. '''To [[SystemAdministration|System Administration]]''' - '''To [[SystemAdministration/Systems|Systems Overview]]''' - '''To [[SystemAdministration/IPList|Systems IP List]]''' ---- = Systems - TEMPLATE = = Basics = == Purpose == <SHORT DESCRIPTION> == Physical Location == <PHYSICAL HOST, VM GUEST, APACHE VIRTUAL HOST, etc.> ## Use the following for containers on Infra02: This system is located in an [[http://lxc.sourceforge.net|LXC]] container on physical machine [[SystemAdministration/Systems/Infra02|Infra02]]. == Physical Configuration == See [[SystemAdministration/EquipmentList]] == Logical location == * IP Internet: <IP> * IP Intranet: <IP> * IP Internal: <IP> * MAC address: <MAC> (interfacename) See [[SystemAdministration/IPList|Systems IP List]] == DNS == * <HOSTNAME>.cacert.org. IN A <IP> * <HOSTNAME>.intra.cacert.org. IN A <IP> See [[SystemAdministration/Procedures/DNSChanges|DNS configuration]] == Operating System == * Debian GNU/Linux x.y == Applicable Documentation == This is it :-) == Administration == System Admin: * <SYSADMIN's NAME> Contact: * <system>-admin@cacert.org = Services = == Listening services == || '''Port''' || '''Service''' || '''Users''' || '''Purpose''' || || 22/tcp || ssh || sysadmins || admin console access || || 25/tcp || smtp || local || local mail pickup in order to send out notifications || || 80/tcp || http || all || application || || 443/tcp || https || all || application || || 5666/tcp || nrpe || sysadmins || remote monitoring service || ## below are some definitions of commonly open ports, choose those that are applicable and order the table by port number ## || 3306/tcp || mysql || local || MySQL database for ... || ## || 5432/tcp || pgsql || local || PostgreSQL database for ... || ## || 465/udp || syslog || local || syslog port || == Running services == || '''Service''' || '''Usage''' || '''Start mechanism''' || || openssh server || ssh daemon for remote administration || init script `/etc/init.d/ssh` || || Apache httpd || Webserver for ... || init script `/etc/init.d/apache2` || || cron || job scheduler || init script `/etc/init.d/cron` || || rsyslog || syslog daemon || init script `/etc/init.d/syslog` || || PostgreSQL || PostgreSQL database server for ... || init script `/etc/init.d/postgresql` || || MySQL || MySQL database server for ... || init script `/etc/init.d/mysql` || || Postfix || SMTP server for local mail submission, ... || init script `/etc/init.d/postfix` || || Exim || SMTP server for local mail submission, ... || init script `/etc/init.d/exim4` || || Nagios NRPE server || remote monitoring service queried by [[SystemAdministration/Systems/Monitor|Monitor]] || init script `/etc/init.d/nagios-nrpe-server` || == Databases == || '''RDBMS''' || '''Name''' || '''Used for''' || || MySQL || application1 || fictional application one || || PostgreSQL || application2 || fictional application two || == Running Guests == || '''Machine''' || '''IP Intranet''' || '''IP Internet''' || '''Ports''' || '''Purpose''' || || <LINK TO MACHINE> || <LOCAL IP> || <INTERNET IP> || <PORTS> || <DESCRIPTION> || == Connected Systems == * [[SystemAdministration/Systems/Monitor|Monitor]] === Outbound network connections === * DNS (53) resolving nameservers 172.16.2.2 and 172.16.2.3 * [[SystemAdministration/Systems/Emailout|Emailout]] as SMTP relay * ftp.nl.debian.org as Debian mirror * security.debian.org for Debian security updates * crl.cacert.org (rsync) for getting CRLs = Security = == SSH host keys == || '''Algorithm''' || '''Fingerprint''' || || RSA || || || DSA || || || ECDSA || || See [[SystemAdministration/SshHostKeyList|SSH Host Key List]] == Dedicated user roles == ## If the system has some dedicated user groups besides the sudo group used for administration it should be documented here ## Regular operating system groups should not be documented ## || '''Group''' || '''Purpose''' || ## || goodguys || Shell access for the good guys || == Non-distribution packages and modifications == ## * None ## or ## * List of non-distribution packages and modifications == Risk assessments on critical packages == = Tasks = = Critical Configuration items = == Keys and X.509 certificates == * `/etc/apache2/ssl/<path to certificate>` server certificate (valid until <datetime>) * `/etc/apache2/ssl/<path to server key>` server key ## * `/etc/apache2/ssl/cacert-certs.pem` CAcert.org Class 1 and Class 3 CA certificates (allowed CA certificates for client certificates) ## * `/etc/apache2/ssl/cacert-chain.pem` CAcert.org Class 1 certificate (certificate chain for server certificate) See [[SystemAdministration/CertificateList|Certificates list]] = Changes = == Planned == === System Future === ## * No plans === Document Stuff === ## add a paragraph for each larger planned task that seems to be worth ## mentioning. You may want to link to specific issues if you use some issue ## tracker. === Potential Similiar Configurations === || [[Exim4Configuration|Exim4 Configuration]] || || [[PostfixConfiguration|Postfix Configuration]] || || [[QmailConfiguration|Qmail Configuration]] || || [[SendmailConfiguration|Sendmail Configuration]] || || [[StunnelConfiguration|Stunnel Configuration]] || === Potential System Procedures === || [[SystemAdministration/Procedures/DNSChanges|DNS configuration]] || || [[SystemAdministration/CertificateList|Certificates list]] || = References = ## can be used to provide links to reference documentation ## * http://product.site.com/docs/ ## * [[http://product.site.com/whitepaper/document.pdf|Paper on how to setup...]] = Links = ## || [[https://<system>.cacert.org/]] || <System> URL || ## may contain more URLs if there are multiple useful entry points ---- . CategorySystems