From 1c738478b2353921bde779f216995d76a9d7a699 Mon Sep 17 00:00:00 2001
From: Stefan Kangas <skangas@skangas.se>
Date: Wed, 15 Jun 2011 23:56:17 +0200
Subject: Add result of brainstorming session at 2011-06-15.

---
 todo.org | 42 +++++++++++++++++++++++++++++++++++-------
 1 file changed, 35 insertions(+), 7 deletions(-)

(limited to 'todo.org')

diff --git a/todo.org b/todo.org
index 7c8a27f..fc8a9eb 100644
--- a/todo.org
+++ b/todo.org
@@ -1,5 +1,23 @@
-#+TITLE: TODO
-#+STARTUP: indent
+#+TITLE: TODO for Fripost (internal administration use only)
+
+* Results of brainstorming
+** Bacula
+- How to properly send data to the backup server?
+** Filtering emails
+- We will use sieve, perhaps managesieve?
+** Spamassassin (opt-in)
+** Evaluate SSH-tunnels vs VPN
+** Improve logcheck rules (increase signal to noise ratio)
+** Monitoring - Munin
+** Central log server
+** Distributed storage: backing up
+- Tahoe FS/LAFS.
+** Move the wiki to fripost.org/wiki
+** SMTP server
+- Should be given priority since users have requested this
+** Think about what to do with the main server
+** Think about getting more hardware
+** Switching from-address in RoundCube
 
 * Tasks
 ** Upgrade systems to Squeeze
@@ -10,14 +28,13 @@
 ** Install PGP module in RoundCube
 ** Implement greylisting on luxemburg and elefant
 Skapad: [2011-03-13 Sun 01:37]
-
-** Convert ikiwiki to use org-mode backend, including
+** Convert ikiwiki to use org-mode backend
 ** Change RoundCube logo to Fripost logo
+** Write down procedures for installing OSSEC
+- We will use the standalone rather than client-server solution
+** Document how to enable encrypted swap
 
 * More research needed
-** Begin examining OSSEC
-** Document how to enable encrypted swap
-Skapad: [2011-03-13 Sun 01:31]
 ** Implement firewall rules on the systems
 ** Decide how users are to change passwords
    - One system has to have update access to MySQL
@@ -32,3 +49,14 @@ Skapad: [2011-03-13 Sun 01:31]
 * Maybe
 ** Mail gateway to change settings
 ** Register on http://www.dnswl.org/
+
+* Discarded ideas
+** SELinux
+Not feasible at this point, too much overhead, not always obvious what causes problems etc.
+** Apaches mod_security
+Does only a subset of what OSSEC already does.
+** fail2ban
+Does only a subset of what OSSEC already does.
+
+* Org-mode settings
+#+STARTUP: indent
-- 
cgit v1.2.3