2011-11-15



More server setup work.

Installed backups of /var/* and mysql dumps onto the same system.
Offline  backups are still missing.  The backups are triggered by
cron.  The mysql dump is put into a mercurial  repo,  hence  only
deltas are stored.

/etc is now version controlled with `etckeeper'.

For  monitoring,  I  installed  and  configured  `logcheck'   and
`swatch'.  I also installed the useful `checksecurity' package.

`netstat -plant' is in the English speaking world a  common  call
to  check for open ports. Unfortunately, it misses the `u', which
`netstat -tulpen' (the German  couterpart)  includes.  Hence  UDP
isn't  listed.  Today, I limited a UDP port, controlled by inetd,
to localhost. You better double-check.

The ``Securing Debian Howto'' [0] is a great resource.



Also dug into the masqmail issue, which Pierre Frenkiel reported.
I  could  discover  the problem and found out, that I had already
solved it [1] three weeks ago in the development code. If you run
version  0.3.3  or 0.3.2, you better switch to current tip, which
you can get from hg.marmaro.de.  Explanations of the problem  can
be found on the mailing list (via Gmane).

[0]  http://www.debian.org/doc/manuals/securing-debian-howto/
[1]  http://hg.marmaro.de/masqmail/rev/b0708fac99dd


http://marmaro.de/lue/        markus schnalke <meillo@marmaro.de>