diff options
| author | Jan Dittberner <jan@dittberner.info> | 2016-04-17 01:21:50 +0200 |
|---|---|---|
| committer | Jan Dittberner <jan@dittberner.info> | 2016-04-17 01:22:23 +0200 |
| commit | d6caf89f21a24a36c69eae7732d2a025a5fe75e7 (patch) | |
| tree | 8dba3d0490baa288813152a5d4974d947e07fca4 /docs | |
| parent | e6f80696745512a340fb50bca687b5a33cc77c7f (diff) | |
| download | cacert-infradocs-d6caf89f21a24a36c69eae7732d2a025a5fe75e7.tar.gz cacert-infradocs-d6caf89f21a24a36c69eae7732d2a025a5fe75e7.tar.xz cacert-infradocs-d6caf89f21a24a36c69eae7732d2a025a5fe75e7.zip | |
Add more info for infra02
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/infra02.rst | 138 | ||||
| -rw-r--r-- | docs/template.rst | 123 |
2 files changed, 199 insertions, 62 deletions
diff --git a/docs/infra02.rst b/docs/infra02.rst index d47345d..5757073 100644 --- a/docs/infra02.rst +++ b/docs/infra02.rst @@ -2,11 +2,8 @@ Infra02 ======= -Basics -====== - Purpose -------- +======= The infrastructure host system Infra02 is a dedicated machine for the CAcert infrastructure. @@ -18,6 +15,9 @@ is maintained on this machine using Ferm_. .. _LXC: https://linuxcontainers.org/ .. _Ferm: http://ferm.foo-projects.org/ +Basics +====== + Physical Location ----------------- @@ -61,3 +61,133 @@ Logical Location :doc:`network`. +DNS +--- + +* infrastructure.cacert.org. IN A 213.154.225.230 +* infrastructure.cacert.org. IN SSHFP 1 1 5A82D3C150AF002C05784F73250A067053AEED63 +* infrastructure.cacert.org. IN SSHFP 1 2 63B0D74A3F1CE61865A5EB0497EF05243BC4067EC983C69AB8E62F3CB940CC82 +* infrastructure.cacert.org. IN SSHFP 2 1 AF8D8E3386EAA72997709632ADF2B457E6FEF0DC +* infrastructure.cacert.org. IN SSHFP 2 2 3A0188FC47D1FDD14D70A2FB78F51792D06BA11EAE6AB16E73CB7BB8DD6A0DC8 +* infrastructure.cacert.org. IN SSHFP 3 1 3E1B9EBF85B726CF831C76ECB8C17786AEDF40E8 +* infrastructure.cacert.org. IN SSHFP 3 2 3AE7F0035C2172977E99BFE312C7A8299650DEA16A975EA13EECE8FDA426062A +* infra02.intra.cacert.org. IN A 172.16.2.10 + +.. seealso:: + + See https://wiki.cacert.org/SystemAdministration/Procedures/DNSChanges + +Operating System +---------------- + +* Debian GNU/Linux 7.10 + +Applicable Documentation +------------------------ + +This is it :-) + +Administration +============== + +System Administration +--------------------- + +* Primary: `Jan Dittberner`_ +* Secondary: `Mario Lipinski`_ + +.. _Jan Dittberner: jandd@cacert.org +.. _Mario Lipinski: mario@cacert.org + +Contact +------- + +* infrastructure-admin@cacert.org + +Services +======== + +Listening services +------------------ + ++----------+-----------+-----------+-----------------------------------------+ +| Port | Service | Origin | Purpose | ++==========+===========+===========+=========================================+ +| 22/tcp | ssh | ANY | admin console access | ++----------+-----------+-----------+-----------------------------------------+ +| 25/tcp | smtp | local | mail delivery to local MTA | ++----------+-----------+-----------+-----------------------------------------+ +| 123/udp | ntp | ANY | network time protocol for host, | +| | | | listening on the Internet IPv6 and IPv4 | +| | | | addresses | ++----------+-----------+-----------+-----------------------------------------+ +| 5666/tcp | nrpe | monitor | remote monitoring service | ++----------+-----------+-----------+-----------------------------------------+ + +Running services +---------------- + ++--------------------+--------------------+----------------------------------------+ +| Service | Usage | Start mechanism | ++====================+====================+========================================+ +| openssh server | ssh daemon for | init script :file:`/etc/init.d/ssh` | +| | remote | | +| | administration | | ++--------------------+--------------------+----------------------------------------+ +| cron | job scheduler | init script :file:`/etc/init.d/cron` | ++--------------------+--------------------+----------------------------------------+ +| rsyslog | syslog daemon | init script | +| | | :file:`/etc/init.d/syslog` | ++--------------------+--------------------+----------------------------------------+ +| ntpd | time server | init script :file:`/etc/init.d/ntp` | ++--------------------+--------------------+----------------------------------------+ +| Postfix | SMTP server for | init script | +| | local mail | :file:`/etc/init.d/postfix` | +| | submission, ... | | ++--------------------+--------------------+----------------------------------------+ +| Nagios NRPE server | remote monitoring | init script | +| | service queried by | :file:`/etc/init.d/nagios-nrpe-server` | +| | :doc:`monitor` | | ++--------------------+--------------------+----------------------------------------+ + +.. Running Guests + -------------- + + .. some directive to list guests here + +Connected Systems +----------------- + +* :doc:`monitor` +* :doc:`emailout` + +Outbound network connections +---------------------------- + +* DNS (53) resolving nameservers 172.16.2.2 and 172.16.2.3 +* :doc:`emailout` as SMTP relay +* ftp.nl.debian.org as Debian mirror +* security.debian.org for Debian security updates + +Security +======== + +SSH host keys +------------- + ++-----------+-----------------------------------------------------+ +| Algorithm | Fingerprint | ++===========+=====================================================+ +| RSA | ``86:d5:f8:71:2e:ab:5e:50:5d:f6:37:6b:16:8f:d1:1c`` | ++-----------+-----------------------------------------------------+ +| DSA | ``b4:fb:c2:74:33:eb:cc:f0:3e:31:38:c9:a8:df:0a:f5`` | ++-----------+-----------------------------------------------------+ +| ECDSA | ``79:c4:b8:ff:ef:c9:df:9a:45:07:8d:ab:71:7c:e9:c0`` | ++-----------+-----------------------------------------------------+ +| ED25519 | ``25:d1:c7:44:1c:38:9e:ad:89:32:c7:9c:43:8e:41:c4`` | ++-----------+-----------------------------------------------------+ + +.. seealso:: + + See :doc:`sshkeys` + diff --git a/docs/template.rst b/docs/template.rst index 8d0e090..e2ebe5f 100644 --- a/docs/template.rst +++ b/docs/template.rst @@ -2,14 +2,14 @@ Systems - TEMPLATE ================== -Basics -====== - Purpose -------- +======= .. <SHORT DESCRIPTION> +Basics +====== + Physical Location ----------------- @@ -59,12 +59,17 @@ Applicable Documentation This is it :-) Administration --------------- +============== -System Admin: - * <SYSADMIN's NAME> +System Administration +--------------------- + +* Primary: <SYSADMIN's NAME> +* Secondary: <secondary name> + +Contact +------- -Contact: * <system>-admin@cacert.org Services @@ -74,18 +79,17 @@ Listening services ------------------ +----------+-----------+-----------+-----------------------------------------+ -| Port | Service | Users | Purpose | +| Port | Service | Origin | Purpose | +==========+===========+===========+=========================================+ -| 22/tcp | ssh | sysadmins | admin console access | +| 22/tcp | ssh | ANY | admin console access | +----------+-----------+-----------+-----------------------------------------+ -| 25/tcp | smtp | local | local mail pickup in order to send out | -| | | | notifications | +| 25/tcp | smtp | local | mail delivery to local MTA | +----------+-----------+-----------+-----------------------------------------+ -| 80/tcp | http | all | application | +| 80/tcp | http | ANY | application | +----------+-----------+-----------+-----------------------------------------+ -| 443/tcp | https | all | application | +| 443/tcp | https | ANY | application | +----------+-----------+-----------+-----------------------------------------+ -| 5666/tcp | nrpe | sysadmins | remote monitoring service | +| 5666/tcp | nrpe | monitor | remote monitoring service | +----------+-----------+-----------+-----------------------------------------+ .. below are some definitions of commonly open ports, choose those that are applicable and order the table by port number @@ -96,39 +100,40 @@ Listening services Running services ---------------- -+--------------------+--------------------+----------------------------------+ -| Service | Usage | Start mechanism | -+====================+====================+==================================+ -| openssh server | ssh daemon for | init script `/etc/init.d/ssh` | -| | remote | | -| | administration | | -+--------------------+--------------------+----------------------------------+ -| Apache httpd | Webserver for ... | init script | -| | | `/etc/init.d/apache2` | -+--------------------+--------------------+----------------------------------+ -| cron | job scheduler | init script `/etc/init.d/cron` | -+--------------------+--------------------+----------------------------------+ -| rsyslog | syslog daemon | init script `/etc/init.d/syslog` | -+--------------------+--------------------+----------------------------------+ -| PostgreSQL | PostgreSQL | init script | -| | database server | `/etc/init.d/postgresql` | -| | for ... | | -+--------------------+--------------------+----------------------------------+ -| MySQL | MySQL database | init script `/etc/init.d/mysql` | -| | server for ... | | -+--------------------+--------------------+----------------------------------+ -| Postfix | SMTP server for | init script | -| | local mail | `/etc/init.d/postfix` | -| | submission, ... | | -+--------------------+--------------------+----------------------------------+ -| Exim | SMTP server for | init script `/etc/init.d/exim4` | -| | local mail | | -| | submission, ... | | -+--------------------+--------------------+----------------------------------+ -| Nagios NRPE server | remote monitoring | init script | -| | service queried by | `/etc/init.d/nagios-nrpe-server` | -| | :doc:`monitor` | | -+--------------------+--------------------+----------------------------------+ ++--------------------+--------------------+----------------------------------------+ +| Service | Usage | Start mechanism | ++====================+====================+========================================+ +| openssh server | ssh daemon for | init script :file:`/etc/init.d/ssh` | +| | remote | | +| | administration | | ++--------------------+--------------------+----------------------------------------+ +| Apache httpd | Webserver for ... | init script | +| | | :file:`/etc/init.d/apache2` | ++--------------------+--------------------+----------------------------------------+ +| cron | job scheduler | init script :file:`/etc/init.d/cron` | ++--------------------+--------------------+----------------------------------------+ +| rsyslog | syslog daemon | init script | +| | | :file:`/etc/init.d/syslog` | ++--------------------+--------------------+----------------------------------------+ +| PostgreSQL | PostgreSQL | init script | +| | database server | :file:`/etc/init.d/postgresql` | +| | for ... | | ++--------------------+--------------------+----------------------------------------+ +| MySQL | MySQL database | init script | +| | server for ... | :file:`/etc/init.d/mysql` | ++--------------------+--------------------+----------------------------------------+ +| Postfix | SMTP server for | init script | +| | local mail | :file:`/etc/init.d/postfix` | +| | submission, ... | | ++--------------------+--------------------+----------------------------------------+ +| Exim | SMTP server for | init script | +| | local mail | :file:`/etc/init.d/exim4` | +| | submission, ... | | ++--------------------+--------------------+----------------------------------------+ +| Nagios NRPE server | remote monitoring | init script | +| | service queried by | :file:`/etc/init.d/nagios-nrpe-server` | +| | :doc:`monitor` | | ++--------------------+--------------------+----------------------------------------+ Databases --------- @@ -156,7 +161,7 @@ Connected Systems * :doc:`monitor` Outbound network connections -............................ +---------------------------- * DNS (53) resolving nameservers 172.16.2.2 and 172.16.2.3 * :doc:`emailout` as SMTP relay @@ -170,15 +175,17 @@ Security SSH host keys ------------- -+-----------+-------------+ -| Algorithm | Fingerprint | -+===========+=============+ -| RSA | | -+-----------+-------------+ -| DSA | | -+-----------+-------------+ -| ECDSA | | -+-----------+-------------+ ++-----------+-----------------------------------------------------+ +| Algorithm | Fingerprint | ++===========+=====================================================+ +| RSA | | ++-----------+-----------------------------------------------------+ +| DSA | | ++-----------+-----------------------------------------------------+ +| ECDSA | | ++-----------+-----------------------------------------------------+ +| ED25519 | | ++-----------+-----------------------------------------------------+ .. seealso:: |