Difference between revisions of "Technical infrastructure checklist"
Jump to navigation
Jump to search
(→Software and Systems: updated mail server ssl expirations) |
(→Software and Systems: add blacklist check) |
||
Line 14: | Line 14: | ||
** check the https and imaps ssl certs (renewed may 2010, expires ??) | ** check the https and imaps ssl certs (renewed may 2010, expires ??) | ||
** check apt signing key (expires july, 2012) | ** check apt signing key (expires july, 2012) | ||
+ | ** check to see if our mail server(s) have been blacklisted: | ||
+ | *** http://www.dnsbl.info/dnsbl-database-check.php | ||
+ | *** http://www.anti-abuse.org/checkrbl.php | ||
=== Servers & Security === | === Servers & Security === |
Revision as of 14:41, 21 August 2010
Resources on this list should be checked regularly to see that they are in working order.
During "walkthrough"
Services
italicized text is checked on a per room basis
Software and Systems
- Check each server up and up-to-date? http://monitor/nagios2 look at tactical overview.
- HINT: A report is also emailed to asswatch every night at midnight. If you want to use the command line, there are three scripts: list_problems (lists everything that has a problem, and what that problem is), down (lists down servers), and needs_upgrading (lists servers that need to be "aptitude dist-upgrade"ed). These scripts live on monitor.
- web services administration (wiki, todo, lessons, area, dev/svn, dev/projects, web, web/mail, www, others...)
- clarification needed: what part of these services need checking?
- integrate this with nagios? Ryan will look into what can and needs to be integrated.
- check if there are any open security announcement tickets.
- HINT: Search for open RT tickets created by ass-security@our_domain. If you like the command line, then you can use this (mainly self explanatory, just run it) script: ./ass/scripts/security/show_security
- certificate and gpg key expiration dates
- check the https and imaps ssl certs (renewed may 2010, expires ??)
- check apt signing key (expires july, 2012)
- check to see if our mail server(s) have been blacklisted:
Servers & Security
- Security cameras
- Software set up correctly and running.
- pointing in correct direction
- visual inspection
- look for things like bad fans on servers
- dust/vaccuum servers, switches
- look dangerous cable tangles, stress/tension on punched-down cables
- UPS check
- Tests successfully
- Balanced load
- Battery installation within 3 years
Phones
- All listed phones working (listed where?)
Printers
- are there paper jams (walk around)
- are they free of non-standard paper
- are they all running under [cups]
hubs/switches/networking
- check network ports around room
- check for bad fans
Rooms
Meeting Room
- Projector
- Network hub (plugged into wall correctly)
- Phone (plugged in?)
Classroom
- All terminals
- Printer
- networking around room
- Wireless access point
Reception
- Printer (toner low? paper?)
- Terminals and monitors functioning well?
upstairs and downstairs office
- terminals
- networking
- phones
Production
- Advanced testing
- lots of networking
- testers functioning
- build (+mac +laptop +enterprise)
- networking
- terminals and images.
Taken care of by somebody/something else
- watch all of the asswatch scripts, and makes sure that they are working. (Ryan does this)
- rootmail cleanup/checkup (Ryan) and current owner of RT#10988
- check each server is listed in purpose (asswatch)
- backups working on each server (asswatch)
- check each server with maintenance notes and script, check rootmail is working (Ryan does this every so often, probably doesn't need to be done often)
- Are all printers on, ready, and without stalled jobs?? (nagios)
- mailing list moderation (handled by freegeek moderators)
- reply to subscription requests to determine sentience
- Outgoing Phone Message (handled by front desk)