Difference between revisions of "Technical infrastructure checklist"

From FreekiWiki
Jump to navigation Jump to search
(→‎Software and Systems: updated expiration date.)
 
(60 intermediate revisions by 8 users not shown)
Line 1: Line 1:
 
Resources on this list should be checked regularly to see that they are in working order.
 
Resources on this list should be checked regularly to see that they are in working order.
 +
= During "walkthrough" =
 +
== Services ==
 +
''italicized text is checked on a per room basis''
 +
=== Software and Systems ===
 +
* Check each server up and up-to-date? http://monitor/cgi-bin/nagios3/tac.cgi
 +
** HINT: A report is also emailed to asswatch every night at midnight. If you want to use the command line, there are three scripts: list_problems (lists everything that has a problem, and what that problem is), down (lists down servers), and needs_upgrading (lists servers that need to be "aptitude dist-upgrade"ed). These scripts live on monitor.
 +
* web services administration (wiki, todo, dev/svn, dev/projects, mail, www, others...)
 +
** clarification needed: what part of these services need checking?
 +
** integrate this with nagios? [[User:Ryan52|Ryan]] will look into what can and needs to be integrated. (any service marked with http seems to get checked by nagios)
 +
* check if there are any [http://todo.freegeek.org/Search/Results.html?Query=Requestor%20LIKE%20%27ass-security%27%20AND%20(Status%20=%20%27open%27%20OR%20Status%20=%20%27new%27) open security announcement tickets].
 +
** HINT: Search for open RT tickets created by ass-security@our_domain. If you like the command line, then you can use this (mainly self explanatory, just run it) script: ./ass/scripts/security/show_security
 +
* certificate and gpg key expiration dates
 +
** check the https (Sep 1st, 2016) and imaps/smtps (Sep 23rd, 2016) ssl certs
 +
*** openssl x509 -noout -text -in /path/to/FOO.crt
 +
** check apt signing key (expires February 1st, 2015; Update 6 months before expiration)
 +
* check to see if our mail server(s) have been blacklisted:
 +
** http://www.dnsbl.info/dnsbl-database-check.php
 +
** http://www.anti-abuse.org/multi-rbl-check-results/?host=67.51.72.37
 +
* off-site backups are current
 +
* on-site backups are current
  
* Classroom terminals
+
=== Servers & Security ===
* Projector in meeting room
+
* [http://cameras.fglan/zm/  Security cameras]
* Security camera in TARDIS
+
** Software set up correctly and running.
* Doorbell
+
** ''pointing in correct direction''
 +
** check for old (over two weeks?) unarchived events
 +
** check for archived events ... then what?
 +
* visual inspection
 +
** look for things like bad fans on servers
 +
** dust/vaccuum servers, switches
 +
** look dangerous cable tangles, stress/tension on punched-down cables
 +
* UPS check
 +
** Tests successfully
 +
** Balanced load
 +
** Battery installation within 3 years
 +
* kill-a-watt monitoring
 +
** log the current server's kilowatt's for the past cycle
 +
** move kill-a-watt to new server
 +
*  Look for rogue wireless access points
 +
** trace all cables connected to:
 +
*** credit card machine network (at least monthly, log in asssvm/docs/logs/credit-card-network)
 +
*** wireless network (is this needed? more we're looking for wireless where it shouldn't be)
 +
** [http://todo.freegeek.org/Ticket/Display.html?id=20057#txn-254415 policy and procedure discussion]
 +
 
 +
=== Phones ===
 +
* ''All listed phones working'' ([[Phone Extension List]])
 +
 
 +
=== Printers ===
 +
* ''are there paper jams (walk around)''
 +
* ''are they free of non-standard paper''
 +
* ''are they all running under [[http://scribble:631 cups]]''
 +
 
 +
=== hubs/switches/networking ===
 +
* ''check network ports around room''
 +
* ''check for bad fans''
 +
 
 +
== Rooms ==
 +
=== Meeting Room ===
 +
* Projector
 +
* Network hub (plugged into wall correctly)
 +
* Phone (plugged in?)
 +
 
 +
=== Classroom ===
 +
* All terminals
 +
* Printer
 +
* networking around room
 +
* Wireless access point
 +
 
 +
=== Reception ===
 +
* Printer (toner low? paper?)
 +
* Terminals and monitors functioning well?
 +
 
 +
=== upstairs and downstairs office ===
 +
* terminals
 +
* networking
 +
* phones
 +
 
 +
=== Production ===
 +
* Advanced testing
 +
** lots of networking
 +
** testers functioning
 +
* build (+mac +laptop +enterprise)
 +
** networking
 +
** terminals and images.
 +
 
