Skip to topic | Skip to bottom
Home
Search:

Sysadmin

Sysadmin.PopelinInfor1.15 - 05 Jan 2008 - 14:15 - KwadroNauttopic end
You are here: Sysadmin > PopelinInfo
Start of topic | Skip to actions

PopelinInfo

Named after Marie Popelin. http://popelin.indymedia.org

Table of content :

Who to contact

What runs on it:

Financial garbage...

PopelinFinance

General Tech

Note: It's a v-server
Debian sarge
main ip: 62.58.108.44
Diskspace: 15GB
min ram 64MB
amd64-architecture
transfer: 500GB/month

Server Tools...

Monitoring tools

http://munin.linefeed.org/indymedia.org/popelin.indymedia.org.html
links 127.0.0.1/cband-status (this is only accessible from popelin itself
and on nettlaus nagios

Changelogs

Whenever you do something on the server, please complete the appropriate Changelog! It's in /root/Changelog But if you want to keep track of modifications on your config of your local imc, please use something like /root/changelog/changelog.antwerpen Eventually you will want to send that info to your collective, so adapt the metche config appropriately.

Adding a shell user

Create user

sudo adduser -m USER

Give him/her a strong password (for example, use the pwgen program to generate it), and paste it in ~USER/rand. This will be used for sudo only, since password login will be disabled (only pubkey ssh login allowed).

Add him/her to the correct group : sudo adduser USER cemab

Create /home/USER/.ssh owned by USER:USER, with permissions 700. Copy USER's public ssh key into /home/USER/.ssh/authorized_keys, taking care to give this file 600 permissions and USER:USER as owner. The key must be 1 line, starting with ssh-dss(DSA) or ssh-rsa(RSA) spatie hex-code ending with == comment.

Sudo

sudo visudo Only use visudo for this! That locks the file properly and checks for syntaxerrors etc...

Depending on what the user needs to do, give him/her :

  • either full sudo rights : USER   ALL=(ALL) ALL
  • or nothing at all.
  • maybe we want some other restricted sudo too??

Email

Popelin sends out tls (to be checked) metche reports and root mails to all the sysadmins. Changelog@localhost is an alias.

Warning : this email address will receive sensitive information ; therefore it has use TLS end-to-end, ie. :

  • hosted on a mailserver speaking TLS with indymedia's mail server
  • fetched/read with imaps / pop3s

ToDoList?

  • monitor total bandwidth over ethernet. I suggest with cricket/rrdtool
  • upgrade sf-active to current cvs?
  • try to limit memory footprint of apache
  • ...

to top
End of topic
Skip to action links | Back to top

Edit | Attach image or document | Printable version | Raw text | More topic actions
Revisions: | r1.15 | > | r1.14 | > | r1.13 | Total page history | Backlinks
You are here: Sysadmin > PopelinInfo

to top

Copyright © 1999-2008 by the contributing authors.
All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding this tool? Send feedback (in English, Francais, Deutsch or Dutch).