diff options
author | Gustav Eek <gustav@fripost.org> | 2011-12-21 23:06:17 +0100 |
---|---|---|
committer | Gustav Eek <gustav@fripost.org> | 2011-12-21 23:10:22 +0100 |
commit | 7625bc08ed30f9305cc719a2646bb81911d182dd (patch) | |
tree | 74e3f390e65827413aec04c6afdaf7579c8ec706 | |
parent | a98d86652fceb621e297f13868395790ea3fe74c (diff) |
More notes on Roundcube and preparation are added.
Some more info is added on the Rouncube password problem.
Some dates for the notes on migration prepareation were added. Notes on
LJO's work added, which is
- Partitioning, encryption and mounting of disks
- First mail sync
- Implementation of configuration files from antilop
- Installation an prunage of packages
- Preparation of OSsec.
-rw-r--r-- | admin-log.org | 56 |
1 files changed, 41 insertions, 15 deletions
diff --git a/admin-log.org b/admin-log.org index 7c68e7d..5df64d6 100644 --- a/admin-log.org +++ b/admin-log.org @@ -79,45 +79,71 @@ The =/etc/fstab= is no longer correct since "ext4dev" is not a supported file sy - create an SQL-script that tests all privileges, and try it on /roundcube@localhost/ and /roundcube@%/. - create that user on /antilop/ + <2011-12-21 ons> When users are added, the passwords are generated on a local computer, e.g. /cantor/ using the Perl function + : sub smd5 { + : my $pw = shift; + : my $salt = shift || &make_salt(); + : return "{SMD5}" . pad_base64( MIME::Base64::encode( Digest::MD5::md5( $pw . $salt ) . $salt, '' ) ); + : } + + written by Dominik Schulz, but suggested on Dovecote's wiki: [[http://wiki.dovecot.org/Authentication/PasswordSchemes]["Password Shemes"]]. Dot (.) means /concatenation/. This gives a salted 64-base MD5 encryption. + + Reading Roundcube's password plugin's README, suggests we should use the last two examples in section 2.1. Also read [[http://www.roundcubeforum.net/7-third-party-contributions/46-api-based-plugins/6624-dovecot-sql-driver-password.html]["Dovecot-SQL Driver for Password"]] on Roundcube's wiki carefully. The password seem to be doubled salted. * Preparation for migration of IMAP from /antilop/ to /mistral/ <2011-12-20 tis> +** Åtgärder <2011-12-21 ons> + + - Undersök inställningarna för IMAP + ** Administrator's user accounts. - The administrators /gustav/, /ljo/, and /skangas/ are in /\/etc\/sudoers/, and \/ + The administrators /gustav/, /ljo/, and /skangas/ are in /\/etc\/sudoers/, and /\/home\/<name>\// name directories are copied from /antilop/. ** Files from /etc. - Files to transfer to /mistral/ are: + <2011-12-20 tis> Files to transfer to /mistral/ are: : bacula/ dovecot/ etckeeper/ logcheck/ mysql/ ossec-init.conf postfix/ rkhunter.conf rsyslog.conf ssh/sshd_config ssl/ - Archived in /\/home\/gustav\/ect-antilop-2011-12-20.tar.gz/, ready for transfer. + Archived in /\/home\/gustav\/ect-antilop-2011-12-20.tar.gz/, ready for transfer. -** check when done + <2011-12-21 ons> LJO transferred all gz-files to /mistral/. All config files are also installed on the system, so there should be nothing left to do (almoast). Check POSTFIX configuration once again. - - that /etc/cron.d and friends are the same as on /antilop/ +** Check when done -** change luks keys + - that /\/etc\/cron.d/ and friends are the same as on /antilop/ <2011-12-20 tis> + - POSTFIX configuration <2011-12-21 ons> -cite +** Mounting of file systems, etc. - Basically, you just add an additional password(LUKS allows up to 8 different passwords for the same volume) and delete the original password. Here's a link that describes the process in detail: + <2011-12-21 ons> The partition /\/dev\/mapper\/fripost/ -> /\/home\/mail/ is created and encrypted. Maybe the mount and encryption procedure needs to go through again. -http://www.saout.de/tikiwiki/tiki-in...eviceUsingLUKS +** Change luks keys + +Cite from Internet. - : # cryptsetup luksAddKey /dev/sdc1 +Basically, you just add an additional password(LUKS allows up to 8 different passwords for the same volume) and delete the original password. Here's a link that describes the process in detail: -Enter any LUKS passphrase: (enter an existing password for this partition) -key slot 0 unlocked. -Enter new passphrase for key slot: (enter the extra password) +http://www.saout.de/tikiwiki/tiki-in...eviceUsingLUKS +: # cryptsetup luksAddKey /dev/sdc1 : # cryptsetup luksDelKey /dev/sdc1 0 -** paket +** Packets + + <2011-12-20 tis> Alla paket som ska installeras och tas bort, både från dpkg-selections på antilop och från fripost-docs, finns i /\/home\/gustav\/selections-2011-12-20.tar.gz/ på antilop. + + <2011-12-21 ons> LJO transferred all gz-files to /mistral/. All packets of interest are installed and those that should be removed are pruned. + +** OSsec + + <2011-12-21 ons> OSsec is installed and running. Hope that the settings are good. + +** Synk of Maildir dirs. - Alla paket som ska installeras och tas bort, både från dpkg-selections på antilop och från fripost-docs, finns i /home/gustav/selections-2011-12-20.tar.gz på antilop. + <2011-12-21 ons> LJO synced mails once. ** WIP: making the switch |