aboutsummaryrefslogtreecommitdiffstats
path: root/todo.org
blob: e8369695020d44a0820f883001be18a47efa8be7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#+TITLE: TODO for Fripost (internal administration use only)

* Current projects
** TODO Fix relaying emails on elefant.fripost.org
** TODO Research error and fix it
The following error shows up on both luxemburg and elefant:
    Dec 21 05:27:17 luxemburg mysqld: 111221  5:27:17 [Warning] Neither --relay-log nor --relay-log-index were used; so replication may break when this MySQL server acts as a slave and has his hostname changed!! Please use '--relay-log=mysqld-relay-bin' to avoid this problem.
** Switching from-address in RoundCube
*** CANCELED Investigate alternatives
CLOSED: [2011-12-21 Wed 14:24]
- CLOSING NOTE [2011-12-21 Wed 14:25] \\
  This functionality is already in RoundCube
*** TODO Document this functionality, or add this TODO to the wiki
** Bacula
*** TODO Make sure that the data is actually replicated with rsync according to the current solution 
*** TODO Install the storage daemon on benjamin
*** TODO Evaluate which transport to use (tunnel, etc) to relace rsync
** Upgrade systems to Squeeze
*** TODO Upgrade harvey.marxist.se
*** DONE Upgrade licia.vth.sgsnet.se
CLOSED: [2011-11-20 Sun 16:01]
*** DONE Upgrade luxemburg.marxist.se
CLOSED: [2011-12-21 Wed 14:18]
** Upgrade Roundcube to the version in squeeze-backports
*** TODO Install and try it on zetkin
*** TODO Install it on harvey
** TODO Fix so that new passwords are hashed with SHA1
** TODO Add this module to fripost-tools
http://www.vboxadm.net/files/lib/VBoxAdm/DovecotPW.ipm
** TODO Install PGP module in RoundCube
** TODO Implement greylisting on all receiving smarthosts
** TODO Convert ikiwiki to use org-mode backend
** DONE Change RoundCube logo to Fripost logo
CLOSED: [2011-12-21 Wed 14:41]
- CLOSING NOTE [2011-12-21 Wed 14:41] \\
  This is already done since some time. and documented in fripost-docs.
  Also, the logo being used is in fripost-web.git as site/images/logo2011_webmail.png.
** TODO Document installation of OSSEC
- We will use the standalone rather than client-server solution
** TODO Document how to enable encrypted swap
** TODO Implement firewall rules on the systems
** Research how users are to change passwords
   - One system has to have update access to MySQL
   - Are there any good control panels out there?
*** Integration into Roundcube? Really necessary/the best way?
From Roundcube's [[http://trac.roundcube.net/wiki/Plugin_Repository][Plugin Repository]] one can reach an Plugin for changing password: [[http://trac.roundcube.net/browser/trunk/plugins/password][password]].
** TODO Register on http://www.dnswl.org/
** TODO Fix mounting of raid device on benjamin in accordance with Debian 6.0
Information on this can be found in admin log-file


* Deferred projects
** DONE Think about what to use as main server in the future
CLOSED: [2011-12-21 Wed 14:44]
- CLOSING NOTE [2011-12-21 Wed 14:44] \\
  We have now bought a VPS for this purpose, which we're in the process of migrating to.
** SMTP server
- We'll use gnu.friprogramvarusyndikatet.se for this
- Should be given priority since users have requested this
** Move the wiki to fripost.org/wiki
** Monitoring - Munin
*** TODO Give one configuration example so we could decide on what we need to activate
ljo already uses Munin, so we could look at his configuration
** User level filtering of emails
- We will use sieve, perhaps managesieve?
** Spamassassin (opt-in)
- one idea for handling the opt-in feature is: have people opt-in by creating a
  spamfolder. make it clear that if they create a spam folder, they are opting
  in automatically. check ljos text at sac.se/it
** Evaluate SSH-tunnels vs VPN
** Central log server using rsyslogd
*** Hardware is needed
** Distributed storage for backups
- Tahoe FS/LAFS.
** Implement quotas
Can probably wait until December 23, 2012.
** Write a policy for our PGP-keys
[[http://www.haven-project.org/][Haven Project]]





** Evaluate cfengine

* Maybe
** Create a mail gateway to change settings


* Discarded ideas
** Improve logcheck rules (increase signal to noise ratio)
Reason for discarding: not very concrete
** SELinux
Reason for discarding: Not feasible at this point, too much overhead, not always obvious what causes problems etc.
** Apaches mod_security
Reason for discarding: Does only a subset of what OSSEC already does.
** fail2ban
Reason for discarding: Does only a subset of what OSSEC already does.

* Org-mode settings
#+STARTUP: indent
#+STARTUP: logdone
#+STARTUP: lognotedone