Latest revision |
Your text |
Line 29: |
Line 29: |
| * Greylisting daemon (Postgrey) | | * Greylisting daemon (Postgrey) |
| * Fail2ban - could maybe use denyhosts instead | | * Fail2ban - could maybe use denyhosts instead |
− | * Aide - could be used for intrusion detection
| |
| | | |
| === Support lifetime === | | === Support lifetime === |
Line 76: |
Line 75: |
| |mediawiki | | |mediawiki |
| |T 1.19<sup>EPEL</sup> | | |T 1.19<sup>EPEL</sup> |
− | |~ | + | |? |
| |B 1.19 | | |B 1.19 |
| |A 1.19 | | |A 1.19 |
Line 87: |
Line 86: |
| |- | | |- |
| |infobot | | |infobot |
− | |~
| |
| |~ | | |~ |
| + | |? (not B or A) |
| |? (not B or A) | | |? (not B or A) |
| |~ | | |~ |
Line 94: |
Line 93: |
| |tt-rss | | |tt-rss |
| |~ | | |~ |
− | |~ | + | |? (not B or A) |
| |? (not B or A) | | |? (not B or A) |
| |A 1.11 | | |A 1.11 |
Line 148: |
Line 147: |
| |fail2ban | | |fail2ban |
| |T 0.8.7<sup>rf</sup>, 0.8.11<sup>EPEL</sup> | | |T 0.8.7<sup>rf</sup>, 0.8.11<sup>EPEL</sup> |
− | |T 0.9<sup>EPEL</sup>, 0.8.7<sup>rf</sup> | + | |T 0.8.7<sup>rf</sup> |
| |B 0.8.6 | | |B 0.8.6 |
| |A 0.8.11 | | |A 0.8.11 |
Line 157: |
Line 156: |
| |B 2.6 | | |B 2.6 |
| |[https://launchpad.net/ubuntu/trusty/amd64/denyhosts ~] | | |[https://launchpad.net/ubuntu/trusty/amd64/denyhosts ~] |
− | |-
| |
− | |aide
| |
− | |B 0.14
| |
− | |B 0.15.1
| |
− | |?
| |
− | |0.16a2
| |
| |} | | |} |
| | | |
Line 172: |
Line 165: |
| == Migration steps == | | == Migration steps == |
| | | |
− | * <strike>Obtain [https://library.linode.com/networking/ipv6#sph_ipv6-address-pools IPv6 address pool] from Linode (support ticket needed)</strike>
| + | Put some stuff here. |
− | ** <strike>/etc/sysconfig/network-scripts/ifcfg-eth0 edited, reboot needed to apply - 2600:3c02:e000:0047::2/64 assigned</strike>
| + | |
− | * <strike>Explore what software to use to help harden up the installation (fail2ban, etc.)</strike> ''Decided to use fail2ban-firewalld''
| + | |
− | * <strike>Deploy new CentOS 7 instance</strike>
| + | |
− | * (optional) Set up [https://library.linode.com/remote-access#sph_adding-private-ip-addresses private IPv4 addresses] for transfer between old and new VPS (avoids bandwidth charges)
| + | |
− | * <strike>Set up SSH (edit sshd_config to tighten up security)</strike>
| + | |
− | * <strike>Migrate current users to new server</strike>
| + | |
− | * <strike>Ensure NTP is running, and set timezone to EDT</strike>
| + | |
− | * <strike>Set up the firewall (either using firewalld, or else [https://fedoraproject.org/wiki/FirewallD?rd=FirewallD/#Using_static_firewall_rules_with_the_iptables_and_ip6tables_services installing iptables and using the old rules])</strike>
| + | |
− | * <strike>Install Apache, and edit httpd.conf appropriately</strike>
| + | |
− | * <strike>Install PHP, edit php.ini appropriately, and make sure all needed modules are installed</strike>
| + | |
− | * <strike>Install MariaDB, add appropriate user(s)/permissions, and edit my.cnf appropriately</strike>
| + | |
− | * <strike>Install/configure Postgrey</strike>
| + | |
− | * <strike>Install/configure Postfix</strike>
| + | |
− | * <strike>Install/configure Mailman</strike>
| + | |
− | ** <strike>archives copied over</strike>
| + | |
− | * <strike>Install/configure monkeybot</strike>
| + | |
− | * <strike>Install/configure Tiny Tiny RSS</strike>
| + | |
− | * <strike>Migrate any other files that must be moved</strike>
| + | |
− | * <strike>Export current MySQL and import into new MariaDB (be sure to dump/restore final DB before switchover...)</strike>
| + | |
− | * <strike>Install/configure MediaWiki</strike>
| + | |
− | * <strike>Set up repeating jobs (log rotation, etc.) via systemd/cron</strike>
| + | |
− | ** <strike>Copy over 'at' job to remind about domain registration expiration</strike>
| + | |
− | ** <strike>Migrate over monkeybot cron jobs</strike> ''Waiting to see if logrotate runs overnight, as we are not sure that run-parts is being run by anything on the new system.''
| + | |
− | ** <strike>Configure log rotation</strike>
| + | |
− | * <strike>Cut over DNS (or [https://library.linode.com/remote-access#sph_swapping-ip-addresses swap IPv4 addresses])</strike>
| + | |
− | * Other steps not mentioned above
| + | |
| | | |
| === Nice-to-haves === | | === Nice-to-haves === |
| | | |
| We have an archive of static web pages from the pre-2007 server "penguin" - it would be nice to make this history available somehow. | | We have an archive of static web pages from the pre-2007 server "penguin" - it would be nice to make this history available somehow. |
− | $9/year Comodo SSL certificate through Namecheap: [https://www.namecheap.com/security/ssl-certificates/comodo.aspx]
| |
| | | |
− | === Installation Notes ===
| |
− | [https://www.centos.org/forums/viewtopic.php?f=48&t=47284 Installing fail2ban on CentOS 7]
| |
| | | |
| [[Category:Migration]] | | [[Category:Migration]] |