summaryrefslogtreecommitdiff
path: root/TODO
blob: b2a75573b7e46ff776270b3cf8869258f8d44557 (plain) 
    

  1. All:
    2. 

  2. ----
    3. 

  3. Add a section in the cf.services.file for netatalk.
    4. 

  4. Move all the fake domains to bind/fake from bind/pri.
    5. 

  5. Add squid support: Search /etc/squid.conf for "YOUR OWN RULE" and add "acl localnet src $(LOCALNET)" and "http_access allow localnet".
    6. 

  6. Add integrit support: Remove all relevant comments in /etc/integrit/integrit.conf and "# ! " in /etc/cron.daily.integrit.
    7. 

  7. Implement meta-hints about filesharing: ftp should use "-l" and "~ users" when default users are dummy users. And the local user-init, adduser.local and deluser.local should be generic.
    8. 

  8. Figure out if bind or bind9 is installed as nameserver (currently both are reloaded, which is non-optimal and _can_ lead to errors)
    9. 

  9. Calibrate max open files based on available memory (as suggested at http://www.linuxdoc.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap6sec72.html and http://www.xenoclast.org/doc/benchmark/HTTP-benchmarking-HOWTO/node7.html):
    10. 

  10.     FILEMAX = (INSTALLED_RAM*256)/4
    11. 

  11.     /etc/sysctl.conf: fs.file-max = FILEMAX
    12. 

  12.     /etc/security/limits.conf: * soft nofile 1024
    13. 

  13.     /etc/security/limits.conf: * hard nofile FILEMAX
    14. 

  14. 

  15. Xenux: 
    16. 

  16. ------
    17. 

  17. Finish the cf.services.fai file
    18. 

  18. Move all domain files to local-COMMON
    19. 

  19. 

  20. DONE:
    21. 

  21. -----
    22. 

  22. samba/netlogon/common.bat is XENUX-centric
    23. 

  23. Correct dns (and other places like samba?) to use FQDN, not only host.
    24.
generated by cgit v1.2.3 (git 2.46.0) at 2025-01-12 22:06:46 +0000