mkdir -p './systemd/network'
mkdir -p './udev/hwdb.d'
mkdir -p './udev/rules.d'
-mkdir -p './update-manager/release-upgrades.d'
mkdir -p './vulkan/explicit_layer.d'
mkdir -p './vulkan/icd.d'
mkdir -p './vulkan/implicit_layer.d'
maybe chmod 0644 'apt/apt.conf.d/01autoremove'
maybe chmod 0444 'apt/apt.conf.d/01autoremove-kernels'
maybe chmod 0644 'apt/apt.conf.d/05etckeeper'
+maybe chmod 0644 'apt/apt.conf.d/20apt-esm-hook.conf'
maybe chmod 0644 'apt/apt.conf.d/20apt-show-versions'
maybe chmod 0644 'apt/apt.conf.d/25loolwsd'
maybe chmod 0644 'apt/apt.conf.d/50command-not-found'
maybe chmod 0644 'php/7.4/mods-available/redis.ini'
maybe chmod 0644 'php/7.4/mods-available/shmop.ini'
maybe chmod 0644 'php/7.4/mods-available/simplexml.ini'
+maybe chmod 0644 'php/7.4/mods-available/soap.ini'
maybe chmod 0644 'php/7.4/mods-available/sockets.ini'
maybe chmod 0644 'php/7.4/mods-available/sysvmsg.ini'
maybe chmod 0644 'php/7.4/mods-available/sysvsem.ini'
maybe chmod 0755 'tmpfiles.d'
maybe chmod 0644 'tmpfiles.d/screen-cleanup.conf'
maybe chmod 0755 'ubuntu-advantage'
+maybe chmod 0644 'ubuntu-advantage/help_data.yaml'
maybe chmod 0644 'ubuntu-advantage/uaclient.conf'
maybe chmod 0644 'ucf.conf'
maybe chmod 0755 'udev'
maybe chmod 0644 'update-manager/meta-release'
maybe chmod 0644 'update-manager/release-upgrades'
maybe chmod 0755 'update-manager/release-upgrades.d'
+maybe chmod 0644 'update-manager/release-upgrades.d/ubuntu-advantage-upgrades.cfg'
maybe chmod 0755 'update-motd.d'
maybe chmod 0755 'update-motd.d/00-header'
maybe chmod 0755 'update-motd.d/10-help-text'
maybe chmod 0755 'update-motd.d/50-motd-news'
+maybe chmod 0755 'update-motd.d/88-esm-announce'
+maybe chmod 0755 'update-motd.d/91-contract-ua-esm-status'
maybe chmod 0755 'update-motd.d/91-release-upgrade'
maybe chmod 0644 'updatedb.conf'
maybe chmod 0755 'vim'
// DO NOT EDIT! File autogenerated by /etc/kernel/postinst.d/apt-auto-removal
APT::NeverAutoRemove
{
- "^linux-.*-5\.4\.0-40-generic$";
- "^linux-.*-5\.4\.0-48-generic$";
"^linux-.*-5\.4\.0-52-generic$";
- "^kfreebsd-.*-5\.4\.0-40-generic$";
- "^kfreebsd-.*-5\.4\.0-48-generic$";
+ "^linux-.*-5\.4\.0-81-generic$";
"^kfreebsd-.*-5\.4\.0-52-generic$";
- "^gnumach-.*-5\.4\.0-40-generic$";
- "^gnumach-.*-5\.4\.0-48-generic$";
+ "^kfreebsd-.*-5\.4\.0-81-generic$";
"^gnumach-.*-5\.4\.0-52-generic$";
- "^.*-modules-5\.4\.0-40-generic$";
- "^.*-modules-5\.4\.0-48-generic$";
+ "^gnumach-.*-5\.4\.0-81-generic$";
"^.*-modules-5\.4\.0-52-generic$";
- "^.*-kernel-5\.4\.0-40-generic$";
- "^.*-kernel-5\.4\.0-48-generic$";
+ "^.*-modules-5\.4\.0-81-generic$";
"^.*-kernel-5\.4\.0-52-generic$";
+ "^.*-kernel-5\.4\.0-81-generic$";
};
/* Debug information:
# dpkg list:
-rc linux-image-4.15.0-109-generic 4.15.0-109.110 amd64 Signed kernel image generic
-rc linux-image-4.15.0-38-generic 4.15.0-38.41 amd64 Signed kernel image generic
-rc linux-image-4.15.0-64-generic 4.15.0-64.73 amd64 Signed kernel image generic
-ii linux-image-5.4.0-40-generic 5.4.0-40.44 amd64 Signed kernel image generic
