blob: 006d8335cf9bb5794a3cd60d0f1a05ef1a52fb7b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
#+TITLE: TODO for Fripost (internal administration use only)
* Current projects
** Switching from-address in RoundCube
*** CANCELED Investigate alternatives
CLOSED: [2011-12-21 Wed 14:24]
- CLOSING NOTE [2011-12-21 Wed 14:25] \\
This functionality is already in RoundCube
*** TODO Document this functionality, or add this TODO to the wiki
** Bacula
*** TODO Make sure that the data is actually replicated with rsync according to the current solution
*** TODO Install the storage daemon on benjamin
*** TODO Evaluate which transport to use (tunnel, etc) to relace rsync
** Upgrade systems to Squeeze
*** TODO Upgrade harvey.marxist.se
*** DONE Upgrade licia.vth.sgsnet.se
CLOSED: [2011-11-20 Sun 16:01]
*** DONE Upgrade luxemburg.marxist.se
CLOSED: [2011-12-21 Wed 14:18]
** TODO Install PGP module in RoundCube
** TODO Implement greylisting on all receiving smarthosts
** TODO Convert ikiwiki to use org-mode backend
** DONE Change RoundCube logo to Fripost logo
CLOSED: [2011-12-21 Wed 14:41]
- CLOSING NOTE [2011-12-21 Wed 14:41] \\
This is already done since some time. and documented in fripost-docs.
Also, the logo being used is in fripost-web.git as site/images/logo2011_webmail.png.
** TODO Document installation of OSSEC
- We will use the standalone rather than client-server solution
** TODO Document how to enable encrypted swap
** TODO Implement firewall rules on the systems
** Research how users are to change passwords
- One system has to have update access to MySQL
- Are there any good control panels out there?
*** Integration into Roundcube? Really necessary/the best way?
From Roundcube's [[http://trac.roundcube.net/wiki/Plugin_Repository][Plugin Repository]] one can reach an Plugin for changing password: [[http://trac.roundcube.net/browser/trunk/plugins/password][password]].
** TODO Register on http://www.dnswl.org/
** TODO Fix mounting of raid device on benjamin in accordance with Debian 6.0
Information on this can be found in admin log-file
* Deferred projects
** DONE Think about what to use as main server in the future
CLOSED: [2011-12-21 Wed 14:44]
- CLOSING NOTE [2011-12-21 Wed 14:44] \\
We have now bought a VPS for this purpose, which we're in the process of migrating to.
** SMTP server
- We'll use gnu.friprogramvarusyndikatet.se for this
- Should be given priority since users have requested this
** Move the wiki to fripost.org/wiki
** Monitoring - Munin
*** TODO Give one configuration example so we could decide on what we need to activate
ljo already uses Munin, so we could look at his configuration
** User level filtering of emails
- We will use sieve, perhaps managesieve?
** Spamassassin (opt-in)
- one idea for handling the opt-in feature is: have people opt-in by creating a
spamfolder. make it clear that if they create a spam folder, they are opting
in automatically. check ljos text at sac.se/it
** Evaluate SSH-tunnels vs VPN
** Central log server using rsyslogd
*** Hardware is needed
** Distributed storage for backups
- Tahoe FS/LAFS.
** Implement quotas
Can probably wait until December 23, 2012.
** Write a policy for our PGP-keys
[[http://www.haven-project.org/][Haven Project]]
** Evaluate cfengine
* Maybe
** Create a mail gateway to change settings
* Discarded ideas
** Improve logcheck rules (increase signal to noise ratio)
Reason for discarding: not very concrete
** SELinux
Reason for discarding: Not feasible at this point, too much overhead, not always obvious what causes problems etc.
** Apaches mod_security
Reason for discarding: Does only a subset of what OSSEC already does.
** fail2ban
Reason for discarding: Does only a subset of what OSSEC already does.
* Org-mode settings
#+STARTUP: indent
#+STARTUP: logdone
#+STARTUP: lognotedone
|