Golgotha worklog: Difference between revisions

From K-LUG Wiki
Jump to navigation Jump to search
 
(13 intermediate revisions by 2 users not shown)
Line 2: Line 2:


== Critical ==
== Critical ==
* Sendmail (working)
* <s>Sendmail (working)</s>
** Mailman
** <s>'FIX TODAY: Slow response time due to spam measures' (grey listing turned off 02/17/2006)</s>
** <s>Mailman</s>
** <s>SSL/TLS (done)</s>
** <s>SSL/TLS (done)</s>
** <s>AUTH (done)</s>
** <s>AUTH (done)</s>
** <s>Milter (on by default)</s>
** <s>Milter (on by default)</s>
** MIMEDefang
** <s>MIMEDefang (done)</s>
** <s>ClamAV-milter (done)</s>
** <s>ClamAV-milter (replaced with MIMEDefang) - Seems to be dying randomly, either a config issue or we need to setup MIMEdefang to run it instead (if possible).</s>
** SpamAssassin
** <s>SpamAssassin (MIMEDefang) - Installed port, not configured or running, also installed milter-spamd but not configured or running, see /root/milter-spamd.install.</s>
** <s>SSL Certs (done)</s>
** <s>SSL Certs (done)</s>


* IMAP / POP3
* IMAP / POP3
** SSL (IMAP is done, POP3?)
** <s>IMAP SSL</s>
** POP3 (need to recreate SSL cert)


* PF
* PF
** Tighten Rules down a bit
** Tighten Rules down a bit (rules have been optimized to keep pf.conf shorter)
** setup reactive monitoring to ban hosts that try to brute, excessively scan etc.


* <s>OS Patches (done)</s>
* OS Patches (done)
** 001-020


* <s>Ports - Update to latest Patch branch (done)</s>
* <s>Ports - Update to latest Patch branch (done)</s>
Line 44: Line 48:


* WWW
* WWW
** Migrate from OpenBSD Apache to current 2.2.0 Tree
** <s>Migrate from OpenBSD Apache to current 2.2.0 Tree</s>
** Build PHP 5
** <s>Build PHP 5</s>
** setup SSL
** setup SSL
** verify userdirs are working properly.
** <s>verify userdirs are working properly.</s>


* Named
* Named
Line 69: Line 73:
*** databases
*** databases
*** websites
*** websites
* Wishlist
** Jabber Server (May not be wise until hardware upgrade)


== Hardware ==
== Hardware ==
At some point this year, we should consider upgrading Golgothas hardware to something semi current.
Hardware has been upgraded to an Intel Pentium4 3.2GHz, 1GB RAM, DFI 915P-TAG Motherboard. Also added two (2) 200GB Maxtor 6L200P0 drives for an eventual RAID 1 Mirror for home directories.
Possibly adding two (250GB) drives for a mirroring setup.
 
New hardware should have at least 1GB ram.

Latest revision as of 22:30, 4 June 2007

Golgotha needs some attention sometimes. Here is the currrent TODO list.

Critical

  • Sendmail (working)
    • 'FIX TODAY: Slow response time due to spam measures' (grey listing turned off 02/17/2006)
    • Mailman
    • SSL/TLS (done)
    • AUTH (done)
    • Milter (on by default)
    • MIMEDefang (done)
    • ClamAV-milter (replaced with MIMEDefang) - Seems to be dying randomly, either a config issue or we need to setup MIMEdefang to run it instead (if possible).
    • SpamAssassin (MIMEDefang) - Installed port, not configured or running, also installed milter-spamd but not configured or running, see /root/milter-spamd.install.
    • SSL Certs (done)
  • IMAP / POP3
    • IMAP SSL
    • POP3 (need to recreate SSL cert)
  • PF
    • Tighten Rules down a bit (rules have been optimized to keep pf.conf shorter)
    • setup reactive monitoring to ban hosts that try to brute, excessively scan etc.
  • OS Patches (done)
    • 001-020
  • Ports - Update to latest Patch branch (done)
  • ClamAV
    • Install (done)
    • Configure cron to update rules. (done, freshclam is running as a daemon, see rc.local and rc.conf.local)

Important

  • SNMP
    • Config (this should be done)
    • Verify that it is bound to localhost only
  • MRTG
    • Track fxp0 usage (done)
    • Track sendmail stats (partialy done)
    • Track Disk Usage
    • Track CPU Usage
    • Possibly track a few stat apps (IRC etc)
    • Possibly look into using rrdtool via Cacti
  • compat_linux(8)
    • Update Linux libs from centos
  • WWW
    • Migrate from OpenBSD Apache to current 2.2.0 Tree
    • Build PHP 5
    • setup SSL
    • verify userdirs are working properly.
  • Named
    • fix some of the lame config'd hosts.
  • IP Aliases (DONE)

Non/Critical

  • Teamspeak
    • This is dependent on the linux libs. Currently it takes massive cpu time.
  • WWW
    • Setup a decent chroot system
  • Named
    • Check into the denied error when using ns-update remotely
  • System
    • Cleanup old accounts
      • User accounts
      • databases
      • websites
  • Wishlist
    • Jabber Server (May not be wise until hardware upgrade)

Hardware

Hardware has been upgraded to an Intel Pentium4 3.2GHz, 1GB RAM, DFI 915P-TAG Motherboard. Also added two (2) 200GB Maxtor 6L200P0 drives for an eventual RAID 1 Mirror for home directories.