The Doctor's to-do list: Difference between revisions
From HacDC Wiki
No edit summary |
No edit summary |
||
Line 3: | Line 3: | ||
In no particular order, this is the stuff I want to accomplish over Labor Day weekend: | In no particular order, this is the stuff I want to accomplish over Labor Day weekend: | ||
* <strike>[http://carroll.cac.psu.edu/pub/linux/distributions/slackware/slackware-13.37/slackware/n/ Official Slackware g package]</strike> | |||
** Default webroot is /srv/httpd/htdocs. | ** Default webroot is /srv/httpd/htdocs. | ||
** Will need to rework module to clear out /var/www. We won't need that stuff. | ** Will need to rework module to clear out /var/www. We won't need that stuff. | ||
** Custom config files are a given. I guess this pushes us back to using separate config files for each app. | ** Custom config files are a given. I guess this pushes us back to using separate config files for each app. | ||
** Comment out authn*, authz*, dumpio_module, ldap_module, usertrack_module, proxy*, dav_module, status_module, cgi_module, status_module, cgi_module, dav_fs_module, vhost_alias_module, imagemap_module, userdir_module in /etc/httpd/httpd.conf. | ** Comment out authn*, authz*, dumpio_module, ldap_module, usertrack_module, proxy*, dav_module, status_module, cgi_module, status_module, cgi_module, dav_fs_module, vhost_alias_module, imagemap_module, userdir_module in /etc/httpd/httpd.conf. | ||
** Uncomment ssl_module. | ** <strike>Uncomment ssl_module.</strike> | ||
** Disable logging when everything is working. | ** Disable logging when everything is working. | ||
** Delete /srv/httpd/cgi-bin? | ** Delete /srv/httpd/cgi-bin? | ||
** Look into setting up [http://core.segfault.pl/~hobbit/mod_chroot/ mod_chroot]. There is an package on [http://slackbuilds.org/repository/13.37/network/mod_chroot/ slackbuilds.org] that could be built and converted. | ** Look into setting up [http://core.segfault.pl/~hobbit/mod_chroot/ mod_chroot]. There is an package on [http://slackbuilds.org/repository/13.37/network/mod_chroot/ slackbuilds.org] that could be built and converted. | ||
** Look into setting up [http://slackbuilds.org/repository/13.37/network/mod_evasive/ mod_evasive]. It's an anti-DoS, anti-bruteforce module. | ** Look into setting up [http://slackbuilds.org/repository/13.37/network/mod_evasive/ mod_evasive]. It's an anti-DoS, anti-bruteforce module. | ||
* [http://carroll.cac.psu.edu/pub/linux/distributions/slackware/slackware-13.37/slackware/n/php-5.3.6-i486-6.txzx Official Slackware PHP package.] | * [http://carroll.cac.psu.edu/pub/linux/distributions/slackware/slackware-13.37/slackware/n/php-5.3.6-i486-6.txzx Official Slackware PHP package.] | ||
Line 59: | Line 20: | ||
* Write a web app for the control panel that | * Write a web app for the control panel that | ||
** store its configuration in a database | ** store its configuration in a database | ||
** move sub-config files for | ** move sub-config files for Apache that represent PHP apps into and out of the /etc/httpd/enabled_apps directory | ||
** force | ** force Apache to reload its config files every time an app is (de-)configured | ||
* <strike>Write an initscript that</strike> | * <strike>Write an initscript that</strike> | ||
** <strike>checks for the presence of a node's SSL cert in /etc/ | ** <strike>checks for the presence of a node's SSL cert in /etc/httpd</strike> | ||
** <strike>terminates if one is found</strike> | ** <strike>terminates if one is found</strike> | ||
* Set Porteus up to set its hostname to the IPv6 address of the primary wireless interface of the node. | * Set Porteus up to set its hostname to the IPv6 address of the primary wireless interface of the node. | ||
* Write a PHP app that | * Write a PHP app that | ||
** displays a "Hello, User!" message | ** displays a "Hello, User!" message | ||
** displays links to apps hosted on the node which happen to be active | ** displays links to apps hosted on the node which happen to be active | ||
** removes links to apps hosted on the node that are deactivated | ** removes links to apps hosted on the node that are deactivated | ||
*** I don't know PHP... can we find someone who does? | *** I don't know PHP... can we find someone who does? Brad? | ||
*** Would have to reference the SQLite database which keeps track of the active and inactive web apps and modifies the output accordingly | *** Would have to reference the SQLite database which keeps track of the active and inactive web apps and modifies the output accordingly | ||
** has to be mobile-friendly | ** has to be mobile-friendly | ||
* Install crypto.cat on my development instance | * Install crypto.cat on my development instance | ||
** <strike>requires PHP</strike> | ** <strike>requires PHP</strike> | ||
** will need its UI tweaked to be more mobile-friendly | ** will need its UI tweaked to be more mobile-friendly | ||
** Create a crypto.cat Porteus package and check it into SVN | ** Create a crypto.cat Porteus package and check it into SVN | ||
* Install etherpad-lite on my development instance | * Install etherpad-lite on my development instance | ||
