mkdir -p './udev/hwdb.d'
mkdir -p './udev/rules.d'
mkdir -p './ufw/applications.d/apache2'
-mkdir -p './update-manager/release-upgrades.d'
maybe chmod 0755 '.'
maybe chmod 0700 '.etckeeper'
maybe chmod 0600 '.gitignore'
maybe chmod 0755 'tmpfiles.d'
maybe chmod 0644 'tmpfiles.d/screen-cleanup.conf'
maybe chmod 0755 'ubuntu-advantage'
+maybe chmod 0644 'ubuntu-advantage/help_data.yaml'
maybe chmod 0644 'ubuntu-advantage/uaclient.conf'
maybe chmod 0644 'ucf.conf'
maybe chmod 0755 'udev'
maybe chmod 0644 'update-manager/meta-release'
maybe chmod 0644 'update-manager/release-upgrades'
maybe chmod 0755 'update-manager/release-upgrades.d'
+maybe chmod 0644 'update-manager/release-upgrades.d/ubuntu-advantage-upgrades.cfg'
maybe chmod 0755 'update-motd.d'
maybe chmod 0755 'update-motd.d/00-header'
maybe chmod 0755 'update-motd.d/10-help-text'
maybe chmod 0755 'update-motd.d/50-motd-news'
+maybe chmod 0755 'update-motd.d/88-esm-announce'
+maybe chmod 0755 'update-motd.d/91-contract-ua-esm-status'
maybe chmod 0755 'update-motd.d/91-release-upgrade'
maybe chmod 0644 'updatedb.conf'
maybe chmod 0755 'vim'
--- /dev/null
+cc-eal:
+ help: |
+ Common Criteria is an Information Technology Security Evaluation standard
+ (ISO/IEC IS 15408) for computer security certification. Ubuntu 16.04 has
+ been evaluated to assurance level EAL2 through CSEC. The evaluation was
+ performed on Intel x86_64, IBM Power8 and IBM Z hardware platforms.
+
+cis:
+ help: |
+ Ubuntu Security Guide is a tool for hardening and auditing and allows for
+ environment-specific customizations. It enables compliance with profiles
+ such as DISA-STIG and the CIS benchmarks. Find out more at
+ https://ubuntu.com/security/certifications/docs/usg
+
+
+esm-apps:
+ help: |
+ Expanded Security Maintenance for Applications is enabled by default
+ on entitled workloads. It provides access to a private PPA which includes
+ available high and critical CVE fixes for Ubuntu LTS packages in the Ubuntu
+ Main and Ubuntu Universe repositories from the Ubuntu LTS release date until
+ its end of life. You can find out more about the esm service at
+ https://ubuntu.com/security/esm
+
+esm-infra:
+ help: |
+ Expanded Security Maintenance for Infrastructure provides access
+ to a private ppa which includes available high and critical CVE fixes
+ for Ubuntu LTS packages in the Ubuntu Main repository between the end
+ of the standard Ubuntu LTS security maintenance and its end of life.
+ It is enabled by default with Ubuntu Pro. You can find out more about
+ the service at https://ubuntu.com/security/esm
+
+fips:
+ help: |
+ FIPS 140-2 is a set of publicly announced cryptographic standards
+ developed by the National Institute of Standards and Technology
+ applicable for FedRAMP, HIPAA, PCI and ISO compliance use cases.
+ Note that "fips" does not provide security patching. For fips certified
+ modules with security patches please refer to fips-updates. The modules
+ are certified on Intel x86_64 and IBM Z hardware platforms for Ubuntu
+ 18.04 and Intel x86_64, IBM Power8 and IBM Z hardware platforms for
+ Ubuntu 16.04. Below is the list of fips certified components per an
+ Ubuntu Version. You can find out more at
+ https://ubuntu.com/security/certifications#fips
+
+fips-updates:
+ help: |
+ fips-updates installs fips modules including all security patches
+ for those modules that have been provided since their certification date.
+ You can find out more at https://ubuntu.com/security/certifications#fips.
+
+livepatch:
+ help: |
+ Livepatch provides selected high and critical kernel CVE fixes and other
+ non-security bug fixes as kernel livepatches. Livepatches are applied
+ without rebooting a machine which drastically limits the need for
+ unscheduled system reboots. Due to the nature of fips compliance,
+ livepatches cannot be enabled on fips-enabled systems. You can find out
+ more about Ubuntu Kernel Livepatch service at
+ https://ubuntu.com/security/livepatch
+
+realtime-kernel:
+ help: |
+ The Real-time kernel is an Ubuntu kernel with PREEMPT_RT patches integrated.
+ It services latency-dependent use cases by providing deterministic response times.
+ The Real-time kernel meets stringent preemption specifications and is suitable for
+ telco applications and dedicated devices in industrial automation and robotics.
+ The Real-time kernel is currently incompatible with FIPS and Livepatch.
+
+ros:
+ help: |
+ ros provides access to a private PPA which includes security-related
+ updates for available high and critical CVE fixes for Robot Operating
+ System (ROS) packages. For access to ROS ESM and security updates, both
+ esm-infra and esm-apps services will also be enabled. To get additional
+ non-security updates, enable ros-updates. You can find out more about the
+ ROS ESM service at https://ubuntu.com/robotics/ros-esm
+
+ros-updates:
+ help: |
+ ros-updates provides access to a private PPA which includes
+ non-security-related updates for Robot Operating System (ROS) packages.
+ For full access to ROS ESM, security and non-security updates,
+ the esm-infra, esm-apps, and ros services will also be enabled. You can
+ find out more about the ROS ESM service at
+ https://ubuntu.com/robotics/ros-esm
projects / vserver2 / commitdiff