ASS

Administrators of Systems and Security

This is the oldest working group at Free Geek. ASSes are the people who design and manage the network at Free Geek, and are responsible for developing our IT security policy.

You'd think this would mean we'd have a better wiki section =:)

Members
(ASSes, please list yourselves here)


 * Martin Chase
 * Michael Westwind
 * Richard Seymour
 * wren ng thornton
 * Dave Haskins
 * Kenny
 * Joren
 * Jeff
 * Paul Brett


 * others...

SVN
To replace the functionality of CVS. Currently isn't quite finished, but here's a list of what we did to get it up:
 * sarge base install, all the maintenance steps
 * put it in the dmz, give it a public ip, get it in dns
 * apt-get install subversion apache2 trac libapache2-svn
 * do a source install of buildbot 0.7.0
 * configure exim4-config to use our mail server from the dmz
 * mkdir /var/www/projects
 * make index.cgi in there with perl script (in asscvs)
 * mkdir -p /var/lib/svn/global
 * populate /var/lib/svn/global with post-commit hook called scripts (cia, email, buildbot)
 * a2enmod proxy, rewrite, dav_svn
 * edit /etc/apache2/sites-available/default (in asscvs)
 * adduser --disabled-password buildbot
 * add reboot.sh to buildbot's @startup crontab
 * buildbot master /home/buildbot/master (config in asscvs)
 * setup buildbot slave on sempai

For each new project:
 * make svn repository in /var/lib/svn
 * make trac root in /var/www/projects
 * configure post-commit hooks in /var/lib/svn/PROJECT/hooks
 * chmod +x post-commit
 * actually set trac up, edit the main wiki page, add in milestones and components
 * email ciabot maintainer to get the bot to report commits in irc (and to get metadata key)

What we need:
 * script for adding projects (svn, trac, permissions)
 * svn-only accounts
 * script for adding users (ssh-keys?, htpasswd)
 * newer version of trac (maybe)

LDAP
To integrate our account management and make it possible to change email passwords. So far we have:
 * the ldap server itself is built, with ldap and sldap installed
 * we did a test run for authenticating a user on a remote machine which "worked"

What we need:
 * to better define how we will use ldap
 * to create better schema for our purposes
 * possibly put the ldap server into the dmz, if we want to authenticate mail with it.
 * review and update the security on the server (passwords, webmin, &c.)