** [http://slackbuilds.org/repository/13.37/network/node/ requires node.js, for which there exists a Slackpack] | ** [http://slackbuilds.org/repository/13.37/network/node/ requires node.js, for which there exists a Slackpack] | ||
*** build a Slackpack of node.js, convert into Porteus package, check everything into SVN | *** build a Slackpack of node.js, convert into Porteus package, check everything into SVN | ||
** write an initscript that can start up crypto.cat when called | ** write an initscript that can start up crypto.cat when called by the control panel | ||
** will have to be controlled by the control panel, store its configuration in a database | ** will have to be controlled by the control panel, store its configuration in a database | ||
** write a sub-config file for | ** write a sub-config file for Apache that passes through the /pad URL to localhost:9001 | ||
** requires [http://npmjs.org NPM] | ** requires [http://npmjs.org NPM] | ||
*** that will need to be packaged and checked in separately, I think. | *** that will need to be packaged and checked in separately, I think. | ||
Line 92: | Line 54: | ||
** really should run as an unprivileged user | ** really should run as an unprivileged user | ||
** really should listen on the loopback interface only | ** really should listen on the loopback interface only | ||
** pay attention to the [https://github.com/Pita/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy reverse-proxy howto] | ** pay attention to the [https://github.com/Pita/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy reverse-proxy howto] | ||
** have to start it by hand a few times to figure out how to automate and package it | ** have to start it by hand a few times to figure out how to automate and package it | ||
* install status.net on my development instance | * install status.net on my development instance | ||
** <strike>requires PHP, MySQL</strike> | ** <strike>requires PHP, MySQL</strike> | ||
** <strike>PHP must have support for Curl, XMLwriter, MySQL, GD, mbstring, gettext (all required for status.net), SQLite (to read configuration databases)</strike> | ** <strike>PHP must have support for Curl, XMLwriter, MySQL, GD, mbstring, gettext (all required for status.net), SQLite (to read configuration databases)</strike> | ||
** will need to pre-configure it for security and usability | ** will need to pre-configure it for security and usability | ||
** need to make the mobile skin the default and erase the others to free up disk space | ** need to make the mobile skin the default and erase the others to free up disk space | ||
** will need to write a sub-config file for | ** <strike>will need to write a sub-config file for Apache</strike> | ||
** configure for longer messages - 560 characters? | ** <strike>configure for longer messages - 560 characters?</strike> | ||
** configure to make it easy to set up accounts on a node - no e-mail verification | ** configure to make it easy to set up accounts on a node - no e-mail verification | ||
** enable image upload and display | ** enable image upload and display | ||
* Write a dependency manager for apps | * Write a dependency manager for apps | ||
** some web apps require MySQL, some don't | ** some web apps require MySQL, some don't | ||
** only start MySQL if it's not running already for the ones that don't | ** only start MySQL if it's not running already for the ones that don't | ||
* Write a web app that (de-)configures gateway mode for babeld. I think it's a matter of pushing a route to 0.0.0.0 or not, have to read up on it. | * Write a web app that (de-)configures gateway mode for babeld. I think it's a matter of pushing a route to 0.0.0.0 or not, have to read up on it. | ||
* <strike>Installed the pre-converted MySQL Porteus package from the distro-download archive.</strike> | * <strike>Installed the pre-converted MySQL Porteus package from the distro-download archive.</strike> | ||
** Need to pre-configure MySQL for small-ish systems | ** Need to pre-configure MySQL for small-ish systems | ||
Line 116: | Line 77: | ||
** Change the default password to something else. | ** Change the default password to something else. | ||
** Need to pre-create accounts, databases for all web apps and give them strong passwords. They need to be ready to go when they're started up. | ** Need to pre-create accounts, databases for all web apps and give them strong passwords. They need to be ready to go when they're started up. | ||
* Harden /etc/sysctl.conf! | * Harden /etc/sysctl.conf! |
Revision as of 20:42, 17 September 2011
Stuff will be stricken out as I finish it. If anyone wants to jump in and help me with this, by all means do so, just put your initials at the end so I know who did what.
