Пример #1
0
def harden():
    upgrade()
    autoupgrade()
    util.debian_install("fail2ban")

    print "attempting to configure key-based auth for root..."
    import os.path
    localKey = open(os.path.expanduser("~/.ssh/id_rsa.pub")).read()
    util.append(localKey, "~/.ssh/authorized_keys")

    print "WARNING: YOU *MUST* have root configured to continue.  Type YES to confirm."
    confirm = None
    while confirm != "YES":
        confirm = raw_input()
        pass

    print "disabling password auth for root"
    util.config("PasswordAuthentication no", "/etc/ssh/sshd_config")

    run("service ssh restart")

    setupDeployUser()
    logwatch()

    firewall()  #this should be run last, since it can abort the SSH connection
Пример #2
0
def kernel_upgrade():
    version = run("uname -r")
    from distutils.version import LooseVersion
    actualVersion = LooseVersion(version)
    requiredVersion = LooseVersion("3.10")
    if actualVersion < requiredVersion:
        print "Kernel upgrade will be required."
    else:
        return
    #We need to enable testing
    util.append("deb http://ftp.us.debian.org/debian/ testing main non-free",
                "/etc/apt/sources.list")
    util.append(
        "deb-src http://ftp.us.debian.org/debian/ testing main non-free",
        "/etc/apt/sources.list")
    util.append(
        "deb http://security.debian.org/ testing/updates main non-free",
        "/etc/apt/sources.list")
    util.append(
        "deb-src http://security.debian.org/ testing/updates main non-free",
        "/etc/apt/sources.list")
    util.append('APT::Default-Release "stable";',
                "/etc/apt/apt.conf.d/50usestable.conf")
    run("apt-get update")
    run("apt-get install -t testing -y linux-image-amd64 firmware-linux-nonfree"
        )
    print "A reboot will be required."
    run("shutdown -r now")
Пример #3
0
def harden():
	upgrade()
	autoupgrade()
	util.debian_install("fail2ban")


	print "attempting to configure key-based auth for root..."
	import os.path
	localKey = open(os.path.expanduser("~/.ssh/id_rsa.pub")).read()
	util.append(localKey,"~/.ssh/authorized_keys")

	print "WARNING: YOU *MUST* have root configured to continue.  Type YES to confirm."
	confirm = None
	while confirm != "YES":
		confirm = raw_input()
		pass


	print "disabling password auth for root"
	util.config("PasswordAuthentication no","/etc/ssh/sshd_config")

	run("service ssh restart")

	setupDeployUser()
	logwatch()


	firewall() #this should be run last, since it can abort the SSH connection
Пример #4
0
def digitalOceanKernelFix():
    """install modules for digitalocean unstable kernel"""
    util.append(
        "deb http://ftp.us.debian.org/debian/ wheezy-backports main", "/etc/apt/sources.list")
    run("apt-get update")
    run("apt-get install -t wheezy-backports linux-image-3.10-0.bpo.2-amd64")
    run("ln -s /lib/modules/3.10-0.bpo.2-amd64 /lib/modules/3.10-1-amd64")
Пример #5
0
def install_docker():
    """DigitalOcean requires a fix, see documentation
    so
    1.  Go to Settings->Kernel
    2.  Choose Debian Unstable x64
    3.  Power cycle
    4.  Run digitalOceanKernelFix command

    before you run this command."""

    kernel_upgrade()
    #run("modprobe aufs") #not necessary on Linode?
    #Linode wants "busybox"
    util.debian_install("curl")
    run("wget http://get.docker.io -O - | bash")
    with settings(warn_only=True):
        run("groupadd docker")
        run("gpasswd -a deploy docker")

    init_setup()

    # https://github.com/dotcloud/docker/issues/431
    util.append(
        "none        /cgroup        cgroup        defaults    0    0", "/etc/fstab")
    with settings(warn_only=True):
        run("mkdir -p /cgroup")
        run("mount /cgroup")

    util.append("net.ipv4.ip_forward=1", "/etc/sysctl.conf")
    run("sysctl -p")

