http://wiki.boochtek.com/ 2010-03-10T08:44:13-06:00 http://wiki.boochtek.com/ http://wiki.boochtek.com/lib/images/favicon.ico text/html 2010-03-03T15:33:59-06:00 http://wiki.boochtek.com/wiki/syntax?rev=1267652039&do=diff doku>DokuWiki supports some simple markup language, which tries to make the datafiles to be as readable as possible. This page contains all possible syntax you may use when editing the pages. Simply have a look at the source of this page by pressing the Edit this page button at the top or bottom of the page. If you want to try something, just use the playground page. The simpler markup is easily accessible via quickbuttons, too. text/html 2010-03-03T15:33:08-06:00 http://wiki.boochtek.com/build/misc?rev=1267651988&do=diff Here's where we'll document the installation of miscellaneous small software packages. Note that some of these packages may get installed during the installation of the OS, depending on the revision and the options selected. Packages that we've seen get installed include mailx, lsof, less, w3m, telnet, bc, file, nano, and at. text/html 2010-03-03T15:15:13-06:00 http://wiki.boochtek.com/build?rev=1267650913&do=diff * todo * debian * sudo * firewall * ssh * postfix (outbound only) * misc * security (SSL certificates) * dns * ntp * apache * wiki * mysql * wordpress * rails * backups * logging * monitoring * webmail * cms text/html 2010-03-03T15:12:18-06:00 http://wiki.boochtek.com/build/firewall?rev=1267650738&do=diff I decided to go with Shorewall, which is fairly standard. Shorewall also has the advantage that we don't need to provide the IP addresses of the system -- it determines them dynamically. So when we change IP addresses, we don't have to re-configure the firewall. text/html 2010-03-03T15:12:00-06:00 http://wiki.boochtek.com/build/backups?rev=1267650720&do=diff Like any system admins, we need to ensure that we have good backups. Our systems do not have tape backup devices, and it's easy to rebuild the OS, so we're just backing up our data and config files across the network via rsync tunneled through SSH. text/html 2010-03-03T15:11:32-06:00 http://wiki.boochtek.com/build/debian?rev=1267650692&do=diff These instructions document the configuration of Debian 5.0 on our servers. Since this is a SliceHost image, the base OS comes pre-installed. These docs consider the configuration required after the base installation. Package Selection We started with a minimal ("netinst") installation, with only a few packages installed. We will install all the required packages manually. This provides some added security, as we've minimized our attack surface to only the applications we actually need. text/html 2010-03-03T15:11:16-06:00 http://wiki.boochtek.com/build/postfix?rev=1267650676&do=diff We chose Postfix due to its modern design and security record. It also has a license that we can live with more easily than qmail. Installation The default MTA in Debian is EXIM. In the default install the log rotation is already configured in /etc/cron.daily for EXIM, so remove the script text/html 2010-03-03T15:10:58-06:00 http://wiki.boochtek.com/build/sudo?rev=1267650658&do=diff The sudo command allows a user to run a command as root (or some other user). It has several benefits over su. It has a configuration file that can be used to restrict who has access, and what commands they have access to. It can be configured to not require (certain) users to enter root's password. It is also used to run individual commands, instead of giving the person a full shell command-line environment. text/html 2010-03-03T15:10:40-06:00 http://wiki.boochtek.com/build/apache?rev=1267650640&do=diff These instructions document the installation and configuration of Apache 2.2 on our Debian 4.0 system. We chose Apache 2 primarily due to its simpler SSL configuration. It also seems to be the preferred version in Debian now. Requirements Apache doesn't need much itself. However, the configuration we plan to use does require several components. We're assuming that some of our web pages will require Perl, PHP, Python, MySQL, and possibly PostgreSQL. text/html 2010-03-03T15:10:11-06:00 http://wiki.boochtek.com/build/dns?rev=1267650611&do=diff We are running a caching name server on the server, bound to the loopback interface only. We decided to use bind 9, as it is well supported now. (Note that Debian's default is bind 8, if you just say "bind".) We also decided to put it into a chroot jail, as it's pretty simple to do and well-documented. This will protect us from most bind and DNS exploits. text/html 2010-03-03T15:09:44-06:00 http://wiki.boochtek.com/build/logging?rev=1267650584&do=diff Log configuration, reports, etc. Configuration /etc/default/klogd Turn off console messages for lower priority messages. (This method is deprecated; we're also using the sysctl method.) sed -i -e 's/^KLOGD.*$/KLOGD="-x -c 5"/' /etc/default/klogd text/html 2010-03-03T15:09:21-06:00 http://wiki.boochtek.com/build/todo?rev=1267650561&do=diff * Backup scripts * Verify * Copy off-site * Delete old backups on some set schedule * Perhaps move to some backup package * Config files * Make sure everything is in place. * Make them web accessible -- probably on dotfiles.org site. text/html 2010-03-03T15:08:15-06:00 http://wiki.boochtek.com/build/monitoring?rev=1267650495&do=diff This page documents our monitoring and alerting scripts. Munin Munin does not do any alerting, but pulls system data periodically and displays it in RRDTools graphs. Munin comes in 2 pieces: munin and munin-node. The munin-node part is a daemon that gathers the data, and the munin part runs via cron, and aggregates the data from multiple munin daemons running on various systems. text/html 2010-03-03T15:07:48-06:00 http://wiki.boochtek.com/build/wiki?rev=1267650468&do=diff These instructions detail how to install DokuWiki on our Debian GNU/Linux system. We're currently running the 2009-12-25 version of DokuWiki. Requirements * Apache * PHP 5.1.2+ * PHP's GD extension with libGD 2 is recommended but not required text/html 2010-03-03T15:06:17-06:00 http://wiki.boochtek.com/home?rev=1267650377&do=diff This is a new wiki, that we'll use for internal purposes.