From 7625bc08ed30f9305cc719a2646bb81911d182dd Mon Sep 17 00:00:00 2001 From: Gustav Eek Date: Wed, 21 Dec 2011 23:06:17 +0100 Subject: More notes on Roundcube and preparation are added. Some more info is added on the Rouncube password problem. Some dates for the notes on migration prepareation were added. Notes on LJO's work added, which is - Partitioning, encryption and mounting of disks - First mail sync - Implementation of configuration files from antilop - Installation an prunage of packages - Preparation of OSsec. --- admin-log.org | 56 +++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 41 insertions(+), 15 deletions(-) diff --git a/admin-log.org b/admin-log.org index 7c68e7d..5df64d6 100644 --- a/admin-log.org +++ b/admin-log.org @@ -79,45 +79,71 @@ The =/etc/fstab= is no longer correct since "ext4dev" is not a supported file sy - create an SQL-script that tests all privileges, and try it on /roundcube@localhost/ and /roundcube@%/. - create that user on /antilop/ + <2011-12-21 ons> When users are added, the passwords are generated on a local computer, e.g. /cantor/ using the Perl function + : sub smd5 { + : my $pw = shift; + : my $salt = shift || &make_salt(); + : return "{SMD5}" . pad_base64( MIME::Base64::encode( Digest::MD5::md5( $pw . $salt ) . $salt, '' ) ); + : } + + written by Dominik Schulz, but suggested on Dovecote's wiki: [[http://wiki.dovecot.org/Authentication/PasswordSchemes]["Password Shemes"]]. Dot (.) means /concatenation/. This gives a salted 64-base MD5 encryption. + + Reading Roundcube's password plugin's README, suggests we should use the last two examples in section 2.1. Also read [[http://www.roundcubeforum.net/7-third-party-contributions/46-api-based-plugins/6624-dovecot-sql-driver-password.html]["Dovecot-SQL Driver for Password"]] on Roundcube's wiki carefully. The password seem to be doubled salted. * Preparation for migration of IMAP from /antilop/ to /mistral/ <2011-12-20 tis> +** Åtgärder <2011-12-21 ons> + + - Undersök inställningarna för IMAP + ** Administrator's user accounts. - The administrators /gustav/, /ljo/, and /skangas/ are in /\/etc\/sudoers/, and \/ + The administrators /gustav/, /ljo/, and /skangas/ are in /\/etc\/sudoers/, and /\/home\/\// name directories are copied from /antilop/. ** Files from /etc. - Files to transfer to /mistral/ are: + <2011-12-20 tis> Files to transfer to /mistral/ are: : bacula/ dovecot/ etckeeper/ logcheck/ mysql/ ossec-init.conf postfix/ rkhunter.conf rsyslog.conf ssh/sshd_config ssl/ - Archived in /\/home\/gustav\/ect-antilop-2011-12-20.tar.gz/, ready for transfer. + Archived in /\/home\/gustav\/ect-antilop-2011-12-20.tar.gz/, ready for transfer. -** check when done + <2011-12-21 ons> LJO transferred all gz-files to /mistral/. All config files are also installed on the system, so there should be nothing left to do (almoast). Check POSTFIX configuration once again. - - that /etc/cron.d and friends are the same as on /antilop/ +** Check when done -** change luks keys + - that /\/etc\/cron.d/ and friends are the same as on /antilop/ <2011-12-20 tis> + - POSTFIX configuration <2011-12-21 ons> -cite +** Mounting of file systems, etc. - Basically, you just add an additional password(LUKS allows up to 8 different passwords for the same volume) and delete the original password. Here's a link that describes the process in detail: + <2011-12-21 ons> The partition /\/dev\/mapper\/fripost/ -> /\/home\/mail/ is created and encrypted. Maybe the mount and encryption procedure needs to go through again. -http://www.saout.de/tikiwiki/tiki-in...eviceUsingLUKS +** Change luks keys + +Cite from Internet. - : # cryptsetup luksAddKey /dev/sdc1 +Basically, you just add an additional password(LUKS allows up to 8 different passwords for the same volume) and delete the original password. Here's a link that describes the process in detail: -Enter any LUKS passphrase: (enter an existing password for this partition) -key slot 0 unlocked. -Enter new passphrase for key slot: (enter the extra password) +http://www.saout.de/tikiwiki/tiki-in...eviceUsingLUKS +: # cryptsetup luksAddKey /dev/sdc1 : # cryptsetup luksDelKey /dev/sdc1 0 -** paket +** Packets + + <2011-12-20 tis> Alla paket som ska installeras och tas bort, både från dpkg-selections på antilop och från fripost-docs, finns i /\/home\/gustav\/selections-2011-12-20.tar.gz/ på antilop. + + <2011-12-21 ons> LJO transferred all gz-files to /mistral/. All packets of interest are installed and those that should be removed are pruned. + +** OSsec + + <2011-12-21 ons> OSsec is installed and running. Hope that the settings are good. + +** Synk of Maildir dirs. - Alla paket som ska installeras och tas bort, både från dpkg-selections på antilop och från fripost-docs, finns i /home/gustav/selections-2011-12-20.tar.gz på antilop. + <2011-12-21 ons> LJO synced mails once. ** WIP: making the switch -- cgit v1.2.3 From a3333208a8308ff48c664df46016ba888f3d8911 Mon Sep 17 00:00:00 2001 From: Stefan Kangas Date: Wed, 21 Dec 2011 21:17:06 +0100 Subject: Add some TODOs after discussion with Gustav --- todo.org | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/todo.org b/todo.org index b410127..e836969 100644 --- a/todo.org +++ b/todo.org @@ -21,6 +21,12 @@ CLOSED: [2011-12-21 Wed 14:24] CLOSED: [2011-11-20 Sun 16:01] *** DONE Upgrade luxemburg.marxist.se CLOSED: [2011-12-21 Wed 14:18] +** Upgrade Roundcube to the version in squeeze-backports +*** TODO Install and try it on zetkin +*** TODO Install it on harvey +** TODO Fix so that new passwords are hashed with SHA1 +** TODO Add this module to fripost-tools +http://www.vboxadm.net/files/lib/VBoxAdm/DovecotPW.ipm ** TODO Install PGP module in RoundCube ** TODO Implement greylisting on all receiving smarthosts ** TODO Convert ikiwiki to use org-mode backend -- cgit v1.2.3