    #fix_cgroups() Isn't necessary on Linode

    run("service docker start")
Пример #6
0
def config_scissors_server():
    import harden
    harden.harden()
    import docker
    docker.install_docker()
    util.install_git()

    util.append(
        """find deploy -maxdepth 3 -name "scissors-boot.sh" -execdir bash "{}" \;""", "/home/deploy/scissors-boot.sh")

    if not fabric.contrib.files.contains("/etc/rc.local", "/home/deploy/scissors-boot.sh"):
        run("""sed -i '$i \su deploy --command "bash /home/deploy/scissors-boot.sh" &\n' /etc/rc.local""")
Пример #7
0
def setupDeployUser():
    if not fabric.contrib.files.contains("/etc/passwd", r"deploy"):
        print "Creating deploy user"
        run("useradd deploy")
        run("mkdir /home/deploy")
        run("mkdir /home/deploy/.ssh")
        run("cp ~/.ssh/authorized_keys /home/deploy/.ssh/authorized_keys")

        run("chmod 700 /home/deploy/.ssh")
        run("chmod 400 /home/deploy/.ssh/authorized_keys")
        run("chown deploy:deploy /home/deploy -R")

    #add to sudoers file
    util.append("deploy  ALL=(ALL) ALL", "/etc/sudoers")

    #configure AllowUsers
    util.append("AllowUsers root deploy vagrant", "/etc/ssh/sshd_config")

    run('service ssh restart')
Пример #8
0
def setupDeployUser():
	if not fabric.contrib.files.contains("/etc/passwd",r"deploy"):
		print "Creating deploy user"
		run("useradd deploy")
		run("mkdir /home/deploy")
		run("mkdir /home/deploy/.ssh")
		run("cp ~/.ssh/authorized_keys /home/deploy/.ssh/authorized_keys")

		run("chmod 700 /home/deploy/.ssh")
		run("chmod 400 /home/deploy/.ssh/authorized_keys")
		run("chown deploy:deploy /home/deploy -R")

	#add to sudoers file
	util.append("deploy  ALL=(ALL) ALL","/etc/sudoers")

	#configure AllowUsers
	util.append("AllowUsers root deploy vagrant","/etc/ssh/sshd_config")

	run('service ssh restart')
Пример #9
0
def kernel_upgrade():
	version = run("uname -r")
	from distutils.version import LooseVersion
	actualVersion = LooseVersion(version)
	requiredVersion = LooseVersion("3.10")
	if actualVersion < requiredVersion:
		print "Kernel upgrade will be required."
	else:
		return
	#We need to enable testing
	util.append("deb http://ftp.us.debian.org/debian/ testing main non-free","/etc/apt/sources.list")
	util.append("deb-src http://ftp.us.debian.org/debian/ testing main non-free","/etc/apt/sources.list")
	util.append("deb http://security.debian.org/ testing/updates main non-free","/etc/apt/sources.list")
	util.append("deb-src http://security.debian.org/ testing/updates main non-free","/etc/apt/sources.list")
	util.append('APT::Default-Release "stable";',"/etc/apt/apt.conf.d/50usestable.conf")
	run("apt-get update")
	run("apt-get install -t testing -y linux-image-amd64 firmware-linux-nonfree")
	print "A reboot will be required."
	run("shutdown -r now")
Пример #10
0
def install_docker():

    kernel_upgrade()
    run("modprobe aufs")
    util.debian_install("curl")
    run("wget http://get.docker.io -O - | bash")
    with settings(warn_only=True):
        run("groupadd docker")
        run("gpasswd -a deploy docker")

    init_setup()

    # https://github.com/dotcloud/docker/issues/431
    util.append("none        /cgroup        cgroup        defaults    0    0",
                "/etc/fstab")
    with settings(warn_only=True):
        run("mkdir -p /cgroup")
        run("mount /cgroup")

    util.append("net.ipv4.ip_forward=1", "/etc/sysctl.conf")
    run("sysctl -p")

    run("service docker start")
Пример #11
0
def install_docker():

	kernel_upgrade()
	run("modprobe aufs")
	util.debian_install("curl")
	run("wget http://get.docker.io -O - | bash")
	with settings(warn_only=True):
		run("groupadd docker")
		run("gpasswd -a deploy docker")

	init_setup()

