Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | Configure NTP. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | We use a "master" NTP server, which synchronizes against stratum 1 servers (hence is a stratum 2 itself); all other clients synchronize to this master server through IPSec. | |||
* | Reorganization. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Common LDAP (slapd) configuration. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Postfix master (nullmailer) configuration | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | We use a dedicated instance for each role: MDA, MTA out, MX, etc. | |||
* | Don't start daemons when there is a triggered handler. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | This is pointless since the service will be restarted anyway. | |||
* | Use a dedicated, non-routable, IPv4 for IPSec. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | | At the each IPSec end-point the traffic is DNAT'ed to / MASQUERADE'd from our dedicated IP after ESP decapsulation. Also, some IP tables ensure that alien (not coming from / going to the tunnel end-point) is dropped. | |||
* | Don't save dynamic rules. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | These rules are automatically included by third-party servers such as strongSwan or fail2ban. | |||
* | Configure IPSec. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure fail2ban. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure rkhunter. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure samhain. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure v4 and v6 iptable rulesets. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure APT. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure /etc/{hosts,hostname,mailname}. | Guilhem Moulin | 2015-06-07 | 1 |