path: root/todo.org

#+TITLE: TODO for Fripost (internal administration use only)

* Results of brainstorming
** Bacula
- How to properly send data to the backup server?
** Filtering emails
- We will use sieve, perhaps managesieve?
** Spamassassin (opt-in)
** Evaluate SSH-tunnels vs VPN
** Improve logcheck rules (increase signal to noise ratio)
** Monitoring - Munin
** Central log server
** Distributed storage: backing up
- Tahoe FS/LAFS.
** Move the wiki to fripost.org/wiki
** SMTP server
- Should be given priority since users have requested this
** Think about what to do with the main server
** Think about getting more hardware
** Switching from-address in RoundCube

* Tasks
** Upgrade systems to Squeeze
*** TODO Upgrade harvey.marxist.se
*** TODO Upgrade licia.vth.sgsnet.se
*** TODO Upgrade luxemburg.marxist.se
** Implement quotas
** Install PGP module in RoundCube
** Implement greylisting on luxemburg and elefant
Skapad: [2011-03-13 Sun 01:37]
** Convert ikiwiki to use org-mode backend
** Change RoundCube logo to Fripost logo
** Write down procedures for installing OSSEC
- We will use the standalone rather than client-server solution
** Document how to enable encrypted swap

* More research needed
** Implement firewall rules on the systems
** Decide how users are to change passwords
   - One system has to have update access to MySQL
   - Are there any good control panels out there?
   - Integration into RoundCube? Really necessary/the best way?
** Write a policy for our PGP-keys
[[http://www.haven-project.org/][Haven Project]]


* Deferred tasks

* Maybe
** Mail gateway to change settings
** Register on http://www.dnswl.org/

* Discarded ideas
** SELinux
Not feasible at this point, too much overhead, not always obvious what causes problems etc.
** Apaches mod_security
Does only a subset of what OSSEC already does.
** fail2ban
Does only a subset of what OSSEC already does.

* Org-mode settings
#+STARTUP: indent