-ii linux-image-5.4.0-48-generic 5.4.0-48.52 amd64 Signed kernel image generic
-iF linux-image-5.4.0-52-generic 5.4.0-52.57 amd64 Signed kernel image generic
-ii linux-image-generic 5.4.0.52.55 amd64 Generic Linux kernel image
+rc linux-image-4.15.0-109-generic 4.15.0-109.110 amd64 Signed kernel image generic
+rc linux-image-4.15.0-38-generic 4.15.0-38.41 amd64 Signed kernel image generic
+rc linux-image-4.15.0-64-generic 4.15.0-64.73 amd64 Signed kernel image generic
+ii linux-image-5.4.0-40-generic 5.4.0-40.44 amd64 Signed kernel image generic
+ii linux-image-5.4.0-48-generic 5.4.0-48.52 amd64 Signed kernel image generic
+ii linux-image-5.4.0-52-generic 5.4.0-52.57 amd64 Signed kernel image generic
+iF linux-image-5.4.0-81-generic 5.4.0-81.91 amd64 Signed kernel image generic
+ii linux-image-generic 5.4.0.81.85 amd64 Generic Linux kernel image
# list of installed kernel packages:
5.4.0-40-generic 5.4.0-40.44
5.4.0-48-generic 5.4.0-48.52
5.4.0-52-generic 5.4.0-52.57
+5.4.0-81-generic 5.4.0-81.91
# list of different kernel versions:
+5.4.0-81.91
5.4.0-52.57
5.4.0-48.52
5.4.0-40.44
-# Installing kernel: 5.4.0-52.57 (5.4.0-52-generic)
-# Running kernel: 5.4.0-40.44 (5.4.0-40-generic)
-# Last kernel: 5.4.0-52.57
-# Previous kernel: 5.4.0-48.52
+# Installing kernel: 5.4.0-81.91 (5.4.0-81-generic)
+# Running kernel: 5.4.0-52.57 (5.4.0-52-generic)
+# Last kernel: 5.4.0-81.91
+# Previous kernel: 5.4.0-52.57
# Kernel versions list to keep:
-5.4.0-40.44
-5.4.0-48.52
5.4.0-52.57
+5.4.0-81.91
# Kernel packages (version part) to protect:
-5\.4\.0-40-generic
-5\.4\.0-48-generic
5\.4\.0-52-generic
+5\.4\.0-81-generic
*/
--- /dev/null
+APT::Update::Post-Invoke-Stats {
+ "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook post-invoke-stats || true";
+};
+
+APT::Install::Post-Invoke-Success {
+ "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook post-invoke-success || true";
+};
+
+APT::Install::Pre-Invoke {
+ "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke || true";
+};
+
+AptCli::Hooks::Upgrade {
+ "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-json-hook ] || /usr/lib/ubuntu-advantage/apt-esm-json-hook || true";
+};
--- /dev/null
+/etc/php/7.4/mods-available/soap.ini
\ No newline at end of file
--- /dev/null
+/etc/php/7.4/mods-available/soap.ini
\ No newline at end of file
--- /dev/null
+; configuration for php soap module
+; priority=20
+extension=soap.so
--- /dev/null
+/etc/php/7.4/mods-available/soap.ini
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/ua-reboot-cmds.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/ua-messaging.timer
\ No newline at end of file
--- /dev/null
+cc-eal:
+ help: |
+ Common Criteria is an Information Technology Security Evaluation standard
+ (ISO/IEC IS 15408) for computer security certification. Ubuntu 16.04 has
+ been evaluated to assurance level EAL2 through CSEC. The evaluation was
+ performed on Intel x86_64, IBM Power8 and IBM Z hardware platforms.
