ASS

From FreekiWiki
Revision as of 10:41, 1 August 2006 by Rfs (talk | contribs) (→‎More fun)
Jump to navigation Jump to search


Administrators of Systems and Security

This is the oldest working group at Free Geek. ASSes are the people who design and manage the network at Free Geek, and are responsible for developing our IT security policy.

You'd think this would mean we'd have a better wiki section =:)

Members

(ASSes, please list yourselves here)

Ongoing Tasks

  • RootMail Cleanup - Often (Matteo)
  • Tape Swapping - Weekly (Richard)
  • Test UPSes in server room - once per week/ASS meeting/month
  • apt-get upgrade - once per month or sooner if critical security holes
  • Services provided to other groups

Projects

SVN

Goal To replace the functionality of CVS. Currently isn't quite finished.
Usage documentation created at SVN.

here's a list of what we did
  • sarge base install, all the maintenance steps
  • put it in the dmz, give it a public ip, get it in dns
  • apt-get install subversion apache2 trac libapache2-svn
  • do a source install of buildbot 0.7.0
  • configure exim4-config to use our mail server from the dmz
  • mkdir /var/www/projects
  • make index.cgi in there with perl script (in asscvs)
  • mkdir -p /var/lib/svn/global
  • populate /var/lib/svn/global with post-commit hook called scripts (cia, email, buildbot)
  • a2enmod proxy, rewrite, dav_svn
  • edit /etc/apache2/sites-available/default (in asscvs)
  • adduser --disabled-password buildbot
  • add reboot.sh to buildbot's @startup crontab
  • buildbot master /home/buildbot/master (config in asscvs)
  • setup buildbot slave on sempai
For each new project
  • make svn repository in /var/lib/svn
  • make trac root in /var/www/projects
  • configure post-commit hooks in /var/lib/svn/PROJECT/hooks
  • chmod +x post-commit
  • actually set trac up, edit the main wiki page, add in milestones and components
  • email ciabot maintainer to get the bot to report commits in irc (and to get metadata key)
What we need
  • script for adding projects (svn, trac, permissions)
  • svn-only accounts
  • script for adding users (ssh-keys?, htpasswd)
  • newer version of trac (maybe)

LDAP

To integrate our account management and make it possible to change email passwords.

So far we have
  • the ldap server itself is built, with ldap and sldap installed
  • we did a test run for authenticating a user on a remote machine which "worked"
What we need
  • to better define how we will use ldap
  • to create better schema for our purposes
  • possibly put the ldap server into the dmz, if we want to authenticate mail with it.
  • review and update the security on the server (passwords, webmin, &c.)

More fun

Some folks at Free Geek or in our extended community are CA Cert Assurers. See the page.

What Services do we Provide

Retrieved from "http://wiki.freegeek.org/index.php?title=ASS&oldid=15792"