Add more info for infra02
authorJan Dittberner <jan@dittberner.info>
Sat, 16 Apr 2016 23:21:50 +0000 (01:21 +0200)
committerJan Dittberner <jan@dittberner.info>
Sat, 16 Apr 2016 23:22:23 +0000 (01:22 +0200)
docs/infra02.rst
docs/template.rst

index d47345d..5757073 100644 (file)
@@ -2,11 +2,8 @@
 Infra02
 =======
 
-Basics
-======
-
 Purpose
--------
+=======
 
 The infrastructure host system Infra02 is a dedicated machine for the CAcert
 infrastructure.
@@ -18,6 +15,9 @@ is maintained on this machine using Ferm_.
 .. _LXC: https://linuxcontainers.org/
 .. _Ferm: http://ferm.foo-projects.org/
 
+Basics
+======
+
 Physical Location
 -----------------
 
@@ -61,3 +61,133 @@ Logical Location
 
    :doc:`network`.
 
+DNS
+---
+
+* infrastructure.cacert.org. IN A 213.154.225.230
+* infrastructure.cacert.org. IN SSHFP 1 1 5A82D3C150AF002C05784F73250A067053AEED63
+* infrastructure.cacert.org. IN SSHFP 1 2 63B0D74A3F1CE61865A5EB0497EF05243BC4067EC983C69AB8E62F3CB940CC82
+* infrastructure.cacert.org. IN SSHFP 2 1 AF8D8E3386EAA72997709632ADF2B457E6FEF0DC
+* infrastructure.cacert.org. IN SSHFP 2 2 3A0188FC47D1FDD14D70A2FB78F51792D06BA11EAE6AB16E73CB7BB8DD6A0DC8
+* infrastructure.cacert.org. IN SSHFP 3 1 3E1B9EBF85B726CF831C76ECB8C17786AEDF40E8
+* infrastructure.cacert.org. IN SSHFP 3 2 3AE7F0035C2172977E99BFE312C7A8299650DEA16A975EA13EECE8FDA426062A
+* infra02.intra.cacert.org. IN A 172.16.2.10
+
+.. seealso::
+
+   See https://wiki.cacert.org/SystemAdministration/Procedures/DNSChanges
+
+Operating System
+----------------
+
+* Debian GNU/Linux 7.10
+
+Applicable Documentation
+------------------------
+
+This is it :-)
+
+Administration
+==============
+
+System Administration
+---------------------
+
+* Primary: `Jan Dittberner`_
+* Secondary: `Mario Lipinski`_
+
+.. _Jan Dittberner: jandd@cacert.org
+.. _Mario Lipinski: mario@cacert.org
+
+Contact
+-------
+
+* infrastructure-admin@cacert.org
+
+Services
+========
+
+Listening services
+------------------
+
++----------+-----------+-----------+-----------------------------------------+
+| Port     | Service   | Origin    | Purpose                                 |
++==========+===========+===========+=========================================+
+| 22/tcp   | ssh       | ANY       | admin console access                    |
++----------+-----------+-----------+-----------------------------------------+
+| 25/tcp   | smtp      | local     | mail delivery to local MTA              |
++----------+-----------+-----------+-----------------------------------------+
+| 123/udp  | ntp       | ANY       | network time protocol for host,         |
+|          |           |           | listening on the Internet IPv6 and IPv4 |
+|          |           |           | addresses                               |
++----------+-----------+-----------+-----------------------------------------+
+| 5666/tcp | nrpe      | monitor   | remote monitoring service               |
++----------+-----------+-----------+-----------------------------------------+
+
+Running services
+----------------
+
++--------------------+--------------------+----------------------------------------+
+| Service            | Usage              | Start mechanism                        |
++====================+====================+========================================+
+| openssh server     | ssh daemon for     | init script :file:`/etc/init.d/ssh`    |
+|                    | remote             |                                        |
+|                    | administration     |                                        |
++--------------------+--------------------+----------------------------------------+
+| cron               | job scheduler      | init script :file:`/etc/init.d/cron`   |
++--------------------+--------------------+----------------------------------------+
+| rsyslog            | syslog daemon      | init script                            |
+|                    |                    | :file:`/etc/init.d/syslog`             |
++--------------------+--------------------+----------------------------------------+
+| ntpd               | time server        | init script :file:`/etc/init.d/ntp`    |
++--------------------+--------------------+----------------------------------------+
+| Postfix            | SMTP server for    | init script                            |
+|                    | local mail         | :file:`/etc/init.d/postfix`            |
+|                    | submission, ...    |                                        |
++--------------------+--------------------+----------------------------------------+
+| Nagios NRPE server | remote monitoring  | init script                            |
+|                    | service queried by | :file:`/etc/init.d/nagios-nrpe-server` |
+|                    | :doc:`monitor`     |                                        |
++--------------------+--------------------+----------------------------------------+
+
+.. Running Guests
+   --------------
+
+   .. some directive to list guests here
+
+Connected Systems
+-----------------
+
+* :doc:`monitor`
+* :doc:`emailout`
+
+Outbound network connections
+----------------------------
+
+* DNS (53) resolving nameservers 172.16.2.2 and 172.16.2.3
+* :doc:`emailout` as SMTP relay
+* ftp.nl.debian.org as Debian mirror
+* security.debian.org for Debian security updates
+
+Security
+========
+
+SSH host keys
+-------------
+
++-----------+-----------------------------------------------------+
+| Algorithm | Fingerprint                                         |
++===========+=====================================================+
+| RSA       | ``86:d5:f8:71:2e:ab:5e:50:5d:f6:37:6b:16:8f:d1:1c`` |
++-----------+-----------------------------------------------------+
+| DSA       | ``b4:fb:c2:74:33:eb:cc:f0:3e:31:38:c9:a8:df:0a:f5`` |
++-----------+-----------------------------------------------------+
+| ECDSA     | ``79:c4:b8:ff:ef:c9:df:9a:45:07:8d:ab:71:7c:e9:c0`` |
++-----------+-----------------------------------------------------+
+| ED25519   | ``25:d1:c7:44:1c:38:9e:ad:89:32:c7:9c:43:8e:41:c4`` |
++-----------+-----------------------------------------------------+
+
+.. seealso::
+
+   See :doc:`sshkeys`
+
index 8d0e090..e2ebe5f 100644 (file)
@@ -2,14 +2,14 @@
 Systems - TEMPLATE
 ==================
 
