Ignore some more harmless messages that appear to be caused by
someone connecting to the server and then disconnecting without
trying to authenticate (such as when they realize their Kerberos
ticket is expired or doesn't exist).

Don't single out the specific accounts that Nessus checks, but instead
skip all the errors about disconnecting due to too many authentication
failures.

Add additional ignore patterns for failed ssh logins from IT Services
staff.

The acceptable runtime for tmpreaper (used by base::tmpclean on Debian
and Ubuntu) has been extended to 20 minutes globally, and the
base::tmpclean::longer class, which existed only to do that, has been
removed as unnecessary.  The longer runtime limit should not pose a
problem on any system.

Clean up formatting and comments for installed files and Puppet
manifests.

The static crontab files installed by base::cron have been replaced
with a template to handle differences between Red Hat and Debian.  The
periodic cron jobs no longer even attempt to use anacron, avoiding any
problems with unpredictable cron run times if anacron is installed on
the system.

base::cron::filter-user-noise has been deleted.  This was specific to
Research Computing systems and should be handled in that local
repository.

In addition to adding the anycast DNS servers the individual
resolv.conf files are replaced with a single template.  The existing
class interfaces are preserved and they all create the appropriate
resolv.conf file by invoking the define that handles the small number
of resolv.conf variants.

Append to the temporary file used for Dell warranty facts instead of
deleting it and recreating it (which defeats some of the point of
using mktemp.

On some hosts, the default domain isn't stanford.edu.  In those
cases, we need to tell k5start that we only want to get stanford.edu
credentials.

The default out-of-date cron job always uses the host/* principal of
the local host for authentication instead of the first principal in
/etc/krb5.keytab, which may be for some other principal or a host/*
principal for an old hostname.

The deletion of the server files was somewhat too aggressive.

newsyslog no longer sets up a weekly command to tar up
/root/.history-save and removes /etc/newsyslog.weekly/audit if it
exists.  We're no longer using per-user history files and we're
letting bash handle managing the length of the history file.

newsyslog now creates btmp and wtmp writable by group utmp, matching
the operating system defaults.

newsyslog no longer attempts to clean up sysklogd cron jobs or remove
the old /etc/newsyslog.daily/syslog file installed by ancient versions
of stanford-server.

General coding style cleanup.

Remove out-of-date::server.  This is only used on a single host, so
all of the files and Puppet manifest have been moved to the Puppet
model for that server.

error: ssh_msg_send: write appears to be from a network connection
error.  It was logged on git.stanford.edu.  I don't think we care
about it.

The new version of remctld changes some of the logged error messages.
Update the filter-syslog rules accordingly.

This is the (old) master branch along with the fixes to the
cron file permissions that Russ made.