From 1c738478b2353921bde779f216995d76a9d7a699 Mon Sep 17 00:00:00 2001 From: Stefan Kangas Date: Wed, 15 Jun 2011 23:56:17 +0200 Subject: Add result of brainstorming session at 2011-06-15. --- todo.org | 42 +++++++++++++++++++++++++++++++++++------- 1 file changed, 35 insertions(+), 7 deletions(-) diff --git a/todo.org b/todo.org index 7c8a27f..fc8a9eb 100644 --- a/todo.org +++ b/todo.org @@ -1,5 +1,23 @@ -#+TITLE: TODO -#+STARTUP: indent +#+TITLE: TODO for Fripost (internal administration use only) + +* Results of brainstorming +** Bacula +- How to properly send data to the backup server? +** Filtering emails +- We will use sieve, perhaps managesieve? +** Spamassassin (opt-in) +** Evaluate SSH-tunnels vs VPN +** Improve logcheck rules (increase signal to noise ratio) +** Monitoring - Munin +** Central log server +** Distributed storage: backing up +- Tahoe FS/LAFS. +** Move the wiki to fripost.org/wiki +** SMTP server +- Should be given priority since users have requested this +** Think about what to do with the main server +** Think about getting more hardware +** Switching from-address in RoundCube * Tasks ** Upgrade systems to Squeeze @@ -10,14 +28,13 @@ ** Install PGP module in RoundCube ** Implement greylisting on luxemburg and elefant Skapad: [2011-03-13 Sun 01:37] - -** Convert ikiwiki to use org-mode backend, including +** Convert ikiwiki to use org-mode backend ** Change RoundCube logo to Fripost logo +** Write down procedures for installing OSSEC +- We will use the standalone rather than client-server solution +** Document how to enable encrypted swap * More research needed -** Begin examining OSSEC -** Document how to enable encrypted swap -Skapad: [2011-03-13 Sun 01:31] ** Implement firewall rules on the systems ** Decide how users are to change passwords - One system has to have update access to MySQL @@ -32,3 +49,14 @@ Skapad: [2011-03-13 Sun 01:31] * Maybe ** Mail gateway to change settings ** Register on http://www.dnswl.org/ + +* Discarded ideas +** SELinux +Not feasible at this point, too much overhead, not always obvious what causes problems etc. +** Apaches mod_security +Does only a subset of what OSSEC already does. +** fail2ban +Does only a subset of what OSSEC already does. + +* Org-mode settings +#+STARTUP: indent -- cgit v1.2.3