Difference between revisions of "Technical infrastructure checklist"
Jump to navigation
Jump to search
(→Software and Systems: updated expiration date.) |
|||
(60 intermediate revisions by 8 users not shown) | |||
Line 1: | Line 1: | ||
Resources on this list should be checked regularly to see that they are in working order. | Resources on this list should be checked regularly to see that they are in working order. | ||
+ | = During "walkthrough" = | ||
+ | == Services == | ||
+ | ''italicized text is checked on a per room basis'' | ||
+ | === Software and Systems === | ||
+ | * Check each server up and up-to-date? http://monitor/cgi-bin/nagios3/tac.cgi | ||
+ | ** HINT: A report is also emailed to asswatch every night at midnight. If you want to use the command line, there are three scripts: list_problems (lists everything that has a problem, and what that problem is), down (lists down servers), and needs_upgrading (lists servers that need to be "aptitude dist-upgrade"ed). These scripts live on monitor. | ||
+ | * web services administration (wiki, todo, dev/svn, dev/projects, mail, www, others...) | ||
+ | ** clarification needed: what part of these services need checking? | ||
+ | ** integrate this with nagios? [[User:Ryan52|Ryan]] will look into what can and needs to be integrated. (any service marked with http seems to get checked by nagios) | ||
+ | * check if there are any [http://todo.freegeek.org/Search/Results.html?Query=Requestor%20LIKE%20%27ass-security%27%20AND%20(Status%20=%20%27open%27%20OR%20Status%20=%20%27new%27) open security announcement tickets]. | ||
+ | ** HINT: Search for open RT tickets created by ass-security@our_domain. If you like the command line, then you can use this (mainly self explanatory, just run it) script: ./ass/scripts/security/show_security | ||
+ | * certificate and gpg key expiration dates | ||
+ | ** check the https (Sep 1st, 2016) and imaps/smtps (Sep 23rd, 2016) ssl certs | ||
+ | *** openssl x509 -noout -text -in /path/to/FOO.crt | ||
+ | ** check apt signing key (expires February 1st, 2015; Update 6 months before expiration) | ||
+ | * check to see if our mail server(s) have been blacklisted: | ||
+ | ** http://www.dnsbl.info/dnsbl-database-check.php | ||
+ | ** http://www.anti-abuse.org/multi-rbl-check-results/?host=67.51.72.37 | ||
+ | * off-site backups are current | ||
+ | * on-site backups are current | ||
− | * Classroom terminals | + | === Servers & Security === |
− | * | + | * [http://cameras.fglan/zm/ Security cameras] |
− | * | + | ** Software set up correctly and running. |
− | * | + | ** ''pointing in correct direction'' |
+ | ** check for old (over two weeks?) unarchived events | ||
+ | ** check for archived events ... then what? | ||
+ | * visual inspection | ||
+ | ** look for things like bad fans on servers | ||
+ | ** dust/vaccuum servers, switches | ||
+ | ** look dangerous cable tangles, stress/tension on punched-down cables | ||
+ | * UPS check | ||
+ | ** Tests successfully | ||
+ | ** Balanced load | ||
+ | ** Battery installation within 3 years | ||
+ | * kill-a-watt monitoring | ||
+ | ** log the current server's kilowatt's for the past cycle | ||
+ | ** move kill-a-watt to new server | ||
+ | * Look for rogue wireless access points | ||
+ | ** trace all cables connected to: | ||
+ | *** credit card machine network (at least monthly, log in asssvm/docs/logs/credit-card-network) | ||
+ | *** wireless network (is this needed? more we're looking for wireless where it shouldn't be) | ||
+ | ** [http://todo.freegeek.org/Ticket/Display.html?id=20057#txn-254415 policy and procedure discussion] | ||
+ | |||
+ | === Phones === | ||
+ | * ''All listed phones working'' ([[Phone Extension List]]) | ||
+ | |||
+ | === Printers === | ||
+ | * ''are there paper jams (walk around)'' | ||
+ | * ''are they free of non-standard paper'' | ||
+ | * ''are they all running under [[http://scribble:631 cups]]'' | ||
+ | |||
+ | === hubs/switches/networking === | ||
+ | * ''check network ports around room'' | ||
+ | * ''check for bad fans'' | ||
+ | |||
+ | == Rooms == | ||
+ | === Meeting Room === | ||
+ | * Projector | ||
+ | * Network hub (plugged into wall correctly) | ||
+ | * Phone (plugged in?) | ||
+ | |||
+ | === Classroom === | ||
+ | * All terminals | ||
+ | * Printer | ||
+ | * networking around room | ||
+ | * Wireless access point | ||
+ | |||
+ | === Reception === | ||
+ | * Printer (toner low? paper?) | ||
+ | * Terminals and monitors functioning well? | ||
+ | |||
+ | === upstairs and downstairs office === | ||
+ | * terminals | ||
+ | * networking | ||
+ | * phones | ||
+ | |||
+ | === Production === | ||
+ | * Advanced testing | ||
+ | ** lots of networking | ||
+ | ** testers functioning | ||
+ | * build (+mac +laptop +enterprise) | ||
+ | ** networking | ||
+ | ** terminals and images. | ||
+ | |||
+ | = Taken care of by somebody/something else = | ||
+ | * watch all of the asswatch scripts, and makes sure that they are working. ([[User:Ryan52|Ryan]] does this) | ||
+ | * rootmail cleanup/checkup ([[User:Ryan52|Ryan]]) and current owner of [http://todo.freegeek.org/Ticket/Display.html?id=10988 RT#10988] | ||
+ | * check each server is listed in purpose (asswatch) | ||
+ | * backups working on each server (asswatch) | ||
+ | * check each server with maintenance notes and script, check rootmail is working ([[User:Ryan52|Ryan]] does this every so often, probably doesn't need to be done often) | ||
+ | * Are all printers on, ready, and without stalled jobs?? (nagios) | ||
+ | * mailing list moderation (handled by freegeek moderators) | ||
+ | ** reply to subscription requests to determine sentience | ||
+ | * Outgoing Phone Message (handled by front desk) | ||
[[Category:Technocrats]] | [[Category:Technocrats]] |
Latest revision as of 11:27, 24 October 2013
Resources on this list should be checked regularly to see that they are in working order.
