Systems - Wiki
Basics
Purpose
The purpose of the wiki server is to serve the wiki, implemented with MoinMoin (http://wiki.cacert.org/). This is the system administration page, general wiki help can be found at HelpContents.
Physical Location
This system is located on a Debian Etch vserver on physical machine sun2.
Logical location
- IP: 172.16.2.12
- IP External (Tunix Managed): 213.154.225.235 (wiki.cacert.org)
Administration
Primary: Mario Lipinski, Jan Dittberner
Contact: wiki-admin@cacert.org
Services
Listening services
port
service
access origin
purpose
22
SSH
all
SSH access for systems administration
25
SMTP
all
SMTP server for sending mail out (FIXME: does not need to listen on public IP)
80
HTTP
all
HTTP access to wiki
DNS
- wiki.intra.cacert.org: 172.16.2.12
- wiki.cacert.org: 213.154.225.235
- 235.225.154.213.in-addr.arpa: (none)
Connected Systems
Outbound network connections
- SMTP (25, tcp) relay host: 172.16.2.3
- DNS (53, udp) resolving nameserver: 172.28.50.1
HTTP (80, tcp) package update http://ftp.nl.debian.org/ and http://security.debian.org/
Security
Privileged remote access: FIXME
Godlike editing powers: FIXME
Installed packages
(incomplete)
python-docutils (for ReST support with MoinMoin)
Non-distribution packages
FIXME: MoinMoin extensions?
Risk assessments on critical packages
- apache2 - good reputation - low number of vulnerabilities
MoinMoin - FIXME
Ugly Hacks
FIXME
Common Tasks
Critical Configuration items
/etc/apache2/sites-available/
FIXME
Changes
Planned
Migration
Evaluate migration to another wiki system.
MoinMoin
- Clean up database from spam
- Change to CAcert corporate design (Mario has more info)
- Remove/improve spam protection
- Module to delete spam
- Module to delete users
Monitoring
- Create lists of services to monitor
- Check requirements for internal monitoring
Configuration Management
Implement SystemAdministration/Procedures/OperatingSystemPatches https://lists.cacert.org/wws/arc/cacert-sysadm/2009-08/msg00007.html
Logging
Need to centralise this.
- fail2ban
- log rotation according to SP/SM
- change to general logging schema, also for httpd?
Authentication
- X.509
- OpenID