summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jan@dittberner.info>2016-04-17 01:21:50 +0200
committerJan Dittberner <jan@dittberner.info>2016-04-17 01:22:23 +0200
commitd6caf89f21a24a36c69eae7732d2a025a5fe75e7 (patch)
tree8dba3d0490baa288813152a5d4974d947e07fca4
parente6f80696745512a340fb50bca687b5a33cc77c7f (diff)
downloadcacert-infradocs-d6caf89f21a24a36c69eae7732d2a025a5fe75e7.tar.gz
cacert-infradocs-d6caf89f21a24a36c69eae7732d2a025a5fe75e7.tar.xz
cacert-infradocs-d6caf89f21a24a36c69eae7732d2a025a5fe75e7.zip
Add more info for infra02
-rw-r--r--docs/infra02.rst138
-rw-r--r--docs/template.rst123
2 files changed, 199 insertions, 62 deletions
diff --git a/docs/infra02.rst b/docs/infra02.rst
index d47345d..5757073 100644
--- a/docs/infra02.rst
+++ b/docs/infra02.rst
@@ -2,11 +2,8 @@
Infra02
=======
-Basics
-======
-
Purpose
--------
+=======
The infrastructure host system Infra02 is a dedicated machine for the CAcert
infrastructure.
@@ -18,6 +15,9 @@ is maintained on this machine using Ferm_.
.. _LXC: https://linuxcontainers.org/
.. _Ferm: http://ferm.foo-projects.org/
+Basics
+======
+
Physical Location
-----------------
@@ -61,3 +61,133 @@ Logical Location
:doc:`network`.
+DNS
+---
+
+* infrastructure.cacert.org. IN A 213.154.225.230
+* infrastructure.cacert.org. IN SSHFP 1 1 5A82D3C150AF002C05784F73250A067053AEED63
+* infrastructure.cacert.org. IN SSHFP 1 2 63B0D74A3F1CE61865A5EB0497EF05243BC4067EC983C69AB8E62F3CB940CC82
+* infrastructure.cacert.org. IN SSHFP 2 1 AF8D8E3386EAA72997709632ADF2B457E6FEF0DC
+* infrastructure.cacert.org. IN SSHFP 2 2 3A0188FC47D1FDD14D70A2FB78F51792D06BA11EAE6AB16E73CB7BB8DD6A0DC8
+* infrastructure.cacert.org. IN SSHFP 3 1 3E1B9EBF85B726CF831C76ECB8C17786AEDF40E8
+* infrastructure.cacert.org. IN SSHFP 3 2 3AE7F0035C2172977E99BFE312C7A8299650DEA16A975EA13EECE8FDA426062A
+* infra02.intra.cacert.org. IN A 172.16.2.10
+
+.. seealso::
+
+ See https://wiki.cacert.org/SystemAdministration/Procedures/DNSChanges
+
+Operating System
+----------------
+
+* Debian GNU/Linux 7.10
+
+Applicable Documentation
+------------------------
+
+This is it :-)
+
+Administration
+==============
+
+System Administration
+---------------------
+
+* Primary: `Jan Dittberner`_
+* Secondary: `Mario Lipinski`_
+
+.. _Jan Dittberner: jandd@cacert.org
+.. _Mario Lipinski: mario@cacert.org
+
+Contact
+-------
+
+* infrastructure-admin@cacert.org
+
+Services
+========
+
+Listening services
+------------------
+
++----------+-----------+-----------+-----------------------------------------+
+| Port | Service | Origin | Purpose |
++==========+===========+===========+=========================================+
+| 22/tcp | ssh | ANY | admin console access |
++----------+-----------+-----------+-----------------------------------------+
+| 25/tcp | smtp | local | mail delivery to local MTA |
++----------+-----------+-----------+-----------------------------------------+
+| 123/udp | ntp | ANY | network time protocol for host, |
+| | | | listening on the Internet IPv6 and IPv4 |
+| | | | addresses |
++----------+-----------+-----------+-----------------------------------------+
+| 5666/tcp | nrpe | monitor | remote monitoring service |
++----------+-----------+-----------+-----------------------------------------+
+
+Running services
+----------------
+
++--------------------+--------------------+----------------------------------------+
+| Service | Usage | Start mechanism |
++====================+====================+========================================+
+| openssh server | ssh daemon for | init script :file:`/etc/init.d/ssh` |
+| | remote | |
+| | administration | |
++--------------------+--------------------+----------------------------------------+
+| cron | job scheduler | init script :file:`/etc/init.d/cron` |
++--------------------+--------------------+----------------------------------------+
+| rsyslog | syslog daemon | init script |
+| | | :file:`/etc/init.d/syslog` |
++--------------------+--------------------+----------------------------------------+
+| ntpd | time server | init script :file:`/etc/init.d/ntp` |
++--------------------+--------------------+----------------------------------------+
