aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGustav Eek <gustav@fripost.org>2011-12-21 23:06:17 +0100
committerGustav Eek <gustav@fripost.org>2011-12-21 23:10:22 +0100
commit7625bc08ed30f9305cc719a2646bb81911d182dd (patch)
tree74e3f390e65827413aec04c6afdaf7579c8ec706
parenta98d86652fceb621e297f13868395790ea3fe74c (diff)
More notes on Roundcube and preparation are added.
Some more info is added on the Rouncube password problem. Some dates for the notes on migration prepareation were added. Notes on LJO's work added, which is - Partitioning, encryption and mounting of disks - First mail sync - Implementation of configuration files from antilop - Installation an prunage of packages - Preparation of OSsec.
-rw-r--r--admin-log.org56
1 files changed, 41 insertions, 15 deletions
diff --git a/admin-log.org b/admin-log.org
index 7c68e7d..5df64d6 100644
--- a/admin-log.org
+++ b/admin-log.org
@@ -79,45 +79,71 @@ The =/etc/fstab= is no longer correct since "ext4dev" is not a supported file sy
- create an SQL-script that tests all privileges, and try it on /roundcube@localhost/ and /roundcube@%/.
- create that user on /antilop/
+ <2011-12-21 ons> When users are added, the passwords are generated on a local computer, e.g. /cantor/ using the Perl function
+ : sub smd5 {
+ : my $pw = shift;
+ : my $salt = shift || &make_salt();
+ : return "{SMD5}" . pad_base64( MIME::Base64::encode( Digest::MD5::md5( $pw . $salt ) . $salt, '' ) );
+ : }
+
+ written by Dominik Schulz, but suggested on Dovecote's wiki: [[http://wiki.dovecot.org/Authentication/PasswordSchemes]["Password Shemes"]]. Dot (.) means /concatenation/. This gives a salted 64-base MD5 encryption.
+
+ Reading Roundcube's password plugin's README, suggests we should use the last two examples in section 2.1. Also read [[http://www.roundcubeforum.net/7-third-party-contributions/46-api-based-plugins/6624-dovecot-sql-driver-password.html]["Dovecot-SQL Driver for Password"]] on Roundcube's wiki carefully. The password seem to be doubled salted.
* Preparation for migration of IMAP from /antilop/ to /mistral/ <2011-12-20 tis>
+** Åtgärder <2011-12-21 ons>
+
+ - Undersök inställningarna för IMAP
+
** Administrator's user accounts.
- The administrators /gustav/, /ljo/, and /skangas/ are in /\/etc\/sudoers/, and \/
+ The administrators /gustav/, /ljo/, and /skangas/ are in /\/etc\/sudoers/, and /\/home\/<name>\// name directories are copied from /antilop/.
** Files from /etc.
- Files to transfer to /mistral/ are:
+ <2011-12-20 tis> Files to transfer to /mistral/ are:
: bacula/ dovecot/ etckeeper/ logcheck/ mysql/ ossec-init.conf postfix/ rkhunter.conf rsyslog.conf ssh/sshd_config ssl/
- Archived in /\/home\/gustav\/ect-antilop-2011-12-20.tar.gz/, ready for transfer.
+ Archived in /\/home\/gustav\/ect-antilop-2011-12-20.tar.gz/, ready for transfer.
-** check when done
+ <2011-12-21 ons> LJO transferred all gz-files to /mistral/. All config files are also installed on the system, so there should be nothing left to do (almoast). Check POSTFIX configuration once again.
- - that /etc/cron.d and friends are the same as on /antilop/
+** Check when done
-** change luks keys
+ - that /\/etc\/cron.d/ and friends are the same as on /antilop/ <2011-12-20 tis>
+ - POSTFIX configuration <2011-12-21 ons>
-cite
+** Mounting of file systems, etc.
- Basically, you just add an additional password(LUKS allows up to 8 different passwords for the same volume) and delete the original password. Here's a link that describes the process in detail:
+ <2011-12-21 ons> The partition /\/dev\/mapper\/fripost/ -> /\/home\/mail/ is created and encrypted. Maybe the mount and encryption procedure needs to go through again.
-http://www.saout.de/tikiwiki/tiki-in...eviceUsingLUKS
+** Change luks keys
+
+Cite from Internet.
- : # cryptsetup luksAddKey /dev/sdc1
+Basically, you just add an additional password(LUKS allows up to 8 different passwords for the same volume) and delete the original password. Here's a link that describes the process in detail:
-Enter any LUKS passphrase: (enter an existing password for this partition)
-key slot 0 unlocked.
-Enter new passphrase for key slot: (enter the extra password)
+http://www.saout.de/tikiwiki/tiki-in...eviceUsingLUKS
+: # cryptsetup luksAddKey /dev/sdc1
: # cryptsetup luksDelKey /dev/sdc1 0
-** paket
+** Packets
+
+ <2011-12-20 tis> Alla paket som ska installeras och tas bort, både från dpkg-selections på antilop och från fripost-docs, finns i /\/home\/gustav\/selections-2011-12-20.tar.gz/ på antilop.
+
+ <2011-12-21 ons> LJO transferred all gz-files to /mistral/. All packets of interest are installed and those that should be removed are pruned.
+
+** OSsec
+
+ <2011-12-21 ons> OSsec is installed and running. Hope that the settings are good.
+
+** Synk of Maildir dirs.
- Alla paket som ska installeras och tas bort, både från dpkg-selections på antilop och från fripost-docs, finns i /home/gustav/selections-2011-12-20.tar.gz på antilop.
+ <2011-12-21 ons> LJO synced mails once.
** WIP: making the switch