aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStefan Kangas <skangas@skangas.se>2011-07-13 13:02:59 +0200
committerStefan Kangas <skangas@skangas.se>2011-07-13 13:02:59 +0200
commit29c72faec7d63dcf237173a51d0f7bce5e71ed15 (patch)
tree71f278fe32a7dc33c6fac0d98e16ba82f0d59784
parent1c738478b2353921bde779f216995d76a9d7a699 (diff)
Add notes from meeting
-rw-r--r--todo.org87
1 files changed, 53 insertions, 34 deletions
diff --git a/todo.org b/todo.org
index fc8a9eb..9ae5d04 100644
--- a/todo.org
+++ b/todo.org
@@ -1,56 +1,74 @@
#+TITLE: TODO for Fripost (internal administration use only)
-* Results of brainstorming
-** Bacula
-- How to properly send data to the backup server?
-** Filtering emails
-- We will use sieve, perhaps managesieve?
-** Spamassassin (opt-in)
-** Evaluate SSH-tunnels vs VPN
-** Improve logcheck rules (increase signal to noise ratio)
-** Monitoring - Munin
-** Central log server
-** Distributed storage: backing up
-- Tahoe FS/LAFS.
-** Move the wiki to fripost.org/wiki
-** SMTP server
-- Should be given priority since users have requested this
-** Think about what to do with the main server
-** Think about getting more hardware
+* Current projects
** Switching from-address in RoundCube
-
-* Tasks
+*** TODO Investigate alternatives
+** Bacula
+*** TODO Make sure that the data is actually replicated with rsync according to the current solution
+*** TODO Install the storage daemon on benjamin
+*** TODO Evaluate which transport to use (tunnel, etc) to relace rsync
** Upgrade systems to Squeeze
*** TODO Upgrade harvey.marxist.se
*** TODO Upgrade licia.vth.sgsnet.se
*** TODO Upgrade luxemburg.marxist.se
-** Implement quotas
-** Install PGP module in RoundCube
-** Implement greylisting on luxemburg and elefant
-Skapad: [2011-03-13 Sun 01:37]
-** Convert ikiwiki to use org-mode backend
-** Change RoundCube logo to Fripost logo
-** Write down procedures for installing OSSEC
+** TODO Install PGP module in RoundCube
+** TODO Implement greylisting on all receiving smarthosts
+** TODO Convert ikiwiki to use org-mode backend
+** TODO Change RoundCube logo to Fripost logo
+** TODO Document installation of OSSEC
- We will use the standalone rather than client-server solution
-** Document how to enable encrypted swap
-
-* More research needed
-** Implement firewall rules on the systems
-** Decide how users are to change passwords
+** TODO Document how to enable encrypted swap
+** TODO Implement firewall rules on the systems
+** Research how users are to change passwords
- One system has to have update access to MySQL
- Are there any good control panels out there?
- Integration into RoundCube? Really necessary/the best way?
+** TODO Register on http://www.dnswl.org/
+
+
+
+
+* Deferred projects
+** Think about what to use as main server in the future
+** SMTP server
+*** Need hardware OR use ljos smtp server
+*** Should be given priority since users have requested this
+
+** Move the wiki to fripost.org/wiki
+** Monitoring - Munin
+*** TODO Give one configuration example so we could decide on what we need to activate
+ljo already uses Munin, so we could look at his configuration
+** User level filtering of emails
+- We will use sieve, perhaps managesieve?
+** Spamassassin (opt-in)
+- one idea for handling the opt-in feature is: have people opt-in by creating a
+ spamfolder. make it clear that if they create a spam folder, they are opting
+ in automatically. check ljos text at sac.se/it
+** Evaluate SSH-tunnels vs VPN
+
+** Central log server using rsyslogd
+*** Hardware is needed
+
+** Distributed storage for backups
+- Tahoe FS/LAFS.
+
+** Implement quotas
+Can probably wait until December 23, 2012.
+
** Write a policy for our PGP-keys
[[http://www.haven-project.org/][Haven Project]]
-* Deferred tasks
+
+
* Maybe
-** Mail gateway to change settings
-** Register on http://www.dnswl.org/
+** Create a mail gateway to change settings
+
* Discarded ideas
+** Improve logcheck rules (increase signal to noise ratio)
+Reason for discarding: not very concrete
** SELinux
Not feasible at this point, too much overhead, not always obvious what causes problems etc.
** Apaches mod_security
@@ -58,5 +76,6 @@ Does only a subset of what OSSEC already does.
** fail2ban
Does only a subset of what OSSEC already does.
+
* Org-mode settings
#+STARTUP: indent