+| Postfix | SMTP server for | init script |
+| | local mail | :file:`/etc/init.d/postfix` |
+| | submission, ... | |
++--------------------+--------------------+----------------------------------------+
+| Nagios NRPE server | remote monitoring | init script |
+| | service queried by | :file:`/etc/init.d/nagios-nrpe-server` |
+| | :doc:`monitor` | |
++--------------------+--------------------+----------------------------------------+
+
+.. Running Guests
+ --------------
+
+ .. some directive to list guests here
+
+Connected Systems
+-----------------
+
+* :doc:`monitor`
+* :doc:`emailout`
+
+Outbound network connections
+----------------------------
+
+* DNS (53) resolving nameservers 172.16.2.2 and 172.16.2.3
+* :doc:`emailout` as SMTP relay
+* ftp.nl.debian.org as Debian mirror
+* security.debian.org for Debian security updates
+
+Security
+========
+
+SSH host keys
+-------------
+
++-----------+-----------------------------------------------------+
+| Algorithm | Fingerprint |
++===========+=====================================================+
+| RSA | ``86:d5:f8:71:2e:ab:5e:50:5d:f6:37:6b:16:8f:d1:1c`` |
++-----------+-----------------------------------------------------+
+| DSA | ``b4:fb:c2:74:33:eb:cc:f0:3e:31:38:c9:a8:df:0a:f5`` |
++-----------+-----------------------------------------------------+
+| ECDSA | ``79:c4:b8:ff:ef:c9:df:9a:45:07:8d:ab:71:7c:e9:c0`` |
++-----------+-----------------------------------------------------+
+| ED25519 | ``25:d1:c7:44:1c:38:9e:ad:89:32:c7:9c:43:8e:41:c4`` |
++-----------+-----------------------------------------------------+
+
+.. seealso::
+
+ See :doc:`sshkeys`
+
diff --git a/docs/template.rst b/docs/template.rst
index 8d0e090..e2ebe5f 100644
--- a/docs/template.rst
+++ b/docs/template.rst
@@ -2,14 +2,14 @@
Systems - TEMPLATE
==================
-Basics
-======
-
Purpose
--------
+=======
.. <SHORT DESCRIPTION>
+Basics
+======
+
Physical Location
-----------------
@@ -59,12 +59,17 @@ Applicable Documentation
This is it :-)
Administration
---------------
+==============
-System Admin:
- * <SYSADMIN's NAME>
+System Administration
+---------------------
+
+* Primary: <SYSADMIN's NAME>
+* Secondary: <secondary name>
+
+Contact
+-------
-Contact:
* <system>-admin@cacert.org
Services
@@ -74,18 +79,17 @@ Listening services
------------------
+----------+-----------+-----------+-----------------------------------------+
-| Port | Service | Users | Purpose |
+| Port | Service | Origin | Purpose |
+==========+===========+===========+=========================================+
-| 22/tcp | ssh | sysadmins | admin console access |
+| 22/tcp | ssh | ANY | admin console access |
+----------+-----------+-----------+-----------------------------------------+
-| 25/tcp | smtp | local | local mail pickup in order to send out |
-| | | | notifications |
+| 25/tcp | smtp | local | mail delivery to local MTA |
+----------+-----------+-----------+-----------------------------------------+
-| 80/tcp | http | all | application |
+| 80/tcp | http | ANY | application |
+----------+-----------+-----------+-----------------------------------------+
-| 443/tcp | https | all | application |
+| 443/tcp | https | ANY | application |
+----------+-----------+-----------+-----------------------------------------+
-| 5666/tcp | nrpe | sysadmins | remote monitoring service |
+| 5666/tcp | nrpe | monitor | remote monitoring service |
+----------+-----------+-----------+-----------------------------------------+
.. below are some definitions of commonly open ports, choose those that are applicable and order the table by port number
@@ -96,39 +100,40 @@ Listening services
Running services
----------------
-+--------------------+--------------------+----------------------------------+
-| Service | Usage | Start mechanism |
-+====================+====================+==================================+
-| openssh server | ssh daemon for | init script `/etc/init.d/ssh` |
-| | remote | |
-| | administration | |
-+--------------------+--------------------+----------------------------------+
-| Apache httpd | Webserver for ... | init script |
-| | | `/etc/init.d/apache2` |
-+--------------------+--------------------+----------------------------------+
