From FreekiWiki
Revision as of 20:37, 12 December 2005 by Kynilyator (talk | contribs)
Jump to navigation Jump to search

Administrators of Systems and Security

This is the oldest working group at Free Geek. ASSes are the people who design and manage the network at Free Geek, and are responsible for developing our IT security policy.

You'd think this would mean we'd have a better wiki section =:)



To replace the functionality of CVS. Currently isn't quite finished, but here's a list of what we did to get it up:

  • sarge base install, all the maintainance steps
  • put it in the dmz, give it a public ip, get it in dns
  • apt-get install subversion apache2 trac libapache2-svn
  • do a source install of buildbot 0.7.0
  • configure exim4-config to use our mail server from the dmz
  • mkdir /var/www/projects
  • make index.cgi in there with perl script (in asscvs)
  • mkdir -p /var/lib/svn/global
  • populate /var/lib/svn/global with post-commit hook called scripts (cia, email, buildbot)
  • a2enmod proxy, rewrite, dav_svn
  • edit /etc/apache2/sites-available/default (in asscvs)
  • adduser --disabled-password buildbot
  • add to buildbot's @startup crontab
  • buildbot master /home/buildbot/master (config in asscvs)
  • setup buildbot slave on sempai

For each new project:

  • make svn repository in /var/lib/svn
  • make trac root in /var/www/projects
  • configure post-commit hooks in /var/lib/svn/PROJECT/hooks
  • chmod +x post-commit
  • actually set trac up, edit the main wiki page, add in milestones and components
  • email ciabot maintainer to get the bot to report commits in irc (and to get metadata key)

What we need:

  • script for adding projects (svn, trac, permissions)
  • svn-only accounts
  • script for adding users (ssh-keys?, htpasswd)
  • newer version of trac (maybe)


To integrate our account management and make it possible to change email passwords. So far we have:

  • the ldap server itself is built, with ldap and sldap installed
  • we did a test run for authenticating a user on a remote machine which "worked"

What we need:

  • to better define how we will use ldap
  • to create better schema for our purposes
  • possibly put the ldap server into the dmz, if we want to authenticate mail with it.
  • review and update the security on the server (passwords, webmin, &c.)

debt consolidation didrex diet pills online drug guides free credit report hotels laminate flooring mortgage calculator online pharmacy perfume phentermine cheap phentermine buy phentermine phentermine online order phentermine discount phentermine Buy Phentermine Buy Tramadol Buy Oxycontin buy hydrocodone adriana lima nude

adult dildo paris hilton nude sexy lingerie strip poker erotic games strip poker online poker betting websites black jack card game casino internet online poker gambling sites lottery america online casino poker slots sports betting wagering