Metalab Services: Unterschied zwischen den Versionen

aus Metalab, dem offenen Zentrum für meta-disziplinäre Magier und technisch-kreative Enthusiasten.
Wechseln zu: Navigation, Suche
(Things that need to be done: +Documentation and Testing)
(List of Services: arghl)
Zeile 13: Zeile 13:
  
  
== List of Services ==
+
== Existing Services ==
 
* Website: http(80)/https(443) metalab.at (www.metalab.at)
 
* Website: http(80)/https(443) metalab.at (www.metalab.at)
 
* Website: http(80)/https(443) lists.metalab.at
 
* Website: http(80)/https(443) lists.metalab.at
Zeile 19: Zeile 19:
 
* Incoming Email: SMTP(25) mail.metalab.at (MX 10)
 
* Incoming Email: SMTP(25) mail.metalab.at (MX 10)
 
* Outgoing Email: SMTP(25)
 
* Outgoing Email: SMTP(25)
* ANY POP(110, 995) or IMAP(143, 993) Services?
+
 
* Any Submission Services? (587)
+
== Web-Apps and -Services ==
 
* MediaWiki [https://metalab.at/wiki/|Metalab Wiki]
 
* MediaWiki [https://metalab.at/wiki/|Metalab Wiki]
 
* Trac [https://metalab.at/issues|Issue Tracker]
 
* Trac [https://metalab.at/issues|Issue Tracker]
 +
* WEL-Labelz
  
 +
== Broken Web-Apps and Services to be removed ==
 +
* enki ???
 +
* metasense
 +
* awstats
 +
* svn
 +
* convergence
 +
* webalizer
 +
 +
== Whishlist (Services Not Currently Active) ==
 +
* Any Submission Services? (587)
 +
- against [[Benutzer:hop]]
 +
* POP(110, 995) or IMAP(143, 993) Services?
 +
- against [[Benutzer:hop]]
  
 
Anything missing? Please [https://metalab.at/wiki/index.php?title=Metalab_Services&action=edit&section=1 add] it!
 
Anything missing? Please [https://metalab.at/wiki/index.php?title=Metalab_Services&action=edit&section=1 add] it!
Zeile 30: Zeile 44:
 
=== Things that need to be done ===
 
=== Things that need to be done ===
 
* Document all changes, updates, etc.
 
* Document all changes, updates, etc.
 +
- Changes are currently documented to the best of our ability. Anyone suggesting a "better way" will have to demonstrate the magical power of changing people's behaviour(tm) first
 
* Update Apache to 2.2.26 (current as of 2013-11-19) or switch to nginx
 
* Update Apache to 2.2.26 (current as of 2013-11-19) or switch to nginx
 +
- Why??? [[Benutzer:hop]]
 
* Update to eJabberd 13.10 (current as of 2013-11-19) or switch to prosody
 
* Update to eJabberd 13.10 (current as of 2013-11-19) or switch to prosody
 
* Check ALL the Certificates for ALL the services. Acquire certificates for services that do not yet have one. (Basically do not host any unencrypted services anymore)
 
* Check ALL the Certificates for ALL the services. Acquire certificates for services that do not yet have one. (Basically do not host any unencrypted services anymore)
Zeile 36: Zeile 52:
 
* Discuss the use of ECC as the only widely implemented curves are known and deliberately weakened curves specified by NIST. (secp256r1, secp385r1). [[User:Pepi|Pepi]] recommends not to use ECC if possible but provide (p)fs by using EDH.
 
* Discuss the use of ECC as the only widely implemented curves are known and deliberately weakened curves specified by NIST. (secp256r1, secp385r1). [[User:Pepi|Pepi]] recommends not to use ECC if possible but provide (p)fs by using EDH.
 
* Update Mediawiki to the current release
 
* Update Mediawiki to the current release
 +
- WTF are you on about? We are tracking git and missing _one_ point release that has no security relevant changes. [[Benutzer:hop]]
 
* Update Trac to the current release
 
* Update Trac to the current release
 
* Check validity of ALL certificates and set up reminders to renew them. Find at least two persons who are volunteering to take care of that as well!
 
* Check validity of ALL certificates and set up reminders to renew them. Find at least two persons who are volunteering to take care of that as well!

Version vom 19. November 2013, 14:09 Uhr

Language: English



Metalab Services
Metalab Atomic ASCII.png

Gestartet:

2013-11-18

Involvierte:

Pepi

Status:

in progress

Beschreibung:

Fixing, Securing and updating Metalab Services

Zuletzt aktualisiert:

21.01.2013



Existing Services

  • Website: http(80)/https(443) metalab.at (www.metalab.at)
  • Website: http(80)/https(443) lists.metalab.at
  • XMPP/Jabber: xmpp(5222, 5223, 5269, 7777) jabber.metalab.at (also hosts jabber.hackerspaces.org)
  • Incoming Email: SMTP(25) mail.metalab.at (MX 10)
  • Outgoing Email: SMTP(25)

Web-Apps and -Services

Broken Web-Apps and Services to be removed

  • enki ???
  • metasense
  • awstats
  • svn
  • convergence
  • webalizer

Whishlist (Services Not Currently Active)

  • Any Submission Services? (587)
- against Benutzer:hop
  • POP(110, 995) or IMAP(143, 993) Services?
- against Benutzer:hop

Anything missing? Please add it!


Things that need to be done

  • Document all changes, updates, etc.
- Changes are currently documented to the best of our ability. Anyone suggesting a "better way" will have to demonstrate the magical power of changing people's behaviour(tm) first
  • Update Apache to 2.2.26 (current as of 2013-11-19) or switch to nginx
- Why??? Benutzer:hop
  • Update to eJabberd 13.10 (current as of 2013-11-19) or switch to prosody
  • Check ALL the Certificates for ALL the services. Acquire certificates for services that do not yet have one. (Basically do not host any unencrypted services anymore)
  • Provide forward secrecy for all services by using modern ciphers (EDH)
  • Discuss the use of ECC as the only widely implemented curves are known and deliberately weakened curves specified by NIST. (secp256r1, secp385r1). Pepi recommends not to use ECC if possible but provide (p)fs by using EDH.
  • Update Mediawiki to the current release
- WTF are you on about? We are tracking git and missing _one_ point release that has no security relevant changes. Benutzer:hop
  • Update Trac to the current release
  • Check validity of ALL certificates and set up reminders to renew them. Find at least two persons who are volunteering to take care of that as well!
  • Get certificates for services that lack encryption
  • Add SRV Records to DNS for Jabber/XMPP Server federation and Clients discovery
  • Add SPF/TXT Records to DNS for Email
  • Do TLSA records make any sense without DNSSec?
  • Test all the services, document how to test them
  • Test all the security things, document how to test them