The Doctor's to-do list
From HacDC Wiki
Stuff will be stricken out as I finish it. If anyone wants to jump in and help me with this, by all means do so, just put your initials at the end so I know who did what.
In no particular order, this is the stuff I want to accomplish over Labor Day weekend:
Official Slackware g packageDefault webroot is /srv/httpd/htdocs.- Will need to rework module to clear out /var/www. We won't need that stuff.
- Custom config files are a given. I guess this pushes us back to using separate config files for each app.
- Comment out authn*, authz*, dumpio_module, ldap_module, usertrack_module, proxy*, dav_module, status_module, cgi_module, status_module, cgi_module, dav_fs_module, vhost_alias_module, imagemap_module, userdir_module in /etc/httpd/httpd.conf.
Uncomment ssl_module.- Disable logging when everything is working.
/srv/httpd and /srv/www are symlinks to /var/www. Oh, well.- Look into setting up mod_chroot. There is an package on slackbuilds.org that could be built and converted.
- Look into setting up mod_evasive. It's an anti-DoS, anti-bruteforce module.
Official Slackware PHP package.- php.ini - need to turn log_errors, ignore_repeated_errors off.
- Look through the list of extensions in php.ini and turn all of the unnecessary ones off.
- calendar, ldap.
- Is SQLite enabled? Check on this.
- calendar, ldap.
- Write a web app for the control panel that
- store its configuration in a database
- move sub-config files for Apache that represent PHP apps into and out of the /etc/httpd/enabled_apps directory
- force Apache to reload its config files every time an app is (de-)configured
Write an initscript thatchecks for the presence of a node's SSL cert in /etc/httpdterminates if one is found
- Set Porteus up to set its hostname to the IPv6 address of the primary wireless interface of the node.
- Write a PHP app that
- displays a "Hello, User!" message
- displays links to apps hosted on the node which happen to be active
- removes links to apps hosted on the node that are deactivated
- I don't know PHP... can we find someone who does? Brad?
- Would have to reference the SQLite database which keeps track of the active and inactive web apps and modifies the output accordingly
- has to be mobile-friendly
Install crypto.cat on my development instancerequires PHP- will need its UI tweaked to be more mobile-friendly
- Create a crypto.cat Porteus package and check it into SVN
- index.php needs to be edited to remove the 'donate' DIV. Nothing personal, Kaepora, but we need to keep external links to a minimum because Byzantium meshes will probably be isolated from the global Net most of the time.
Change the default names in index.php into something more generic.- Figure out where chats (value of $data, defaulting to /srv/data) are when that directory doesn't exist (it doesn't in my development VM) and either make it impossible for chat data to be cached to disk or write a daemon that shreds files older than 10 minutes or so for security.
- Install etherpad-lite on my development instance
- requires node.js, for which there exists a Slackpack
- build a Slackpack of node.js, convert into Porteus package, check everything into SVN
- write an initscript that can start up crypto.cat when called by the control panel
- will have to be controlled by the control panel, store its configuration in a database
- write a sub-config file for Apache that passes through the /pad URL to localhost:9001
- requires NPM
- that will need to be packaged and checked in separately, I think.
- run it in verbose mode to keep an eye on it
- if it installs more stuff, we should bundle the whole mess into the NPM Porteus package
- really should run as an unprivileged user
- really should listen on the loopback interface only
- pay attention to the reverse-proxy howto
- have to start it by hand a few times to figure out how to automate and package it
- requires node.js, for which there exists a Slackpack
install status.net on my development instancerequires PHP, MySQLPHP must have support for Curl, XMLwriter, MySQL, GD, mbstring, gettext (all required for status.net), SQLite (to read configuration databases)- will need to pre-configure it for security and usability
- Need to hack the mnml theme to be more mobile friendly.
- Delete the unneeded themes and add-ons to save space, reduce potential attack surface.
- Add-ons are not enabled by default. To turn one on you have to manually edit config.php and add lines for each one. This is moderately safe. Consider making config.php read-only with instructions for editing it later?
will need to write a sub-config file for Apacheconfigure for longer messages - 560 characters?- configure to make it easy to set up accounts on a node - no e-mail verification
- enable image upload and display
- There is a subtle problem: the hostname of the node ($config['site']['server'] = 'name of node here';) must be set correctly in config.php for themes to display properly. However, this requires that the clients have working DNS, which means three things:
- DNS (dnsmasq) must be functional on the node.
- Clients must have hostnames configured by the node.
- Clients must have DNS configured as the node it got its information from so that hostnames can be resolved properly.
- Write a dependency manager for apps
- some web apps require MySQL, some don't
- only start MySQL if it's not running already for the ones that don't
- Write a web app that (de-)configures gateway mode for babeld. I think it's a matter of pushing a route to 0.0.0.0 or not, have to read up on it.
Installed the pre-converted MySQL Porteus package from the distro-download archive.- Need to pre-configure MySQL for small-ish systems
- Need to pre-harden MySQL
- Change the default password to something else.
- Need to pre-create accounts, databases for all web apps and give them strong passwords. They need to be ready to go when they're started up.
- Harden /etc/sysctl.conf!