#+TITLE: TODO for Fripost (internal administration use only) * Current projects ** Switching from-address in RoundCube *** TODO Investigate alternatives ** Bacula *** TODO Make sure that the data is actually replicated with rsync according to the current solution *** TODO Install the storage daemon on benjamin *** TODO Evaluate which transport to use (tunnel, etc) to relace rsync ** Upgrade systems to Squeeze *** TODO Upgrade harvey.marxist.se *** DONE Upgrade licia.vth.sgsnet.se CLOSED: [2011-11-20 Sun 16:01] *** DONE Upgrade luxemburg.marxist.se CLOSED: [2011-12-21 Wed 14:18] ** TODO Install PGP module in RoundCube ** TODO Implement greylisting on all receiving smarthosts ** TODO Convert ikiwiki to use org-mode backend ** TODO Change RoundCube logo to Fripost logo ** TODO Document installation of OSSEC - We will use the standalone rather than client-server solution ** TODO Document how to enable encrypted swap ** TODO Implement firewall rules on the systems ** Research how users are to change passwords - One system has to have update access to MySQL - Are there any good control panels out there? *** Integration into Roundcube? Really necessary/the best way? From Roundcube's [[http://trac.roundcube.net/wiki/Plugin_Repository][Plugin Repository]] one can reach an Plugin for changing password: [[http://trac.roundcube.net/browser/trunk/plugins/password][password]]. ** TODO Register on http://www.dnswl.org/ ** TODO Fix mounting of raid device on benjamin in accordance with Debian 6.0 Information on this can be found in admin log-file * Deferred projects ** Think about what to use as main server in the future ** SMTP server *** Need hardware OR use ljos smtp server *** Should be given priority since users have requested this ** Move the wiki to fripost.org/wiki ** Monitoring - Munin *** TODO Give one configuration example so we could decide on what we need to activate ljo already uses Munin, so we could look at his configuration ** User level filtering of emails - We will use sieve, perhaps managesieve? ** Spamassassin (opt-in) - one idea for handling the opt-in feature is: have people opt-in by creating a spamfolder. make it clear that if they create a spam folder, they are opting in automatically. check ljos text at sac.se/it ** Evaluate SSH-tunnels vs VPN ** Central log server using rsyslogd *** Hardware is needed ** Distributed storage for backups - Tahoe FS/LAFS. ** Implement quotas Can probably wait until December 23, 2012. ** Write a policy for our PGP-keys [[http://www.haven-project.org/][Haven Project]] * Maybe ** Create a mail gateway to change settings * Discarded ideas ** Improve logcheck rules (increase signal to noise ratio) Reason for discarding: not very concrete ** SELinux Reason for discarding: Not feasible at this point, too much overhead, not always obvious what causes problems etc. ** Apaches mod_security Reason for discarding: Does only a subset of what OSSEC already does. ** fail2ban Reason for discarding: Does only a subset of what OSSEC already does. * Org-mode settings #+STARTUP: indent