 . '''To [[SystemAdministration/Systems|Systems Overview]]'''

----

= Systems - Translingo =

= Basics =
== Purpose ==
The purpose of the Translingo server is to serve the Webdb with language support. This is the system administration page.

== Physical Location ==
This system is located on a Debian Etch vserver on physical machine sun2.  '''???'''

== Logical location ==
 * IP: 172.16.2.12  '''???'''
 * IP External (Tunix Managed): 213.154.225.242 (translingo.cacert.org)

== Administration ==
 * Primary: 
  * Contact: translingo-admin@cacert.org


= NEEDS ALL TO BE REVIEWED !!! (copy from systems wiki) =


= Services =
== Listening services ==
 ||port ||service ||access origin ||purpose ||
 ||22 ||SSH ||all ||SSH access for systems administration ||
 ||25 ||SMTP ||all ||SMTP server for sending mail out (FIXME: does not need to listen on ''public'' IP) ||
 ||80 ||HTTP ||all ||HTTP access to wiki ||

== DNS ==
 * (former: translingo.org)
 * translingo.intra.cacert.org: 172.16.2.12 '''???'''
 * translingo.cacert.org: 213.154.225.242
 * 242.225.154.213.in-addr.arpa: (none)

== Connected Systems ==
=== Outbound network connections ===
 * SMTP (25, tcp) relay host: 172.16.2.3
 * DNS (53, udp) resolving nameserver: 172.28.50.1
 * HTTP (80, tcp) package update http://ftp.nl.debian.org/ and http://security.debian.org/

= Security =
 * Privileged remote access: '''FIXME'''
 * Godlike editing powers: '''FIXME'''

== Installed packages ==
 * translingo - translingo in svn repository [[https://svn.cacert.org/CAcert/Software/translingo/]]

== Non-distribution packages ==

== Risk assessments on critical packages ==
 * apache2 - good reputation - low number of vulnerabilities

== Ugly Hacks ==
'''FIXME'''

= Common Tasks =
== Critical Configuration items ==
=== /etc/apache2/sites-available/ ===
 * '''FIXME'''

= Changes =
== Planned ==
=== Migration ===

=== Monitoring ===
 * Create lists of services to monitor
 * Check requirements for internal monitoring

=== Configuration Management ===
 * Implement [[SystemAdministration/Procedures/OperatingSystemPatches]] [[see also|https://lists.cacert.org/wws/arc/cacert-sysadm/2009-08/msg00007.html]]
 * Check [[SystemAdministration/Tools/Etckeeper]]

=== Logging ===
Need to centralise this.

 * fail2ban
 * log rotation according to SP/SM
 * change to general logging schema, also for httpd?

=== Authentication ===
 * X.509
 * OpenID

----
 . CategorySystems