Sysadmin grodoudou install 07 06 2012 - Seizam/seizamcore GitHub Wiki

Sysadmin grodoudou install 07 06 2012

• Made by : yannouk
• Date: 07/06/2012
• Currently applied on : grodoudou
• This installation has been performed on 07/06/2012 and 08/06/2012

• Install operating system using OVH web interface :
  • Format all diskdrives ( 2 x 2TB HDDs running in RAID mirroring mode: 2 TB space available)
    • 20 GB, ext3, /
    • 60 GB, ext3, /var
    • 1.7 TB, ext3, /var/szfiles
    • 200 GB, ext3, /mnt/backups
    • 20 GB, swap
  • Set Bedhed and Yannouk RSA public key as allowed for root ssh connexion (removed later)
  • Install Debian 64 bits (OVH install)
• Install shlog
  • shlog is only available with root user account
• Add users Bedhed, Olbat and Yannouk with their SSH keys + Configure SSH deamon
  • Uses default port 22 (mandatory to keep OVH root access, filtered with firewall so that only OVH can connect)
  • Uses port 65422 (public SSHd access)
  • Only accepts connexion using SSH keys (bedhed, olbat, yannouk and ovhroot) : no password authentification (PAM)
• Set server name
• Configure network and static IP addresses list
• Firewall
  • Input
    • Everyone can connect to port 80 (Apache2)
    • Only OVH server can connect to port 22 (SSHd)
    • Everyone can connect to port 65422 (SSHd)
    • Only OVH server can ping
    • Loopback allowed
    • All incoming established connexion keept alive
    • Everything else incoming is DROPPED !
  • Forward: everything is allowed
  • Output: everything outgoing is allowed
• Apache2, MySQL, PHP + locale bug fix
  • Warning message during install about problem with "locale" configuration, not critical, tryed to fix it. Appears to be OK now.
• Install git + generate RSA key for root user
  • root RSA key added to Github allowed user
• Configure Apache2 security
• PhpMyAdmin
  • Only accessible using SSH tunneling
• The MySql user "wikiuser" has been created using PhpMyAdmin web interface

CREATE USER 'wikiuser'@'localhost' IDENTIFIED BY '***';
GRANT USAGE ON * . * TO 'wikiuser'@'localhost' IDENTIFIED BY '***' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

• PhpSysInfo + PhpInfo + APCInfo
  • Only accessible using SSH tunneling
• Initial Wikizam installation using trunk GIT release
• We used Mediawiki web install to generate a clean database using root user, then we updated Seizam MySql user

GRANT SELECT , INSERT , UPDATE , DELETE , CREATE , INDEX , ALTER , CREATE TEMPORARY TABLES , CREATE VIEW , EVENT, TRIGGER, SHOW VIEW , CREATE ROUTINE, ALTER ROUTINE, EXECUTE ON  `wikidb` . * TO  'wikiuser'@'localhost';

• Update OVH RTM program
• Install wikizam cron
  • each days at 9 am (fr timezone): updateSubscriptions.php
  • each days at 5 pm (fr timezone): checkNextRenewals.php --deadline=7
  • every 5 minutes: updateUsages.php --lifespan=60
• Install Exim4 mail server using Gmail account as smarthost
• Install script to backup MySQL