Benutzer an, erstellt sein Home-Verzeichnis, generiert ein neues Public-Private-Key-Paar für SSH und trägt den eigenen Public-Key in die {\tt authorized\_keys} sowie für den Zugriff auf das git-Repository ein.
--- a/bericht/abschnitte/bs.tex
+++ b/bericht/abschnitte/bs.tex
@ -26,9 +26,17 @@ Nach dem erfolgreichen Reboot haben wir dann das Netzwerk auf eine statische IP-
 \subsubsection{Netzwerk-Konfiguration}
-Auf dem Headnode bzw. Computenode haben wir mit {\tt netctl} die beiden Netzwerk-Interfaces {\tt eth0} und {\tt eth1} bzw. {\tt enp1s0} auf eine statische IP-Adresse (wie im Cluster-Layout angegeben) konfiguriert (siehe \emph{aufgabe2/headnode/network} und \emph{aufgabe2/headnode/internal} bzw. \emph{aufgabe2/computenode/internal}).
+Auf dem Headnode bzw. Computenode haben wir mit {\tt netctl} die beiden
 Netzwerk-Interfaces {\tt eth0} und {\tt eth1} bzw. {\tt enp1s0} auf eine
 statische IP-Adresse (wie im Cluster-Layout angegeben) konfiguriert (siehe
 \emph{aufgabe2.2/headnode/network} und \emph{aufgabe2.2/headnode/internal} bzw.
 \emph{aufgabe2.2/computenode/internal}).
-Auf dem Headnode mussten wir noch mittels {\tt iptables} das {\tt MASQUERADE}-Target in der {\tt POSTROUTING}-Chain in der {\tt nat}-Tabelle auf dem {\tt eth0}-Interface setzen (siehe \emph{aufgabe3/iptables.rules}) und mit {\tt sysctl} (\emph{/etc/sysctl.d}) die Option {\tt net.ipv4.ip\_forward = 1} (siehe \emph{aufgabe2/10-ip-forward-conf}) freischalten, damit die Computenodes auch auf das Internet zugreifen können (Paketinstallationen, Updates, etc.).
+Auf dem Headnode mussten wir noch mittels {\tt iptables} das {\tt
 MASQUERADE}-Target in der {\tt POSTROUTING}-Chain in der {\tt nat}-Tabelle auf
 dem {\tt eth0}-Interface setzen (siehe \emph{aufgabe2.3/iptables.rules}) und mit
 {\tt sysctl} (\emph{/etc/sysctl.d}) die Option {\tt net.ipv4.ip\_forward = 1}
 (siehe \emph{aufgabe2.2/10-ip-forward-conf}) freischalten, damit die Computenodes auch auf das Internet zugreifen können (Paketinstallationen, Updates, etc.).
 \input{abschnitte/bs-ssh}
--- a/bericht/abschnitte/burnin.tex
+++ b/bericht/abschnitte/burnin.tex
@ -24,7 +24,7 @@ Für das Webfrontend richteten wir darüber hinaus den Webserver {\tt nginx} ein
 Dieser kommuniziert über fastcgi mit Munin um die Graphen
 generieren zu lassen. Die nötige Konfiguration befindet sich in {\tt
-aufgabe5/nginx}. Die fastcgi-Prozesse von Munin starteten wir mit folgenden
+aufgabe2.5/nginx}. Die fastcgi-Prozesse von Munin starteten wir mit folgenden
 Befehl:
 \shellcmd{systemctl enable munin-graph.socket munin-html.socket}
@ -32,7 +32,7 @@ Befehl:
 \shellcmd{systemctl start munin-graph.socket munin-html.socket}
 Die ab zu fragenden Nodes werden in die {\tt munin.conf} eingetragen ({\tt
-aufgabe6/munin.conf}).
+aufgabe2.6/munin.conf}).
 Da die Anzahl unserer Nodes verhältnismäßig klein ist, haben wir uns für die
 Aktualisierung der Leistungsdaten via {\tt munin-cron} entschieden:
		`@ -1 +0,0 @@`
			`Subproject commit 3643f6f3f70143cdfa3b0206f87f202fa59b0e93`
		`@ -1,3 +0,0 @@`
			`#!/bin/sh`

			PDSH_RCMD_TYPE="`cat /etc/pdsh/rcmd_default`" /usr/bin/pdsh $@