	# https://github.com/dotcloud/docker/issues/431
	util.append("none        /cgroup        cgroup        defaults    0    0","/etc/fstab")
	with settings(warn_only=True):
		run("mkdir -p /cgroup")
		run("mount /cgroup")

	util.append("net.ipv4.ip_forward=1","/etc/sysctl.conf")
	run("sysctl -p")

	run("service docker start")
Пример #12
0
def cv(fname):
    logger = logging.getLogger()

    # -------------- Configure track
    config = th.CONFIG(
        NUM_JUNCTURES = 28,
        NUM_MILESTONES = 27,
        NUM_LANES = 5,
        NUM_SPEEDS = 3,
        NUM_DIRECTIONS = 20,
        NUM_STEER_POSITIONS = 3,
        NUM_ACCEL_POSITIONS = 3
    )

    RADIUS = 98
    WIDTH = 20
    track = CircleTrack((0, 0), RADIUS, WIDTH, config)
    car = Car(config)

    logger.debug("*Problem:\t%s", util.pre_problem)
    logger.debug("   %s", config)

    # --------- CV ---------
    num_samples = 600

#     algs = np.array([ALG['sarsa'] for _ in range(num_samples)])
#     fas = np.array([FA['qtable'] for _ in range(num_samples)])
    i_algs = np.array([x % 4 for x in range(num_samples)])
    fas = np.array([th.FA['qtable'] for _ in range(num_samples)])
    lambdas = np.random.uniform(0.0, 1, num_samples)
    alphas = np.random.uniform(0.0, 1, num_samples)
    expls = 10 ** np.random.uniform(1.0, 3, num_samples)
    scores = []
    erjs = []

    for rep, (i_alg, fa, lam, alp, expl) in enumerate(
        zip(i_algs, fas, lambdas, alphas, expls)): 
        logger.debug("--- rep %d --- %d:%d lam: %0.2f, alp: %0.2f, expl: %0.2f", 
                     rep, i_alg, fa, lam, alp, expl)
         
        #TODO: use 'fa' to pick f.a.
        driver_fa = QLookup(config, alpha=alp)
        driver = th.create_driver_i(config, i_alg, expl, lam, driver_fa, None)
    
        trainer = Trainer(driver, track, car)
        seed = 213 + rep
        random.seed(seed)
        np.random.seed(seed)
        torch.manual_seed(seed)
        torch.cuda.manual_seed(seed)
        bp_times, e_bp, bp_R, bp_j = trainer.train(20*1000)
        #bp_R=[random.randrange(20, 1000)]

        score = 0
        mult = 1
        for i in range(len(bp_R)):
            score += bp_R[-1-i] / (bp_j[-1-i] + 1) * mult
            mult *= 0.95

        scores.append(score)
        logger.debug("  Score: %s", score)
        erj = []
        erj.extend(e_bp)
        erj.extend(bp_R)
        erj.extend(bp_j)
        erjs.append(erj)
          
    scores = np.array(scores)
    erjs = np.array(erjs)
    
    stackers = [i_algs, fas, lambdas, alphas, expls, scores]
    stackers.extend([erj.T for erj in erjs.T])

    A = np.stack(stackers).T    
    util.append(A, fname)
Пример #13
0
def logwatch():
    util.debian_install("logwatch")
    util.append(
        "/usr/sbin/logwatch --output mail --mailto [email protected] --detail high",
        "/etc/cron.daily/00logwatch")
Пример #14
0
def logwatch():
	util.debian_install("logwatch")
	util.append("/usr/sbin/logwatch --output mail --mailto [email protected] --detail high","/etc/cron.daily/00logwatch")
Пример #15
0
def append_branch(name, ch):
    # creates the branch file
    util.append(os.path.join('.bvc', 'branches', name), ch + os.linesep)