During "walkthrough"
Services
italicized text is checked on a per room basis
Software and Systems
- Check each server up and up-to-date? http://monitor/cgi-bin/nagios3/tac.cgi
- HINT: A report is also emailed to asswatch every night at midnight. If you want to use the command line, there are three scripts: list_problems (lists everything that has a problem, and what that problem is), down (lists down servers), and needs_upgrading (lists servers that need to be "aptitude dist-upgrade"ed). These scripts live on monitor.
- web services administration (wiki, todo, dev/svn, dev/projects, mail, www, others...)
- clarification needed: what part of these services need checking?
- integrate this with nagios? Ryan will look into what can and needs to be integrated. (any service marked with http seems to get checked by nagios)
- check if there are any open security announcement tickets.
- HINT: Search for open RT tickets created by ass-security@our_domain. If you like the command line, then you can use this (mainly self explanatory, just run it) script: ./ass/scripts/security/show_security
- certificate and gpg key expiration dates
- check the https (Sep 1st, 2016) and imaps/smtps (Sep 23rd, 2016) ssl certs
- openssl x509 -noout -text -in /path/to/FOO.crt
- check apt signing key (expires February 1st, 2015; Update 6 months before expiration)
- check the https (Sep 1st, 2016) and imaps/smtps (Sep 23rd, 2016) ssl certs
- check to see if our mail server(s) have been blacklisted:
- off-site backups are current
- on-site backups are current
Servers & Security
- Security cameras
- Software set up correctly and running.
- pointing in correct direction
- check for old (over two weeks?) unarchived events
- check for archived events ... then what?
- visual inspection
- look for things like bad fans on servers
- dust/vaccuum servers, switches
- look dangerous cable tangles, stress/tension on punched-down cables
- UPS check
- Tests successfully
- Balanced load
- Battery installation within 3 years
- kill-a-watt monitoring
- log the current server's kilowatt's for the past cycle
- move kill-a-watt to new server
- Look for rogue wireless access points
- trace all cables connected to:
- credit card machine network (at least monthly, log in asssvm/docs/logs/credit-card-network)
- wireless network (is this needed? more we're looking for wireless where it shouldn't be)
- policy and procedure discussion
- trace all cables connected to:
Phones
- All listed phones working (Phone Extension List)
Printers
- are there paper jams (walk around)
- are they free of non-standard paper
- are they all running under [cups]
hubs/switches/networking
- check network ports around room
- check for bad fans
Rooms
Meeting Room
- Projector
- Network hub (plugged into wall correctly)
- Phone (plugged in?)
Classroom
- All terminals
- Printer
- networking around room
- Wireless access point
Reception
- Printer (toner low? paper?)
- Terminals and monitors functioning well?
upstairs and downstairs office
- terminals
- networking
- phones
Production
- Advanced testing
- lots of networking
- testers functioning
- build (+mac +laptop +enterprise)
- networking
- terminals and images.
Taken care of by somebody/something else
- watch all of the asswatch scripts, and makes sure that they are working. (Ryan does this)
- rootmail cleanup/checkup (Ryan) and current owner of RT#10988
- check each server is listed in purpose (asswatch)
- backups working on each server (asswatch)
- check each server with maintenance notes and script, check rootmail is working (Ryan does this every so often, probably doesn't need to be done often)
- Are all printers on, ready, and without stalled jobs?? (nagios)
- mailing list moderation (handled by freegeek moderators)
- reply to subscription requests to determine sentience
- Outgoing Phone Message (handled by front desk)