summaryrefslogtreecommitdiff
path: root/docs/systems
diff options
context:
space:
mode:
authorJan Dittberner <jan@dittberner.info>2016-05-18 21:36:23 +0200
committerJan Dittberner <jan@dittberner.info>2016-05-18 21:36:23 +0200
commit11ee94230dc06a2920af771cfe9aa3fe21cc2ebd (patch)
tree09b92c9d40fd5320a6db52ee6e6656413f4ab135 /docs/systems
parentf9c316193a40bb13d3fe4bf28cdd81cf11cf0fdf (diff)
downloadcacert-infradocs-11ee94230dc06a2920af771cfe9aa3fe21cc2ebd.tar.gz
cacert-infradocs-11ee94230dc06a2920af771cfe9aa3fe21cc2ebd.tar.xz
cacert-infradocs-11ee94230dc06a2920af771cfe9aa3fe21cc2ebd.zip
Add documentation for coaudit
Diffstat (limited to 'docs/systems')
-rw-r--r--docs/systems/coaudit.rst177
1 files changed, 177 insertions, 0 deletions
diff --git a/docs/systems/coaudit.rst b/docs/systems/coaudit.rst
new file mode 100644
index 0000000..c99ca72
--- /dev/null
+++ b/docs/systems/coaudit.rst
@@ -0,0 +1,177 @@
+.. index::
+ single: Systems; Coaudit
+
+=======
+Coaudit
+=======
+
+Purpose
+=======
+
+Planned replacement for :wiki:`fiddle.it </SystemAdministration/Systems/fiddle>`.
+
+Administration
+==============
+
+System Administration
+---------------------
+
+* Primary: :ref:`people_martin`
+* Secondary: None
+
+.. todo:: find an additional admin
+
+Contact
+-------
+
+* coaudit-admin@cacert.org
+
+Additional People
+-----------------
+
+:ref:`people_jandd` and :ref:`people_mario` have :program:`sudo` access on that
+machine too.
+
+Basics
+======
+
+Physical Location
+-----------------
+
+This system is located in an :term:`LXC` container on physical machine
+:doc:`infra02`.
+
+Logical Location
+----------------
+
+:IP Internet: :ip:v4:`213.154.225.230`
+:IP Intranet: :ip:v4:`172.16.2.118`
+:IP Internal: :ip:v4:`10.0.0.118`
+:MAC address: :mac:`00:ff:67:c2:08:53` (eth0)
+
+.. seealso::
+
+ See :doc:`../network`
+
+DNS
+---
+
+.. index::
+ single: DNS records; Coaudit
+
+=================== ======== ==========================
+Name Type Content
+=================== ======== ==========================
+coaudit.cacert.org. IN CNAME infrastructure.cacert.org.
+=================== ======== ==========================
+
+.. seealso::
+
+ See :wiki:`SystemAdministration/Procedures/DNSChanges`
+
+Operating System
+----------------
+
+.. index::
+ single: Debian GNU/Linux; Jessie
+ single: Debian GNU/Linux; 8.4
+
+* Debian GNU/Linux 8.4
+
+Applicable Documentation
+------------------------
+
+This is it :-)
+
+Services
+========
+
+Listening services
+------------------
+
++----------+-----------+-----------+-----------------------------------------+
+| Port | Service | Origin | Purpose |
++==========+===========+===========+=========================================+
+| 22/tcp | ssh | ANY | admin console access |
++----------+-----------+-----------+-----------------------------------------+
+| 25/tcp | smtp | local | mail delivery to local MTA |
++----------+-----------+-----------+-----------------------------------------+
+| 80/tcp | http | ANY | application |
++----------+-----------+-----------+-----------------------------------------+
+| 5666/tcp | nrpe | monitor | remote monitoring service |
++----------+-----------+-----------+-----------------------------------------+
+
+Running services
+----------------
+
+.. index::
+ single: Apache
+ single: cron
+ single: exim
+ single: nrpe
+ single: openssh
+
++--------------------+--------------------+----------------------------------------+
+| Service | Usage | Start mechanism |
++====================+====================+========================================+
+| openssh server | ssh daemon for | init script :file:`/etc/init.d/ssh` |
+| | remote | |
+| | administration | |
++--------------------+--------------------+----------------------------------------+
+| Apache httpd | Webserver | init script |
+| | | :file:`/etc/init.d/apache2` |
++--------------------+--------------------+----------------------------------------+
+| cron | job scheduler | init script :file:`/etc/init.d/cron` |
++--------------------+--------------------+----------------------------------------+
+| Exim | SMTP server for | init script |
+| | local mail | :file:`/etc/init.d/exim4` |
+| | submission | |
++--------------------+--------------------+----------------------------------------+
+| Nagios NRPE server | remote monitoring | init script |
+| | service queried by | :file:`/etc/init.d/nagios-nrpe-server` |
+| | :doc:`monitor` | |
++--------------------+--------------------+----------------------------------------+
+
+Connected Systems
+-----------------
+
+* :doc:`monitor`
+
+Outbound network connections
+----------------------------
+
+* DNS (53) resolving nameservers 172.16.2.2 and 172.16.2.3
+* :doc:`emailout` as SMTP relay
+* ftp.nl.debian.org as Debian mirror
+* security.debian.org for Debian security updates
+
+Security
+========
+
+.. sshkeys::
+ :RSA: 07:e1:eb:c0:4d:01:b7:a1:16:b1:01:8b:6b:5f:59:43
+ :DSA: 66:ac:19:2c:a1:73:5b:6c:6c:55:3b:5b:52:cb:7e:ec
+ :ECDSA: 51:c7:bf:c6:f1:50:45:b7:cd:31:d7:41:40:60:b4:3c
+
+Critical Configuration items
+============================
+
+Apache httpd configuration
+--------------------------
+
+The system contains an uncustomized Apache httpd configuration.
+
+Changes
+=======
+
+System Future
+-------------
+
+.. todo:: either setup some application or remove the container
+
+Additional documentation
+========================
+
+.. seealso::
+
+ * :wiki:`Exim4Configuration`