In no particular order, this is the stuff I want to accomplish over Labor Day weekend:
Official Slackware g package- Default webroot is /srv/httpd/htdocs.
- Will need to rework module to clear out /var/www. We won't need that stuff.
- Custom config files are a given. I guess this pushes us back to using separate config files for each app.
- Comment out authn*, authz*, dumpio_module, ldap_module, usertrack_module, proxy*, dav_module, status_module, cgi_module, status_module, cgi_module, dav_fs_module, vhost_alias_module, imagemap_module, userdir_module in /etc/httpd/httpd.conf.
Uncomment ssl_module.- Disable logging when everything is working.
- Delete /srv/httpd/cgi-bin?
- Look into setting up mod_chroot. There is an package on slackbuilds.org that could be built and converted.
- Look into setting up mod_evasive. It's an anti-DoS, anti-bruteforce module.
- Official Slackware PHP package.
- php.ini - need to turn log_errors, ignore_repeated_errors off.
- Look through the list of extensions in php.ini and turn all of the unnecessary ones off.
- calendar, ldap.
- Is SQLite enabled? Check on this.
- calendar, ldap.
- Write a web app for the control panel that
- store its configuration in a database
- move sub-config files for Apache that represent PHP apps into and out of the /etc/httpd/enabled_apps directory
- force Apache to reload its config files every time an app is (de-)configured
Write an initscript thatchecks for the presence of a node's SSL cert in /etc/httpdterminates if one is found
- Set Porteus up to set its hostname to the IPv6 address of the primary wireless interface of the node.
- Write a PHP app that
- displays a "Hello, User!" message
- displays links to apps hosted on the node which happen to be active
- removes links to apps hosted on the node that are deactivated
- I don't know PHP... can we find someone who does? Brad?
- Would have to reference the SQLite database which keeps track of the active and inactive web apps and modifies the output accordingly
- has to be mobile-friendly
- Install crypto.cat on my development instance
requires PHP- will need its UI tweaked to be more mobile-friendly
- Create a crypto.cat Porteus package and check it into SVN
- Install etherpad-lite on my development instance
- requires node.js, for which there exists a Slackpack
- build a Slackpack of node.js, convert into Porteus package, check everything into SVN
- write an initscript that can start up crypto.cat when called by the control panel
- will have to be controlled by the control panel, store its configuration in a database
- write a sub-config file for Apache that passes through the /pad URL to localhost:9001
- requires NPM
- that will need to be packaged and checked in separately, I think.
- run it in verbose mode to keep an eye on it
- if it installs more stuff, we should bundle the whole mess into the NPM Porteus package
- really should run as an unprivileged user
- really should listen on the loopback interface only
- pay attention to the reverse-proxy howto
- have to start it by hand a few times to figure out how to automate and package it
- requires node.js, for which there exists a Slackpack
- install status.net on my development instance
requires PHP, MySQLPHP must have support for Curl, XMLwriter, MySQL, GD, mbstring, gettext (all required for status.net), SQLite (to read configuration databases)- will need to pre-configure it for security and usability
- need to make the mobile skin the default and erase the others to free up disk space
will need to write a sub-config file for Apacheconfigure for longer messages - 560 characters?- configure to make it easy to set up accounts on a node - no e-mail verification
- enable image upload and display
- Write a dependency manager for apps
- some web apps require MySQL, some don't
- only start MySQL if it's not running already for the ones that don't
- Write a web app that (de-)configures gateway mode for babeld. I think it's a matter of pushing a route to 0.0.0.0 or not, have to read up on it.
Installed the pre-converted MySQL Porteus package from the distro-download archive.- Need to pre-configure MySQL for small-ish systems
- Need to pre-harden MySQL
- Change the default password to something else.
- Need to pre-create accounts, databases for all web apps and give them strong passwords. They need to be ready to go when they're started up.
- Harden /etc/sysctl.conf!