Golgotha worklog: Difference between revisions

From K-LUG Wiki
Jump to navigation Jump to search
Line 21: Line 21:
** setup reactive monitoring to ban hosts that try to brute, escessivley scan etc.
** setup reactive monitoring to ban hosts that try to brute, escessivley scan etc.


* <s>OS Patches (done)</s>
* OS Patches (done)
** 001-006


* <s>Ports - Update to latest Patch branch (done)</s>
* <s>Ports - Update to latest Patch branch (done)</s>

Revision as of 09:18, 26 March 2006

Golgotha needs some attention sometimes. Here is the currrent TODO list.

Critical

  • Sendmail (partially working)
    • 'FIX TODAY: Slow response time due to spam measures' (grey listing turned off 02/17/2006)
    • Mailman
    • SSL/TLS (done)
    • AUTH (done)
    • Milter (on by default)
    • MIMEDefang
    • ClamAV-milter (done) - Seems to be dying randomly, either a config issue or we need to setup MIMEdefang to run it instead (if possible).
    • SpamAssassin - Installed port, not configured or running, also installed milter-spamd but not configured or running, see /root/milter-spamd.install.
    • SSL Certs (done)
  • IMAP / POP3
    • IMAP SSL
    • POP3 (need to recreate SSL cert)
  • PF
    • Tighten Rules down a bit (rules have been optimized to keep pf.conf shorter)
    • setup reactive monitoring to ban hosts that try to brute, escessivley scan etc.
  • OS Patches (done)
    • 001-006
  • Ports - Update to latest Patch branch (done)
  • ClamAV
    • Install (done)
    • Configure cron to update rules. (done, freshclam is running as a daemon, see rc.local and rc.conf.local)

Important

  • SNMP
    • Config (this should be done)
    • Verify that it is bound to localhost only
  • MRTG
    • Track fxp0 usage (done)
    • Track sendmail stats (partialy done)
    • Track Disk Usage
    • Track CPU Usage
    • Possibly track a few stat apps (IRC etc)
    • Possibly look into using rrdtool via Cacti
  • compat_linux(8)
    • Update Linux libs from centos
  • WWW
    • Migrate from OpenBSD Apache to current 2.2.0 Tree
    • Build PHP 5
    • setup SSL
    • verify userdirs are working properly.
  • Named
    • fix some of the lame config'd hosts.
  • IP Aliases (DONE)

Non/Critical

  • Teamspeak
    • This is dependent on the linux libs. Currently it takes massive cpu time.
  • WWW
    • Setup a decent chroot system
  • Named
    • Check into the denied error when using ns-update remotely
  • System
    • Cleanup old accounts
      • User accounts
      • databases
      • websites
  • Wishlist
    • Jabber Server (May not be wise until hardware upgrade)

Hardware

At some point this year, we should consider upgrading Golgothas hardware to something semi current. Possibly adding two (250GB) drives for a mirroring setup.

New hardware should have at least 1GB ram.

Retrieved from "https://k-lug.org/index.php?title=Golgotha_worklog&oldid=198"