-Basics
-======
-
 Purpose
--------
+=======
 
 .. <SHORT DESCRIPTION>
 
+Basics
+======
+
 Physical Location
 -----------------
 
@@ -59,12 +59,17 @@ Applicable Documentation
 This is it :-)
 
 Administration
---------------
+==============
 
-System Admin:
- * <SYSADMIN's NAME>
+System Administration
+---------------------
+
+* Primary: <SYSADMIN's NAME>
+* Secondary: <secondary name>
+
+Contact
+-------
 
-Contact:
  * <system>-admin@cacert.org
 
 Services
@@ -74,18 +79,17 @@ Listening services
 ------------------
 
 +----------+-----------+-----------+-----------------------------------------+
-| Port     | Service   | Users     | Purpose                                 |
+| Port     | Service   | Origin    | Purpose                                 |
 +==========+===========+===========+=========================================+
-| 22/tcp   | ssh       | sysadmins | admin console access                    |
+| 22/tcp   | ssh       | ANY       | admin console access                    |
 +----------+-----------+-----------+-----------------------------------------+
-| 25/tcp   | smtp      | local     | local mail pickup in order to send out  |
-|          |           |           | notifications                           |
+| 25/tcp   | smtp      | local     | mail delivery to local MTA              |
 +----------+-----------+-----------+-----------------------------------------+
-| 80/tcp   | http      | all       | application                             |
+| 80/tcp   | http      | ANY       | application                             |
 +----------+-----------+-----------+-----------------------------------------+
-| 443/tcp  | https     | all       | application                             |
+| 443/tcp  | https     | ANY       | application                             |
 +----------+-----------+-----------+-----------------------------------------+
-| 5666/tcp | nrpe      | sysadmins | remote monitoring service               |
+| 5666/tcp | nrpe      | monitor   | remote monitoring service               |
 +----------+-----------+-----------+-----------------------------------------+
 
 .. below are some definitions of commonly open ports, choose those that are applicable and order the table by port number
@@ -96,39 +100,40 @@ Listening services
 Running services
 ----------------
 
