Hacking:Servers/Newtron
newtron.parabola.nu is a "colo" server, which is maintained gratis by the Vikings hosting company in Germany. It is Parabola's primary web server (eg: {forum,labs,projects,wiki,www}.parabola.nu). The name is a play on words, indicating that it's initial purpose was to replace the previous 'Proton' server, which was the Parabola web server between 2016 and 2018. Newtron is "the new proton".
2021-04 - the server is not yet in operation
2021-09 - the server is online, awaiting configuration
$ uname -m x86_64 $ free -h total used free shared buff/cache available Mem: 31Gi 106Mi 31Gi 1.0Mi 123Mi 30Gi Swap: 8.0Gi 0B 8.0Gi $ df -h | grep ^/dev /dev/md127 98G 1.4G 92G 2% / /dev/sdb2 238M 50M 173M 23% /boot /dev/md126 351G 36K 333G 1% /srv
Contents
1 configuration philosophy
Avoid editing files owned by a package if possible; insert things into new files. If a file must be edited, try to avoid having to change any lines; try to only add new lines.
Everything worth backing up should be in /etc
, /srv
, or /home
.
2 infrastructure/management
2.1 base setup
Packages installed:
- TODO
Files affected:
- TODO
2.1.1 bootloader
Packages installed:
-
grub
Files affected:
-
/etc/default/grub
The grub config has a serial console configured:
GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200n8 loglevel=3"
2.1.2 filesystems
Packages installed:
- TODO
Files affected:
- TODO
2.1.3 networking
Files affected:
- TODO
2.1.4 Pacman
Files affected:
- TODO
2.1.5 timedate
Files affected:
- TODO
2.2 etckeeper
Packages installed:
- TODO
Files affected:
- TODO
2.3 users
See also: keys user and group
2.3.1 Parabola hackers
Packages installed:
- TODO
Files affected:
- TODO
2.3.2 emergency user
Files affected:
-
/etc/passwd
-
/etc/shadow
-
/etc/sudoers.d/99-emergency
-
/home/emergency/
In case anything should ever go wrong with hackers.git
, the user "emergency" has been set up. "emergency" has authorized (statically via ~/.ssh/authorized_keys
) the keys of serveral (not publicly disclosed) Parabola hackers. /etc/sudoers.d/99-emergency
grants special privileges in case PAM or NSS get screwed up.
2.3.3 other
Files affected:
- TODO
2.3.4 pbot
Files affected:
- TODO
2.4 SSH
Packages installed:
-
openssh
Files affected:
-
/etc/ssh/sshd_config
- TODO
See above for how authentication and users are set up.
sshd is also configured to listen on both ports 22 and 1863. We may turn of port 22 in the future. Not using port 22 isn't security through obscurity, it is security through keeping-the-the-logs-useful-by-keeping-noise-down.
2.5 SSL
Packages installed:
- TODO
2.5.1 keys user and group
Files affected:
- TODO
2.5.2 issuance, renewal, and installation
Files affected:
- TODO
2.5.3 other
Files affected:
- TODO
2.6 HTTP
Packages installed:
- TODO
Files affected:
- TODO
2.6.1 process management
Packages installed:
- TODO
Files affected:
- TODO
2.7 email
Packages installed:
- TODO
Files affected:
- TODO
2.8 ParabolaWeb
Packages installed:
- TODO
Files affected:
- TODO
2.9 Bazaar
Packages installed:
- TODO
Files affected:
- TODO
2.10 Git
Packages installed:
- TODO
Files affected:
- TODO
2.10.1 transport: git protocol
Files affected:
- TODO
2.10.2 transport: SSH
Files affected:
- TODO
2.10.3 transport: HTTPS
Files affected:
- TODO
2.11 pbot
TODO
2.12 Redmine
TODO
2.13 Rsync
TODO