diff options
| author | Stefan Kangas <skangas@skangas.se> | 2011-12-22 01:17:59 +0100 |
|---|---|---|
| committer | Stefan Kangas <skangas@skangas.se> | 2011-12-22 01:17:59 +0100 |
| commit | 3fa81210c383a3c56630e52361a888452e87bb09 (patch) | |
| tree | 0b891733a19034883d288c88be5877a0e98acfa5 | |
| parent | 99c8b1c5af93091e528c937f12b3a3fb96afc388 (diff) | |
| parent | 13e34233603d50074b089c9ce8410deef5013feb (diff) | |
Merge branch 'master' of zetkin.marxist.se:fripost-admin
| -rw-r--r-- | admin-log.org | 56 |
1 files changed, 41 insertions, 15 deletions
diff --git a/admin-log.org b/admin-log.org index 0b97094..8e0aa84 100644 --- a/admin-log.org +++ b/admin-log.org @@ -79,45 +79,71 @@ The =/etc/fstab= is no longer correct since "ext4dev" is not a supported file sy - create an SQL-script that tests all privileges, and try it on /roundcube@localhost/ and /roundcube@%/. - create that user on /antilop/ + <2011-12-21 ons> When users are added, the passwords are generated on a local computer, e.g. /cantor/ using the Perl function + : sub smd5 { + : my $pw = shift; + : my $salt = shift || &make_salt(); + : return "{SMD5}" . pad_base64( MIME::Base64::encode( Digest::MD5::md5( $pw . $salt ) . $salt, '' ) ); + : } + + written by Dominik Schulz, but suggested on Dovecote's wiki: [[http://wiki.dovecot.org/Authentication/PasswordSchemes]["Password Shemes"]]. Dot (.) means /concatenation/. This gives a salted 64-base MD5 encryption. + + Reading Roundcube's password plugin's README, suggests we should use the last two examples in section 2.1. Also read [[http://www.roundcubeforum.net/7-third-party-contributions/46-api-based-plugins/6624-dovecot-sql-driver-password.html]["Dovecot-SQL Driver for Password"]] on Roundcube's wiki carefully. The password seem to be doubled salted. * Preparation for migration of IMAP from /antilop/ to /mistral/ <2011-12-20 tis> +** Åtgärder <2011-12-21 ons> + + - Undersök inställningarna för IMAP + ** Administrator's user accounts. - The administrators /gustav/, /ljo/, and /skangas/ are in /\/etc\/sudoers/, and \/ + The administrators /gustav/, /ljo/, and /skangas/ are in /\/etc\/sudoers/, and /\/home\/<name>\// name directories are copied from /antilop/. ** Files from /etc. - Files to transfer to /mistral/ are: + <2011-12-20 tis> Files to transfer to /mistral/ are: : bacula/ dovecot/ etckeeper/ logcheck/ mysql/ ossec-init.conf postfix/ rkhunter.conf rsyslog.conf ssh/sshd_config ssl/ - Archived in /\/home\/gustav\/ect-antilop-2011-12-20.tar.gz/, ready for transfer. + Archived in /\/home\/gustav\/ect-antilop-2011-12-20.tar.gz/, ready for transfer. -** check when done + <2011-12-21 ons> LJO transferred all gz-files to /mistral/. All config files are also installed on the system, so there should be nothing left to do (almoast). Check POSTFIX configuration once again. - - that /etc/cron.d and friends are the same as on /antilop/ +** Check when done -** change luks keys + - that /\/etc\/cron.d/ and friends are the same as on /antilop/ <2011-12-20 tis> + - POSTFIX configuration <2011-12-21 ons> -cite +** Mounting of file systems, etc. - Basically, you just add an additional password(LUKS allows up to 8 different passwords for the same volume) and delete the original password. Here's a link that describes the process in detail: + <2011-12-21 ons> The partition /\/dev\/mapper\/fripost/ -> /\/home\/mail/ is created and encrypted. Maybe the mount and encryption procedure needs to go through again. -http://www.saout.de/tikiwiki/tiki-in...eviceUsingLUKS +** Change luks keys + +Cite from Internet. - : # cryptsetup luksAddKey /dev/sdc1 +Basically, you just add an additional password(LUKS allows up to 8 different passwords for the same volume) and delete the original password. Here's a link that describes the process in detail: -Enter any LUKS passphrase: (enter an existing password for this partition) -key slot 0 unlocked. -Enter new passphrase for key slot: (enter the extra password) +http://www.saout.de/tikiwiki/tiki-in...eviceUsingLUKS +: # cryptsetup luksAddKey /dev/sdc1 : # cryptsetup luksDelKey /dev/sdc1 0 -** paket +** Packets + + <2011-12-20 tis> Alla paket som ska installeras och tas bort, både från dpkg-selections på antilop och från fripost-docs, finns i /\/home\/gustav\/selections-2011-12-20.tar.gz/ på antilop. + + <2011-12-21 ons> LJO transferred all gz-files to /mistral/. All packets of interest are installed and those that should be removed are pruned. + +** OSsec + + <2011-12-21 ons> OSsec is installed and running. Hope that the settings are good. + +** Synk of Maildir dirs. - Alla paket som ska installeras och tas bort, både från dpkg-selections på antilop och från fripost-docs, finns i /home/gustav/selections-2011-12-20.tar.gz på antilop. + <2011-12-21 ons> LJO synced mails once. ** WIP: making the switch |