. '''To [[SystemAdministration/Systems|Systems Overview]]''' ---- = Systems - Translingo = = Basics = == Purpose == The purpose of the Translingo server is to serve the Webdb with language support. This is the system administration page. == Physical Location == This system is located on a Debian Etch vserver on physical machine sun2. '''???''' == Logical location == * IP: 172.16.2.12 '''???''' * IP External (Tunix Managed): 213.154.225.242 (translingo.cacert.org) == Administration == * Primary: * Contact: translingo-admin@cacert.org = NEEDS ALL TO BE REVIEWED !!! (copy from systems wiki) = = Services = == Listening services == ||port ||service ||access origin ||purpose || ||22 ||SSH ||all ||SSH access for systems administration || ||25 ||SMTP ||all ||SMTP server for sending mail out (FIXME: does not need to listen on ''public'' IP) || ||80 ||HTTP ||all ||HTTP access to wiki || == DNS == * (former: translingo.org) * translingo.intra.cacert.org: 172.16.2.12 '''???''' * translingo.cacert.org: 213.154.225.242 * 242.225.154.213.in-addr.arpa: (none) == Connected Systems == === Outbound network connections === * SMTP (25, tcp) relay host: 172.16.2.3 * DNS (53, udp) resolving nameserver: 172.28.50.1 * HTTP (80, tcp) package update http://ftp.nl.debian.org/ and http://security.debian.org/ = Security = * Privileged remote access: '''FIXME''' * Godlike editing powers: '''FIXME''' == Installed packages == * translingo - translingo in svn repository [[https://svn.cacert.org/CAcert/Software/translingo/]] == Non-distribution packages == == Risk assessments on critical packages == * apache2 - good reputation - low number of vulnerabilities == Ugly Hacks == '''FIXME''' = Common Tasks = == Critical Configuration items == === /etc/apache2/sites-available/ === * '''FIXME''' = Changes = == Planned == === Migration === === Monitoring === * Create lists of services to monitor * Check requirements for internal monitoring === Configuration Management === * Implement [[SystemAdministration/Procedures/OperatingSystemPatches]] [[see also|https://lists.cacert.org/wws/arc/cacert-sysadm/2009-08/msg00007.html]] * Check [[SystemAdministration/Tools/Etckeeper]] === Logging === Need to centralise this. * fail2ban * log rotation according to SP/SM * change to general logging schema, also for httpd? === Authentication === * X.509 * OpenID ---- . CategorySystems