mkdir -p './ssh/sshd_config.d'
mkdir -p './systemd/network'
mkdir -p './udev/hwdb.d'
-mkdir -p './update-manager/release-upgrades.d'
mkdir -p './update-notifier'
mkdir -p './usb_modeswitch.d'
mkdir -p './vulkan/explicit_layer.d'
maybe chmod 0644 'apt/apt.conf.d/05etckeeper'
maybe chmod 0644 'apt/apt.conf.d/10periodic'
maybe chmod 0644 'apt/apt.conf.d/15update-stamp'
+maybe chmod 0644 'apt/apt.conf.d/20apt-esm-hook.conf'
maybe chmod 0644 'apt/apt.conf.d/20archive'
maybe chmod 0644 'apt/apt.conf.d/20dbus'
maybe chmod 0644 'apt/apt.conf.d/20packagekit'
maybe chmod 0755 'tmpfiles.d'
maybe chmod 0644 'tmpfiles.d/screen-cleanup.conf'
maybe chmod 0755 'ubuntu-advantage'
+maybe chmod 0644 'ubuntu-advantage/help_data.yaml'
maybe chmod 0644 'ubuntu-advantage/uaclient.conf'
maybe chmod 0644 'ucf.conf'
maybe chmod 0755 'udev'
maybe chmod 0644 'update-manager/meta-release'
maybe chmod 0644 'update-manager/release-upgrades'
maybe chmod 0755 'update-manager/release-upgrades.d'
+maybe chmod 0644 'update-manager/release-upgrades.d/ubuntu-advantage-upgrades.cfg'
maybe chmod 0755 'update-motd.d'
maybe chmod 0755 'update-motd.d/00-header'
maybe chmod 0755 'update-motd.d/10-help-text'
maybe chmod 0755 'update-motd.d/50-motd-news'
maybe chmod 0755 'update-motd.d/85-fwupd'
+maybe chmod 0755 'update-motd.d/88-esm-announce'
maybe chmod 0755 'update-motd.d/90-updates-available'
+maybe chmod 0755 'update-motd.d/91-contract-ua-esm-status'
maybe chmod 0755 'update-motd.d/91-release-upgrade'
maybe chmod 0755 'update-motd.d/95-hwe-eol'
maybe chmod 0755 'update-motd.d/98-fsck-at-reboot'
--- /dev/null
+APT::Update::Post-Invoke-Stats {
+ "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook post-invoke-stats || true";
+};
+
+APT::Install::Post-Invoke-Success {
+ "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook post-invoke-success || true";
+};
+
+APT::Install::Pre-Invoke {
+ "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke || true";
+}
+
+AptCli::Hooks::Upgrade {
+ "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-json-hook ] || /usr/lib/ubuntu-advantage/apt-esm-json-hook || true";
+}
--- /dev/null
+/lib/systemd/system/ua-reboot-cmds.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/ua-messaging.timer
\ No newline at end of file
--- /dev/null
+cc-eal:
+ help: |
+ Common Criteria is an Information Technology Security Evaluation standard
+ (ISO/IEC IS 15408) for computer security certification. Ubuntu 16.04 has
+ been evaluated to assurance level EAL2 through CSEC. The evaluation was
+ performed on Intel x86_64, IBM Power8 and IBM Z hardware platforms.
+
+cis:
+ help: |
+ CIS benchmarks locks down your systems by removing non-secure programs,
+ disabling unused filesystems, disabling unnecessary ports or services to
+ prevent cyber attacks and malware, auditing privileged operations and
+ restricting administrative privileges. The cis command installs
+ tooling needed to automate audit and hardening according to a desired
+ CIS profile - level 1 or level 2 for server or workstation on
+ Ubuntu 18.04 LTS or 16.04 LTS. The audit tooling uses OpenSCAP libraries
+ to do a scan of the system. The tool provides options to generate a
+ report in XML or a html format. The report shows compliance for all the
+ rules against the profile selected during the scan. You can find out
+ more at https://ubuntu.com/security/certifications#cis
+
+esm-apps:
+ help: |
+ UA Apps: Extended Security Maintenance is enabled by default on entitled
+ workloads. It provides access to a private PPA which includes available
+ high and critical CVE fixes for Ubuntu LTS packages in the Ubuntu Main
+ and Ubuntu Universe repositories from the Ubuntu LTS release date until
+ its end of life. You can find out more about the esm service at
+ https://ubuntu.com/security/esm
+
+esm-infra:
+ help: |
+ esm-infra provides access to a private ppa which includes available high
+ and critical CVE fixes for Ubuntu LTS packages in the Ubuntu Main
+ repository between the end of the standard Ubuntu LTS security
+ maintenance and its end of life. It is enabled by default with
+ Extended Security Maintenance (ESM) for UA Apps and UA Infra.
+ You can find our more about the esm service at
+ https://ubuntu.com/security/esm
+
+fips:
+ help: |
+ FIPS 140-2 is a set of publicly announced cryptographic standards
+ developed by the National Institute of Standards and Technology
+ applicable for FedRAMP, HIPAA, PCI and ISO compliance use cases.
+ Note that ‘fips’ does not provide security patching. For fips certified
+ modules with security patches please refer to fips-updates. The modules
+ are certified on Intel x86_64 and IBM Z hardware platforms for Ubuntu
+ 18.04 and Intel x86_64, IBM Power8 and IBM Z hardware platforms for
+ Ubuntu 16.04. Below is the list of fips certified components per an
+ Ubuntu Version. You can find out more at
+ https://ubuntu.com/security/certifications#fips
+
+fips-updates:
+ help: |
+ fips-updates installs fips modules including all security patches
+ for those modules that have been provided since their certification date.
+ You can find out more at https://ubuntu.com/security/certifications#fips.
+
+livepatch:
+ help: |
+ Livepatch provides selected high and critical kernel CVE fixes and other
+ non-security bug fixes as kernel livepatches. Livepatches are applied
+ without rebooting a machine which drastically limits the need for
+ unscheduled system reboots. Due to the nature of fips compliance,
+ livepatches cannot be enabled on fips-enabled systems. You can find out
+ more about Ubuntu Kernel Livepatch service at
+ https://ubuntu.com/security/livepatch
# Ubuntu-Advantage client config file.
contract_url: 'https://contracts.canonical.com'
+security_url: 'https://ubuntu.com/security'
data_dir: /var/lib/ubuntu-advantage
log_level: debug
log_file: /var/log/ubuntu-advantage.log
--- /dev/null
+[Sources]
+Pockets=security,updates,proposed,backports,infra-security,infra-updates,apps-security,apps-updates
+[Distro]
+PostInstallScripts=./xorg_fix_proprietary.py, /usr/lib/ubuntu-advantage/upgrade_lts_contract.py
--- /dev/null
+#!/bin/sh
+stamp="/var/lib/ubuntu-advantage/messages/motd-esm-announce"
+
+[ ! -r "$stamp" ] || cat "$stamp"
--- /dev/null
+#!/bin/sh
+stamp="/var/lib/ubuntu-advantage/messages/motd-esm-service-status"
+
+[ ! -r "$stamp" ] || cat "$stamp"
projects / config / bruni / etc-mint-new1.git / commitdiff