diff options
author | Stefan Kangas <skangas@skangas.se> | 2011-06-15 23:56:17 +0200 |
---|---|---|
committer | Stefan Kangas <skangas@skangas.se> | 2011-06-15 23:56:17 +0200 |
commit | 1c738478b2353921bde779f216995d76a9d7a699 (patch) | |
tree | 5d271d9573eb308d69cf1290a4325fb6bbde100f | |
parent | 72c7faf9863a0d4c37b5a3abdb34a5ac3d60b72e (diff) |
Add result of brainstorming session at 2011-06-15.
-rw-r--r-- | todo.org | 42 |
1 files changed, 35 insertions, 7 deletions
@@ -1,5 +1,23 @@ -#+TITLE: TODO -#+STARTUP: indent +#+TITLE: TODO for Fripost (internal administration use only) + +* Results of brainstorming +** Bacula +- How to properly send data to the backup server? +** Filtering emails +- We will use sieve, perhaps managesieve? +** Spamassassin (opt-in) +** Evaluate SSH-tunnels vs VPN +** Improve logcheck rules (increase signal to noise ratio) +** Monitoring - Munin +** Central log server +** Distributed storage: backing up +- Tahoe FS/LAFS. +** Move the wiki to fripost.org/wiki +** SMTP server +- Should be given priority since users have requested this +** Think about what to do with the main server +** Think about getting more hardware +** Switching from-address in RoundCube * Tasks ** Upgrade systems to Squeeze @@ -10,14 +28,13 @@ ** Install PGP module in RoundCube ** Implement greylisting on luxemburg and elefant Skapad: [2011-03-13 Sun 01:37] - -** Convert ikiwiki to use org-mode backend, including +** Convert ikiwiki to use org-mode backend ** Change RoundCube logo to Fripost logo +** Write down procedures for installing OSSEC +- We will use the standalone rather than client-server solution +** Document how to enable encrypted swap * More research needed -** Begin examining OSSEC -** Document how to enable encrypted swap -Skapad: [2011-03-13 Sun 01:31] ** Implement firewall rules on the systems ** Decide how users are to change passwords - One system has to have update access to MySQL @@ -32,3 +49,14 @@ Skapad: [2011-03-13 Sun 01:31] * Maybe ** Mail gateway to change settings ** Register on http://www.dnswl.org/ + +* Discarded ideas +** SELinux +Not feasible at this point, too much overhead, not always obvious what causes problems etc. +** Apaches mod_security +Does only a subset of what OSSEC already does. +** fail2ban +Does only a subset of what OSSEC already does. + +* Org-mode settings +#+STARTUP: indent |