To System Administration - To Systems Overview - To Systems IP List

Systems - TEMPLATE

Basics

Purpose

<SHORT DESCRIPTION>

Physical Location

<PHYSICAL HOST, VM GUEST, APACHE VIRTUAL HOST, etc.>

This system is located in an LXC container on physical machine Infra02.

Physical Configuration

See SystemAdministration/EquipmentList

Logical location

IP Internet: <IP>
IP Intranet: <IP>
IP Internal: <IP>
MAC address: <MAC> (interfacename)

See Systems IP List

DNS

<HOSTNAME>.cacert.org. IN A <IP>
<HOSTNAME>.intra.cacert.org. IN A <IP>

See DNS configuration

Operating System

Debian GNU/Linux x.y

Applicable Documentation

This is it

Administration

System Admin:

<SYSADMIN's NAME>

Contact:

<system>-admin@cacert.org

Services

Listening services

Port	Service	Users	Purpose
22/tcp	ssh	sysadmins	admin console access
25/tcp	smtp	local	local mail pickup in order to send out notifications
80/tcp	http	all	application
443/tcp	https	all	application
5666/tcp	nrpe	sysadmins	remote monitoring service

Running services

Service	Usage	Start mechanism
openssh server	ssh daemon for remote administration	init script `/etc/init.d/ssh`
Apache httpd	Webserver for ...	init script `/etc/init.d/apache2`
cron	job scheduler	init script `/etc/init.d/cron`
rsyslog	syslog daemon	init script `/etc/init.d/syslog`
PostgreSQL	PostgreSQL database server for ...	init script `/etc/init.d/postgresql`
MySQL	MySQL database server for ...	init script `/etc/init.d/mysql`
Postfix	SMTP server for local mail submission, ...	init script `/etc/init.d/postfix`
Exim	SMTP server for local mail submission, ...	init script `/etc/init.d/exim4`
Nagios NRPE server	remote monitoring service queried by Monitor	init script `/etc/init.d/nagios-nrpe-server`

Databases

RDBMS	Name	Used for
MySQL	application1	fictional application one
PostgreSQL	application2	fictional application two

Running Guests

Machine	IP Intranet	IP Internet	Ports	Purpose
<LINK TO MACHINE>	<LOCAL IP>	<INTERNET IP>	<PORTS>	<DESCRIPTION>

Connected Systems

Monitor

Outbound network connections

DNS (53) resolving nameservers 172.16.2.2 and 172.16.2.3
Emailout as SMTP relay
ftp.nl.debian.org as Debian mirror
security.debian.org for Debian security updates
crl.cacert.org (rsync) for getting CRLs

Security

SSH host keys

Algorithm	Fingerprint
RSA
DSA
ECDSA

See SSH Host Key List

Dedicated user roles

Non-distribution packages and modifications

Risk assessments on critical packages

Tasks

Critical Configuration items

Keys and X.509 certificates

/etc/apache2/ssl/<path to certificate> server certificate (valid until <datetime>)
/etc/apache2/ssl/<path to server key> server key

See Certificates list

Changes

Planned

System Future

Document Stuff

Potential Similiar Configurations

Exim4 Configuration

Postfix Configuration

Qmail Configuration

Sendmail Configuration

Stunnel Configuration

Potential System Procedures

DNS configuration

Certificates list

References

Links

CategorySystems

SystemAdministration/Systems/template (last edited 2014-10-26 17:36:11 by JanDittberner)