diff options
| author | Jan Dittberner <jan@dittberner.info> | 2016-05-18 21:36:23 +0200 |
|---|---|---|
| committer | Jan Dittberner <jan@dittberner.info> | 2016-05-18 21:36:23 +0200 |
| commit | 11ee94230dc06a2920af771cfe9aa3fe21cc2ebd (patch) | |
| tree | 09b92c9d40fd5320a6db52ee6e6656413f4ab135 /docs/systems | |
| parent | f9c316193a40bb13d3fe4bf28cdd81cf11cf0fdf (diff) | |
| download | cacert-infradocs-11ee94230dc06a2920af771cfe9aa3fe21cc2ebd.tar.gz cacert-infradocs-11ee94230dc06a2920af771cfe9aa3fe21cc2ebd.tar.xz cacert-infradocs-11ee94230dc06a2920af771cfe9aa3fe21cc2ebd.zip | |
Add documentation for coaudit
Diffstat (limited to 'docs/systems')
| -rw-r--r-- | docs/systems/coaudit.rst | 177 |
1 files changed, 177 insertions, 0 deletions
diff --git a/docs/systems/coaudit.rst b/docs/systems/coaudit.rst new file mode 100644 index 0000000..c99ca72 --- /dev/null +++ b/docs/systems/coaudit.rst @@ -0,0 +1,177 @@ +.. index:: + single: Systems; Coaudit + +======= +Coaudit +======= + +Purpose +======= + +Planned replacement for :wiki:`fiddle.it </SystemAdministration/Systems/fiddle>`. + +Administration +============== + +System Administration +--------------------- + +* Primary: :ref:`people_martin` +* Secondary: None + +.. todo:: find an additional admin + +Contact +------- + +* coaudit-admin@cacert.org + +Additional People +----------------- + +:ref:`people_jandd` and :ref:`people_mario` have :program:`sudo` access on that +machine too. + +Basics +====== + +Physical Location +----------------- + +This system is located in an :term:`LXC` container on physical machine +:doc:`infra02`. + +Logical Location +---------------- + +:IP Internet: :ip:v4:`213.154.225.230` +:IP Intranet: :ip:v4:`172.16.2.118` +:IP Internal: :ip:v4:`10.0.0.118` +:MAC address: :mac:`00:ff:67:c2:08:53` (eth0) + +.. seealso:: + + See :doc:`../network` + +DNS +--- + +.. index:: + single: DNS records; Coaudit + +=================== ======== ========================== +Name Type Content +=================== ======== ========================== +coaudit.cacert.org. IN CNAME infrastructure.cacert.org. +=================== ======== ========================== + +.. seealso:: + + See :wiki:`SystemAdministration/Procedures/DNSChanges` + +Operating System +---------------- + +.. index:: + single: Debian GNU/Linux; Jessie + single: Debian GNU/Linux; 8.4 + +* Debian GNU/Linux 8.4 + +Applicable Documentation +------------------------ + +This is it :-) + +Services +======== + +Listening services +------------------ + ++----------+-----------+-----------+-----------------------------------------+ +| Port | Service | Origin | Purpose | ++==========+===========+===========+=========================================+ +| 22/tcp | ssh | ANY | admin console access | ++----------+-----------+-----------+-----------------------------------------+ +| 25/tcp | smtp | local | mail delivery to local MTA | ++----------+-----------+-----------+-----------------------------------------+ +| 80/tcp | http | ANY | application | ++----------+-----------+-----------+-----------------------------------------+ +| 5666/tcp | nrpe | monitor | remote monitoring service | ++----------+-----------+-----------+-----------------------------------------+ + +Running services +---------------- + +.. index:: + single: Apache + single: cron + single: exim + single: nrpe + single: openssh + ++--------------------+--------------------+----------------------------------------+ +| Service | Usage | Start mechanism | ++====================+====================+========================================+ +| openssh server | ssh daemon for | init script :file:`/etc/init.d/ssh` | +| | remote | | +| | administration | | ++--------------------+--------------------+----------------------------------------+ +| Apache httpd | Webserver | init script | +| | | :file:`/etc/init.d/apache2` | ++--------------------+--------------------+----------------------------------------+ +| cron | job scheduler | init script :file:`/etc/init.d/cron` | ++--------------------+--------------------+----------------------------------------+ +| Exim | SMTP server for | init script | +| | local mail | :file:`/etc/init.d/exim4` | +| | submission | | ++--------------------+--------------------+----------------------------------------+ +| Nagios NRPE server | remote monitoring | init script | +| | service queried by | :file:`/etc/init.d/nagios-nrpe-server` | +| | :doc:`monitor` | | ++--------------------+--------------------+----------------------------------------+ + +Connected Systems +----------------- + +* :doc:`monitor` + +Outbound network connections +---------------------------- + +* DNS (53) resolving nameservers 172.16.2.2 and 172.16.2.3 +* :doc:`emailout` as SMTP relay +* ftp.nl.debian.org as Debian mirror +* security.debian.org for Debian security updates + +Security +======== + +.. sshkeys:: + :RSA: 07:e1:eb:c0:4d:01:b7:a1:16:b1:01:8b:6b:5f:59:43 + :DSA: 66:ac:19:2c:a1:73:5b:6c:6c:55:3b:5b:52:cb:7e:ec + :ECDSA: 51:c7:bf:c6:f1:50:45:b7:cd:31:d7:41:40:60:b4:3c + +Critical Configuration items +============================ + +Apache httpd configuration +-------------------------- + +The system contains an uncustomized Apache httpd configuration. + +Changes +======= + +System Future +------------- + +.. todo:: either setup some application or remove the container + +Additional documentation +======================== + +.. seealso:: + + * :wiki:`Exim4Configuration` |