From 29c72faec7d63dcf237173a51d0f7bce5e71ed15 Mon Sep 17 00:00:00 2001 From: Stefan Kangas Date: Wed, 13 Jul 2011 13:02:59 +0200 Subject: Add notes from meeting --- todo.org | 87 +++++++++++++++++++++++++++++++++++++++------------------------- 1 file changed, 53 insertions(+), 34 deletions(-) (limited to 'todo.org') diff --git a/todo.org b/todo.org index fc8a9eb..9ae5d04 100644 --- a/todo.org +++ b/todo.org @@ -1,56 +1,74 @@ #+TITLE: TODO for Fripost (internal administration use only) -* Results of brainstorming -** Bacula -- How to properly send data to the backup server? -** Filtering emails -- We will use sieve, perhaps managesieve? -** Spamassassin (opt-in) -** Evaluate SSH-tunnels vs VPN -** Improve logcheck rules (increase signal to noise ratio) -** Monitoring - Munin -** Central log server -** Distributed storage: backing up -- Tahoe FS/LAFS. -** Move the wiki to fripost.org/wiki -** SMTP server -- Should be given priority since users have requested this -** Think about what to do with the main server -** Think about getting more hardware +* Current projects ** Switching from-address in RoundCube - -* Tasks +*** TODO Investigate alternatives +** Bacula +*** TODO Make sure that the data is actually replicated with rsync according to the current solution +*** TODO Install the storage daemon on benjamin +*** TODO Evaluate which transport to use (tunnel, etc) to relace rsync ** Upgrade systems to Squeeze *** TODO Upgrade harvey.marxist.se *** TODO Upgrade licia.vth.sgsnet.se *** TODO Upgrade luxemburg.marxist.se -** Implement quotas -** Install PGP module in RoundCube -** Implement greylisting on luxemburg and elefant -Skapad: [2011-03-13 Sun 01:37] -** Convert ikiwiki to use org-mode backend -** Change RoundCube logo to Fripost logo -** Write down procedures for installing OSSEC +** TODO Install PGP module in RoundCube +** TODO Implement greylisting on all receiving smarthosts +** TODO Convert ikiwiki to use org-mode backend +** TODO Change RoundCube logo to Fripost logo +** TODO Document installation of OSSEC - We will use the standalone rather than client-server solution -** Document how to enable encrypted swap - -* More research needed -** Implement firewall rules on the systems -** Decide how users are to change passwords +** TODO Document how to enable encrypted swap +** TODO Implement firewall rules on the systems +** Research how users are to change passwords - One system has to have update access to MySQL - Are there any good control panels out there? - Integration into RoundCube? Really necessary/the best way? +** TODO Register on http://www.dnswl.org/ + + + + +* Deferred projects +** Think about what to use as main server in the future +** SMTP server +*** Need hardware OR use ljos smtp server +*** Should be given priority since users have requested this + +** Move the wiki to fripost.org/wiki +** Monitoring - Munin +*** TODO Give one configuration example so we could decide on what we need to activate +ljo already uses Munin, so we could look at his configuration +** User level filtering of emails +- We will use sieve, perhaps managesieve? +** Spamassassin (opt-in) +- one idea for handling the opt-in feature is: have people opt-in by creating a + spamfolder. make it clear that if they create a spam folder, they are opting + in automatically. check ljos text at sac.se/it +** Evaluate SSH-tunnels vs VPN + +** Central log server using rsyslogd +*** Hardware is needed + +** Distributed storage for backups +- Tahoe FS/LAFS. + +** Implement quotas +Can probably wait until December 23, 2012. + ** Write a policy for our PGP-keys [[http://www.haven-project.org/][Haven Project]] -* Deferred tasks + + * Maybe -** Mail gateway to change settings -** Register on http://www.dnswl.org/ +** Create a mail gateway to change settings + * Discarded ideas +** Improve logcheck rules (increase signal to noise ratio) +Reason for discarding: not very concrete ** SELinux Not feasible at this point, too much overhead, not always obvious what causes problems etc. ** Apaches mod_security @@ -58,5 +76,6 @@ Does only a subset of what OSSEC already does. ** fail2ban Does only a subset of what OSSEC already does. + * Org-mode settings #+STARTUP: indent -- cgit v1.2.3