When using v7 add an apt preferences fragment that pulls rsyslog
from backports.

This also leaves a place for redhat folks to add special processing.

Globally disable monlist in all the ntp.conf variations to protect
against use of monlist to launch UDP-based DoS attacks.  This was
probably already prevented by firewall rules, but may as well make
sure.

Change the filter-syslog rule for Debian to a broader pattern to
match more of the buggy power limit notifications generated by
newer Dell hardware.

default format that pulls all template and output configuration from
the rsyslog.d fragments directory.  Current default behavior is not
changed for now.

Add v5 and v7 fragments for default templates and output.  New
fragments to support a more complete time format.

Lowercase the hostname when forming a Kerberos principal in the
out-of-date cron job.  Some Networking systems use .Stanford.EDU
in the official hostname.  (rra)

Ignore buggy CPU core power limit notifications from new Dell
hardware in default Debian filter-syslog rules.

This change does not affect the current usage of the module.  It does
allow manifests to choose to retire /etc/syslog.conf in favor or
fragments in /etc/rsyslog.d to control the syslog activity.  One
default fragment, 90-local.conf, that writes syslog messages
locally.

This change also include a fragment define that is used for the
management of rsyslog fragments.

Ignore some more harmless messages that appear to be caused by
someone connecting to the server and then disconnecting without
trying to authenticate (such as when they realize their Kerberos
ticket is expired or doesn't exist).

Don't single out the specific accounts that Nessus checks, but instead
skip all the errors about disconnecting due to too many authentication
failures.

Add additional ignore patterns for failed ssh logins from IT Services
staff.

The acceptable runtime for tmpreaper (used by base::tmpclean on Debian
and Ubuntu) has been extended to 20 minutes globally, and the
base::tmpclean::longer class, which existed only to do that, has been
removed as unnecessary.  The longer runtime limit should not pose a
problem on any system.

Clean up formatting and comments for installed files and Puppet
manifests.

The static crontab files installed by base::cron have been replaced
with a template to handle differences between Red Hat and Debian.  The
periodic cron jobs no longer even attempt to use anacron, avoiding any
problems with unpredictable cron run times if anacron is installed on
the system.

base::cron::filter-user-noise has been deleted.  This was specific to
Research Computing systems and should be handled in that local
repository.

In addition to adding the anycast DNS servers the individual
resolv.conf files are replaced with a single template.  The existing
class interfaces are preserved and they all create the appropriate
resolv.conf file by invoking the define that handles the small number
of resolv.conf variants.

Append to the temporary file used for Dell warranty facts instead of
deleting it and recreating it (which defeats some of the point of
using mktemp.

On some hosts, the default domain isn't stanford.edu.  In those
cases, we need to tell k5start that we only want to get stanford.edu
credentials.

The default out-of-date cron job always uses the host/* principal of
the local host for authentication instead of the first principal in
/etc/krb5.keytab, which may be for some other principal or a host/*
principal for an old hostname.

The deletion of the server files was somewhat too aggressive.

newsyslog no longer sets up a weekly command to tar up
/root/.history-save and removes /etc/newsyslog.weekly/audit if it
exists.  We're no longer using per-user history files and we're
letting bash handle managing the length of the history file.

newsyslog now creates btmp and wtmp writable by group utmp, matching
the operating system defaults.

newsyslog no longer attempts to clean up sysklogd cron jobs or remove
the old /etc/newsyslog.daily/syslog file installed by ancient versions
of stanford-server.

General coding style cleanup.

Remove out-of-date::server.  This is only used on a single host, so
all of the files and Puppet manifest have been moved to the Puppet
model for that server.

error: ssh_msg_send: write appears to be from a network connection
error.  It was logged on git.stanford.edu.  I don't think we care
about it.

The new version of remctld changes some of the logged error messages.
Update the filter-syslog rules accordingly.

This is the (old) master branch along with the fixes to the
cron file permissions that Russ made.