#+TITLE: TODO for Fripost (internal administration use only) * Current projects ** TODO Bacula [0/3] *** TODO Make sure that the data is actually replicated with rsync according to the current solution *** TODO Install the storage daemon on benjamin *** TODO Evaluate which transport to use (tunnel, etc) to relace rsync ** TODO Upgrade Roundcube to the version in squeeze-backports *** TODO Install and try it on zetkin *** TODO Install it on harvey ** TODO Fix so that new passwords are hashed with SHA1 ** TODO Add this module to fripost-tools http://www.vboxadm.net/files/lib/VBoxAdm/DovecotPW.ipm ** TODO Install PGP module in RoundCube ** TODO Add greylisting to all receiving smarthosts ** TODO Convert ikiwiki to use org-mode backend ** TODO Document installation of OSSEC - We will use the standalone rather than client-server solution ** TODO Document how to enable encrypted swap ** TODO Implement firewall rules on the systems ** TODO Register on http://www.dnswl.org/ ** TODO Fix mounting of raid device on benjamin in accordance with Debian 6.0 Information on this can be found in admin log-file ** TODO Fix attachments > 5 MB in RC ** TODO Fix so that we can use better value for RC imap auth type Currently, we have $rcmail_config['imap_auth_type'] = 'plain'; ** TODO Determine how we should handle RC identities e.g. $rcmail_config['identities_level'] = 0; is not ideal there should be some sort of verification before emailing, such that a user e.g. cannot email from our webmail using admin@fripost.org ** TODO Add link from mail.fripost.org to fripost.org * Deferred projects ** SMTP server - We'll use gnu.friprogramvarusyndikatet.se for this - Should be given priority since users have requested this ** Move the wiki to fripost.org/wiki ** Monitoring - Munin *** TODO Give one configuration example so we could decide on what we need to activate ljo already uses Munin, so we could look at his configuration ** User level filtering of emails - We will use sieve, perhaps managesieve? ** Spamassassin (opt-in) - one idea for handling the opt-in feature is: have people opt-in by creating a spamfolder. make it clear that if they create a spam folder, they are opting in automatically. check ljos text at sac.se/it ** Evaluate SSH-tunnels vs VPN ** Central log server using rsyslogd *** Hardware is needed ** Distributed storage for backups - Tahoe FS/LAFS. ** Implement quotas Can probably wait until December 23, 2012. ** Write a policy for our PGP-keys [[http://www.haven-project.org/][Haven Project]] ** Evaluate cfengine ** fripost-adduser should not allow user to be added if there is an alias by that name * Maybe ** Create a mail gateway to change settings * Discarded ideas ** Improve logcheck rules (increase signal to noise ratio) Reason for discarding: not very concrete ** SELinux Reason for discarding: Not feasible at this point, too much overhead, not always obvious what causes problems etc. ** Apaches mod_security Reason for discarding: Does only a subset of what OSSEC already does. ** fail2ban Reason for discarding: Does only a subset of what OSSEC already does. * Org-mode settings #+STARTUP: indent #+STARTUP: logdone #+STARTUP: lognotedone