Update Debian release information
[cacert-infradocs.git] / docs / systems / coaudit.rst
1 .. index::
2 single: Systems; Coaudit
3
4 =======
5 Coaudit
6 =======
7
8 Purpose
9 =======
10
11 Planned replacement for :wiki:`fiddle.it </SystemAdministration/Systems/fiddle>`.
12
13 Administration
14 ==============
15
16 System Administration
17 ---------------------
18
19 * Primary: :ref:`people_martin`
20 * Secondary: None
21
22 .. todo:: find an additional admin
23
24 Contact
25 -------
26
27 * coaudit-admin@cacert.org
28
29 Additional People
30 -----------------
31
32 :ref:`people_jandd` and :ref:`people_mario` have :program:`sudo` access on that
33 machine too.
34
35 Basics
36 ======
37
38 Physical Location
39 -----------------
40
41 This system is located in an :term:`LXC` container on physical machine
42 :doc:`infra02`.
43
44 Logical Location
45 ----------------
46
47 :IP Internet: :ip:v4:`213.154.225.230`
48 :IP Intranet: :ip:v4:`172.16.2.118`
49 :IP Internal: :ip:v4:`10.0.0.118`
50 :MAC address: :mac:`00:ff:67:c2:08:53` (eth0)
51
52 .. seealso::
53
54 See :doc:`../network`
55
56 DNS
57 ---
58
59 .. index::
60 single: DNS records; Coaudit
61
62 =================== ======== ==========================
63 Name Type Content
64 =================== ======== ==========================
65 coaudit.cacert.org. IN CNAME infrastructure.cacert.org.
66 =================== ======== ==========================
67
68 .. seealso::
69
70 See :wiki:`SystemAdministration/Procedures/DNSChanges`
71
72 Operating System
73 ----------------
74
75 .. index::
76 single: Debian GNU/Linux; Jessie
77 single: Debian GNU/Linux; 8.8
78
79 * Debian GNU/Linux 8.8
80
81 Applicable Documentation
82 ------------------------
83
84 This is it :-)
85
86 Services
87 ========
88
89 Listening services
90 ------------------
91
92 +----------+-----------+-----------+-----------------------------------------+
93 | Port | Service | Origin | Purpose |
94 +==========+===========+===========+=========================================+
95 | 22/tcp | ssh | ANY | admin console access |
96 +----------+-----------+-----------+-----------------------------------------+
97 | 25/tcp | smtp | local | mail delivery to local MTA |
98 +----------+-----------+-----------+-----------------------------------------+
99 | 80/tcp | http | ANY | application |
100 +----------+-----------+-----------+-----------------------------------------+
101 | 5666/tcp | nrpe | monitor | remote monitoring service |
102 +----------+-----------+-----------+-----------------------------------------+
103
104 Running services
105 ----------------
106
107 .. index::
108 single: Apache
109 single: cron
110 single: exim
111 single: nrpe
112 single: openssh
113
114 +--------------------+--------------------+----------------------------------------+
115 | Service | Usage | Start mechanism |
116 +====================+====================+========================================+
117 | openssh server | ssh daemon for | init script :file:`/etc/init.d/ssh` |
118 | | remote | |
119 | | administration | |
120 +--------------------+--------------------+----------------------------------------+
121 | Apache httpd | Webserver | init script |
122 | | | :file:`/etc/init.d/apache2` |
123 +--------------------+--------------------+----------------------------------------+
124 | cron | job scheduler | init script :file:`/etc/init.d/cron` |
125 +--------------------+--------------------+----------------------------------------+
126 | Exim | SMTP server for | init script |
127 | | local mail | :file:`/etc/init.d/exim4` |
128 | | submission | |
129 +--------------------+--------------------+----------------------------------------+
130 | Nagios NRPE server | remote monitoring | init script |
131 | | service queried by | :file:`/etc/init.d/nagios-nrpe-server` |
132 | | :doc:`monitor` | |
133 +--------------------+--------------------+----------------------------------------+
134
135 Connected Systems
136 -----------------
137
138 * :doc:`monitor`
139
140 Outbound network connections
141 ----------------------------
142
143 * DNS (53) resolving nameservers 172.16.2.2 and 172.16.2.3
144 * :doc:`emailout` as SMTP relay
145 * ftp.nl.debian.org as Debian mirror
146 * security.debian.org for Debian security updates
147
148 Security
149 ========
150
151 .. sshkeys::
152 :RSA: 07:e1:eb:c0:4d:01:b7:a1:16:b1:01:8b:6b:5f:59:43
153 :DSA: 66:ac:19:2c:a1:73:5b:6c:6c:55:3b:5b:52:cb:7e:ec
154 :ECDSA: 51:c7:bf:c6:f1:50:45:b7:cd:31:d7:41:40:60:b4:3c
155
156 Critical Configuration items
157 ============================
158
159 Apache httpd configuration
160 --------------------------
161
162 The system contains an uncustomized Apache httpd configuration.
163
164 Changes
165 =======
166
167 System Future
168 -------------
169
170 .. todo:: either setup some application or remove the container
171
172 Additional documentation
173 ========================
174
175 .. seealso::
176
177 * :wiki:`Exim4Configuration`