+
+cis:
+ help: |
+ CIS benchmarks locks down your systems by removing non-secure programs,
+ disabling unused filesystems, disabling unnecessary ports or services to
+ prevent cyber attacks and malware, auditing privileged operations and
+ restricting administrative privileges. The cis command installs
+ tooling needed to automate audit and hardening according to a desired
+ CIS profile - level 1 or level 2 for server or workstation on
+ Ubuntu 18.04 LTS or 16.04 LTS. The audit tooling uses OpenSCAP libraries
+ to do a scan of the system. The tool provides options to generate a
+ report in XML or a html format. The report shows compliance for all the
+ rules against the profile selected during the scan. You can find out
+ more at https://ubuntu.com/security/certifications#cis
+
+esm-apps:
+ help: |
+ UA Apps: Extended Security Maintenance is enabled by default on entitled
+ workloads. It provides access to a private PPA which includes available
+ high and critical CVE fixes for Ubuntu LTS packages in the Ubuntu Main
+ and Ubuntu Universe repositories from the Ubuntu LTS release date until
+ its end of life. You can find out more about the esm service at
+ https://ubuntu.com/security/esm
+
+esm-infra:
+ help: |
+ esm-infra provides access to a private ppa which includes available high
+ and critical CVE fixes for Ubuntu LTS packages in the Ubuntu Main
+ repository between the end of the standard Ubuntu LTS security
+ maintenance and its end of life. It is enabled by default with
+ Extended Security Maintenance (ESM) for UA Apps and UA Infra.
+ You can find our more about the esm service at
+ https://ubuntu.com/security/esm
+
+fips:
+ help: |
+ FIPS 140-2 is a set of publicly announced cryptographic standards
+ developed by the National Institute of Standards and Technology
+ applicable for FedRAMP, HIPAA, PCI and ISO compliance use cases.
+ Note that ‘fips’ does not provide security patching. For fips certified
+ modules with security patches please refer to fips-updates. The modules
+ are certified on Intel x86_64 and IBM Z hardware platforms for Ubuntu
+ 18.04 and Intel x86_64, IBM Power8 and IBM Z hardware platforms for
+ Ubuntu 16.04. Below is the list of fips certified components per an
+ Ubuntu Version. You can find out more at
+ https://ubuntu.com/security/certifications#fips
+
+fips-updates:
+ help: |
+ fips-updates installs fips modules including all security patches
+ for those modules that have been provided since their certification date.
+ You can find out more at https://ubuntu.com/security/certifications#fips.
+
+livepatch:
+ help: |
+ Livepatch provides selected high and critical kernel CVE fixes and other
+ non-security bug fixes as kernel livepatches. Livepatches are applied
+ without rebooting a machine which drastically limits the need for
+ unscheduled system reboots. Due to the nature of fips compliance,
+ livepatches cannot be enabled on fips-enabled systems. You can find out
+ more about Ubuntu Kernel Livepatch service at
+ https://ubuntu.com/security/livepatch
# Ubuntu-Advantage client config file.
-contract_url: 'https://contracts.canonical.com'
+# If you modify this file, run "ua refresh config" to ensure changes are
+# picked up by Ubuntu-Advantage client.
+
+contract_url: https://contracts.canonical.com
data_dir: /var/lib/ubuntu-advantage
-log_level: debug
log_file: /var/log/ubuntu-advantage.log
+log_level: debug
+security_url: https://ubuntu.com/security
+ua_config:
+ apt_http_proxy: null
+ apt_https_proxy: null
+ http_proxy: null
+ https_proxy: null
--- /dev/null
+[Sources]
+Pockets=security,updates,proposed,backports,infra-security,infra-updates,apps-security,apps-updates
+[Distro]
+PostInstallScripts=./xorg_fix_proprietary.py, /usr/lib/ubuntu-advantage/upgrade_lts_contract.py
--- /dev/null
+#!/bin/sh
+stamp="/var/lib/ubuntu-advantage/messages/motd-esm-announce"
+
+[ ! -r "$stamp" ] || cat "$stamp"
--- /dev/null
+#!/bin/sh
+stamp="/var/lib/ubuntu-advantage/messages/motd-esm-service-status"
+
+[ ! -r "$stamp" ] || cat "$stamp"
projects / vserver / commitdiff