PopelinInfo

Named after Marie Popelin. http://popelin.indymedia.org

Table of content :

Who to contact

• irc.indymedia.org #popelin ( irc through your browser)
• subscribe or mail to the general popelin list ( http://lists.indymedia.org/mailman/listinfo/popelin-tech
• mail to popelin-sysad AT lists dot indymedia dot org https://lists.indymedia.org/mailman/listinfo/popelin-sysad

What runs on it:

• http://antwerpen.indymedia.org
• http://cemab.be
• http://kenya.indymedia.org
• http://marseille.indymedia.org
• http://ovl.indymedia.org
• http://uruguay.indymedia.org

Financial garbage...

PopelinFinance

General Tech

Note: It's a v-server
Debian sarge
main ip: 62.58.108.44
Diskspace: 15GB
min ram 64MB
amd64-architecture
transfer: 500GB/month

Server Tools...

Monitoring tools

http://munin.linefeed.org/indymedia.org/popelin.indymedia.org.html
links 127.0.0.1/cband-status (this is only accessible from popelin itself
and on nettlaus nagios

Changelogs

Whenever you do something on the server, please complete the appropriate Changelog! It's in /root/Changelog But if you want to keep track of modifications on your config of your local imc, please use something like /root/changelog/changelog.antwerpen Eventually you will want to send that info to your collective, so adapt the metche config appropriately.

Adding a shell user

Create user

sudo adduser -m USER

Give him/her a strong password (for example, use the pwgen program to generate it), and paste it in ~USER/rand. This will be used for sudo only, since password login will be disabled (only pubkey ssh login allowed).

Add him/her to the correct group : sudo adduser USER cemab

Create /home/USER/.ssh owned by USER:USER, with permissions 700. Copy USER's public ssh key into /home/USER/.ssh/authorized_keys, taking care to give this file 600 permissions and USER:USER as owner. The key must be 1 line, starting with ssh-dss(DSA) or ssh-rsa(RSA) spatie hex-code ending with == comment.

Sudo

sudo visudo Only use visudo for this! That locks the file properly and checks for syntaxerrors etc...

Depending on what the user needs to do, give him/her :

• either full sudo rights : USER   ALL=(ALL) ALL
• or nothing at all.
• maybe we want some other restricted sudo too??

Email

Popelin sends out tls (to be checked) metche reports and root mails to all the sysadmins. Changelog@localhost is an alias.

Warning : this email address will receive sensitive information ; therefore it has use TLS end-to-end, ie. :

• hosted on a mailserver speaking TLS with indymedia's mail server
• fetched/read with imaps / pop3s

ToDoList

• monitor total bandwidth over ethernet. I suggest with cricket/rrdtool
• upgrade sf-active to current cvs?
• try to limit memory footprint of apache
• ...