-| cron | job scheduler | init script `/etc/init.d/cron` |
-+--------------------+--------------------+----------------------------------+
-| rsyslog | syslog daemon | init script `/etc/init.d/syslog` |
-+--------------------+--------------------+----------------------------------+
-| PostgreSQL | PostgreSQL | init script |
-| | database server | `/etc/init.d/postgresql` |
-| | for ... | |
-+--------------------+--------------------+----------------------------------+
-| MySQL | MySQL database | init script `/etc/init.d/mysql` |
-| | server for ... | |
-+--------------------+--------------------+----------------------------------+
-| Postfix | SMTP server for | init script |
-| | local mail | `/etc/init.d/postfix` |
-| | submission, ... | |
-+--------------------+--------------------+----------------------------------+
-| Exim | SMTP server for | init script `/etc/init.d/exim4` |
-| | local mail | |
-| | submission, ... | |
-+--------------------+--------------------+----------------------------------+
-| Nagios NRPE server | remote monitoring | init script |
-| | service queried by | `/etc/init.d/nagios-nrpe-server` |
-| | :doc:`monitor` | |
-+--------------------+--------------------+----------------------------------+
++--------------------+--------------------+----------------------------------------+
+| Service | Usage | Start mechanism |
++====================+====================+========================================+
+| openssh server | ssh daemon for | init script :file:`/etc/init.d/ssh` |
+| | remote | |
+| | administration | |
++--------------------+--------------------+----------------------------------------+
+| Apache httpd | Webserver for ... | init script |
+| | | :file:`/etc/init.d/apache2` |
++--------------------+--------------------+----------------------------------------+
+| cron | job scheduler | init script :file:`/etc/init.d/cron` |
++--------------------+--------------------+----------------------------------------+
+| rsyslog | syslog daemon | init script |
+| | | :file:`/etc/init.d/syslog` |
++--------------------+--------------------+----------------------------------------+
+| PostgreSQL | PostgreSQL | init script |
+| | database server | :file:`/etc/init.d/postgresql` |
+| | for ... | |
++--------------------+--------------------+----------------------------------------+
+| MySQL | MySQL database | init script |
+| | server for ... | :file:`/etc/init.d/mysql` |
++--------------------+--------------------+----------------------------------------+
+| Postfix | SMTP server for | init script |
+| | local mail | :file:`/etc/init.d/postfix` |
+| | submission, ... | |
++--------------------+--------------------+----------------------------------------+
+| Exim | SMTP server for | init script |
+| | local mail | :file:`/etc/init.d/exim4` |
+| | submission, ... | |
++--------------------+--------------------+----------------------------------------+
+| Nagios NRPE server | remote monitoring | init script |
+| | service queried by | :file:`/etc/init.d/nagios-nrpe-server` |
+| | :doc:`monitor` | |
++--------------------+--------------------+----------------------------------------+
Databases
---------
@@ -156,7 +161,7 @@ Connected Systems
* :doc:`monitor`
Outbound network connections
-............................
+----------------------------
* DNS (53) resolving nameservers 172.16.2.2 and 172.16.2.3
* :doc:`emailout` as SMTP relay
@@ -170,15 +175,17 @@ Security
SSH host keys
-------------
-+-----------+-------------+
-| Algorithm | Fingerprint |
-+===========+=============+
-| RSA | |
-+-----------+-------------+
-| DSA | |
-+-----------+-------------+
-| ECDSA | |
-+-----------+-------------+
++-----------+-----------------------------------------------------+
+| Algorithm | Fingerprint |
++===========+=====================================================+
+| RSA | |
++-----------+-----------------------------------------------------+
+| DSA | |
++-----------+-----------------------------------------------------+
+| ECDSA | |
++-----------+-----------------------------------------------------+
+| ED25519 | |
++-----------+-----------------------------------------------------+
.. seealso::