Systems - Translingo
Basics
Purpose
The purpose of the Translingo server is to serve the Webdb with language support. This is the system administration page.
Physical Location
This system is located on a Debian Etch vserver on physical machine sun2. ???
Logical location
IP: 172.16.2.12 ???
- IP External (Tunix Managed): 213.154.225.242 (translingo.cacert.org)
Administration
- Primary:
Contact: translingo-admin@cacert.org
NEEDS ALL TO BE REVIEWED !!! (copy from systems wiki)
Services
Listening services
port
service
access origin
purpose
22
SSH
all
SSH access for systems administration
25
SMTP
all
SMTP server for sending mail out (FIXME: does not need to listen on public IP)
80
HTTP
all
HTTP access to wiki
DNS
- (former: translingo.org)
translingo.intra.cacert.org: 172.16.2.12 ???
- translingo.cacert.org: 213.154.225.242
- 242.225.154.213.in-addr.arpa: (none)
Connected Systems
Outbound network connections
- SMTP (25, tcp) relay host: 172.16.2.3
- DNS (53, udp) resolving nameserver: 172.28.50.1
HTTP (80, tcp) package update http://ftp.nl.debian.org/ and http://security.debian.org/
Security
Privileged remote access: FIXME
Godlike editing powers: FIXME
Installed packages
translingo - translingo in svn repository https://svn.cacert.org/CAcert/Software/translingo/
Non-distribution packages
Risk assessments on critical packages
- apache2 - good reputation - low number of vulnerabilities
Ugly Hacks
FIXME
Common Tasks
Critical Configuration items
/etc/apache2/sites-available/
FIXME
Changes
Planned
Migration
Monitoring
- Create lists of services to monitor
- Check requirements for internal monitoring
Configuration Management
Implement SystemAdministration/Procedures/OperatingSystemPatches https://lists.cacert.org/wws/arc/cacert-sysadm/2009-08/msg00007.html
Logging
Need to centralise this.
- fail2ban
- log rotation according to SP/SM
- change to general logging schema, also for httpd?
Authentication
- X.509
- OpenID