-+--------------------+--------------------+----------------------------------+
-| Service            | Usage              | Start mechanism                  |
-+====================+====================+==================================+
-| openssh server     | ssh daemon for     | init script `/etc/init.d/ssh`    |
-|                    | remote             |                                  |
-|                    | administration     |                                  |
-+--------------------+--------------------+----------------------------------+
-| Apache httpd       | Webserver for ...  | init script                      |
-|                    |                    | `/etc/init.d/apache2`            |
-+--------------------+--------------------+----------------------------------+
-| cron               | job scheduler      | init script `/etc/init.d/cron`   |
-+--------------------+--------------------+----------------------------------+
-| rsyslog            | syslog daemon      | init script `/etc/init.d/syslog` |
-+--------------------+--------------------+----------------------------------+
-| PostgreSQL         | PostgreSQL         | init script                      |
-|                    | database server    | `/etc/init.d/postgresql`         |
-|                    | for ...            |                                  |
-+--------------------+--------------------+----------------------------------+
-| MySQL              | MySQL database     | init script `/etc/init.d/mysql`  |
-|                    | server for ...     |                                  |
-+--------------------+--------------------+----------------------------------+
-| Postfix            | SMTP server for    | init script                      |
-|                    | local mail         |  `/etc/init.d/postfix`           |
-|                    | submission, ...    |                                  |
-+--------------------+--------------------+----------------------------------+
-| Exim               | SMTP server for    | init script `/etc/init.d/exim4`  |
-|                    | local mail         |                                  |
-|                    | submission, ...    |                                  |
-+--------------------+--------------------+----------------------------------+
-| Nagios NRPE server | remote monitoring  | init script                      |
-|                    | service queried by | `/etc/init.d/nagios-nrpe-server` |
-|                    | :doc:`monitor`     |                                  |
-+--------------------+--------------------+----------------------------------+
++--------------------+--------------------+----------------------------------------+
+| Service            | Usage              | Start mechanism                        |
++====================+====================+========================================+
+| openssh server     | ssh daemon for     | init script :file:`/etc/init.d/ssh`    |
+|                    | remote             |                                        |
+|                    | administration     |                                        |
++--------------------+--------------------+----------------------------------------+
+| Apache httpd       | Webserver for ...  | init script                            |
+|                    |                    | :file:`/etc/init.d/apache2`            |
++--------------------+--------------------+----------------------------------------+
+| cron               | job scheduler      | init script :file:`/etc/init.d/cron`   |
++--------------------+--------------------+----------------------------------------+
+| rsyslog            | syslog daemon      | init script                            |
+|                    |                    | :file:`/etc/init.d/syslog`             |
++--------------------+--------------------+----------------------------------------+
+| PostgreSQL         | PostgreSQL         | init script                            |
+|                    | database server    | :file:`/etc/init.d/postgresql`         |
+|                    | for ...            |                                        |
++--------------------+--------------------+----------------------------------------+
+| MySQL              | MySQL database     | init script                            |
+|                    | server for ...     | :file:`/etc/init.d/mysql`              |
++--------------------+--------------------+----------------------------------------+
+| Postfix            | SMTP server for    | init script                            |
+|                    | local mail         | :file:`/etc/init.d/postfix`            |
+|                    | submission, ...    |                                        |
++--------------------+--------------------+----------------------------------------+
+| Exim               | SMTP server for    | init script                            |
+|                    | local mail         | :file:`/etc/init.d/exim4`              |
+|                    | submission, ...    |                                        |
++--------------------+--------------------+----------------------------------------+
+| Nagios NRPE server | remote monitoring  | init script                            |
+|                    | service queried by | :file:`/etc/init.d/nagios-nrpe-server` |
+|                    | :doc:`monitor`     |                                        |
++--------------------+--------------------+----------------------------------------+
 
 Databases
 ---------
@@ -156,7 +161,7 @@ Connected Systems
 * :doc:`monitor`
 
 Outbound network connections
-............................
+----------------------------
 
 * DNS (53) resolving nameservers 172.16.2.2 and 172.16.2.3
 * :doc:`emailout` as SMTP relay
@@ -170,15 +175,17 @@ Security
 SSH host keys
 -------------
 
-+-----------+-------------+
-| Algorithm | Fingerprint |
-+===========+=============+
-| RSA       |             |
-+-----------+-------------+
-| DSA       |             |
-+-----------+-------------+
-| ECDSA     |             |
-+-----------+-------------+
++-----------+-----------------------------------------------------+
+| Algorithm | Fingerprint                                         |
++===========+=====================================================+
+| RSA       |                                                     |
++-----------+-----------------------------------------------------+
+| DSA       |                                                     |
++-----------+-----------------------------------------------------+
+| ECDSA     |                                                     |
++-----------+-----------------------------------------------------+
+| ED25519   |                                                     |
++-----------+-----------------------------------------------------+
 
 .. seealso::