 +
= Taken care of by somebody/something else =
 +
* watch all of the asswatch scripts, and makes sure that they are working. ([[User:Ryan52|Ryan]] does this)
 +
* rootmail cleanup/checkup ([[User:Ryan52|Ryan]]) and current owner of [http://todo.freegeek.org/Ticket/Display.html?id=10988 RT#10988]
 +
* check each server is listed in purpose (asswatch)
 +
* backups working on each server (asswatch)
 +
* check each server with maintenance notes and script, check rootmail is working ([[User:Ryan52|Ryan]] does this every so often, probably doesn't need to be done often)
 +
* Are all printers on, ready, and without stalled jobs?? (nagios)
 +
* mailing list moderation (handled by freegeek moderators)
 +
** reply to subscription requests to determine sentience
 +
* Outgoing Phone Message (handled by front desk)
  
 
[[Category:Technocrats]]
 
[[Category:Technocrats]]

Latest revision as of 11:27, 24 October 2013

Resources on this list should be checked regularly to see that they are in working order.

During "walkthrough"

Services

italicized text is checked on a per room basis

Software and Systems

  • Check each server up and up-to-date? http://monitor/cgi-bin/nagios3/tac.cgi
    • HINT: A report is also emailed to asswatch every night at midnight. If you want to use the command line, there are three scripts: list_problems (lists everything that has a problem, and what that problem is), down (lists down servers), and needs_upgrading (lists servers that need to be "aptitude dist-upgrade"ed). These scripts live on monitor.
  • web services administration (wiki, todo, dev/svn, dev/projects, mail, www, others...)
    • clarification needed: what part of these services need checking?
    • integrate this with nagios? Ryan will look into what can and needs to be integrated. (any service marked with http seems to get checked by nagios)
  • check if there are any open security announcement tickets.
    • HINT: Search for open RT tickets created by ass-security@our_domain. If you like the command line, then you can use this (mainly self explanatory, just run it) script: ./ass/scripts/security/show_security
  • certificate and gpg key expiration dates
    • check the https (Sep 1st, 2016) and imaps/smtps (Sep 23rd, 2016) ssl certs
      • openssl x509 -noout -text -in /path/to/FOO.crt
    • check apt signing key (expires February 1st, 2015; Update 6 months before expiration)
  • check to see if our mail server(s) have been blacklisted:
  • off-site backups are current
  • on-site backups are current

Servers & Security

  • Security cameras
    • Software set up correctly and running.
    • pointing in correct direction
    • check for old (over two weeks?) unarchived events
    • check for archived events ... then what?
  • visual inspection
    • look for things like bad fans on servers
    • dust/vaccuum servers, switches
    • look dangerous cable tangles, stress/tension on punched-down cables
  • UPS check
    • Tests successfully
    • Balanced load
    • Battery installation within 3 years
  • kill-a-watt monitoring
    • log the current server's kilowatt's for the past cycle
    • move kill-a-watt to new server
  • Look for rogue wireless access points
    • trace all cables connected to:
      • credit card machine network (at least monthly, log in asssvm/docs/logs/credit-card-network)
      • wireless network (is this needed? more we're looking for wireless where it shouldn't be)
    • policy and procedure discussion

Phones

Printers

  • are there paper jams (walk around)
  • are they free of non-standard paper
  • are they all running under [cups]

hubs/switches/networking

  • check network ports around room
  • check for bad fans

Rooms

Meeting Room

  • Projector
  • Network hub (plugged into wall correctly)
  • Phone (plugged in?)

Classroom

  • All terminals
  • Printer
  • networking around room
  • Wireless access point

Reception

  • Printer (toner low? paper?)
  • Terminals and monitors functioning well?

upstairs and downstairs office

  • terminals
  • networking
  • phones

Production

  • Advanced testing
    • lots of networking
    • testers functioning
  • build (+mac +laptop +enterprise)
    • networking
    • terminals and images.

Taken care of by somebody/something else

  • watch all of the asswatch scripts, and makes sure that they are working. (Ryan does this)
  • rootmail cleanup/checkup (Ryan) and current owner of RT#10988
  • check each server is listed in purpose (asswatch)
  • backups working on each server (asswatch)
  • check each server with maintenance notes and script, check rootmail is working (Ryan does this every so often, probably doesn't need to be done often)
  • Are all printers on, ready, and without stalled jobs?? (nagios)
  • mailing list moderation (handled by freegeek moderators)
    • reply to subscription requests to determine sentience
  • Outgoing Phone Message (handled by front desk)