Difference between revisions of "Armitage/notes"

From Technologia Incognita
Jump to: navigation, search
m
Line 16: Line 16:
  
 
* Created dedicated non-login user "memberizer" that will run the member creation script.
 
* Created dedicated non-login user "memberizer" that will run the member creation script.
* Set $HOME of memberizer to 0700 to prevent snooping.
+
* git cloned https://github.com/chotee/memberizer.git  
* $ git clone https://github.com/chotee/memberizer.git  
+
* Installed debian package 'sendemail' to send email, but don't know what the techinc MTA is for sending.
* Created a virtualenv in memberizer: $ virtualenv pyenv
 
* $ apt-get install python-dev libladp-dev libsasl-dev # (or it will complain about missing .h files in the next step)
 
* $ pyenv/bin/python setup.py develop # (could be "install" as well, but I expect to receive updates, so better to use the code in-place)
 
 
 
=== Mail outbound ===
 
* Installed Debian package 'sendemail' to send email, but don't know what the techinc MTA is for sending.
 
  
 
=== GPG ===
 
=== GPG ===
Line 39: Line 33:
 
If not, we now have a CA to sign our stuff with.
 
If not, we now have a CA to sign our stuff with.
  
 +
=== MTA outbound ===
 +
 +
Armitage now has an outbound MTA. The idea is that if your system needs to send it can just pass the email to Armitage for that. It's configured so that it will relay for the ipv4 /24 and ipv6 /48 machines on the network.
  
 
[[Category:SpaceFED]]
 
[[Category:SpaceFED]]

Revision as of 15:38, 13 July 2013

Notes on configuration of Armitage.

LDAP Installation

Following along with the [SpaceFed] instructions.

Worked well until step 4 (Add a samba domain Unix ID pool). Here the command to add the objects had to be: 

sudo ldapadd -x -D cn=admin,dc=techinc,dc=nl -W -h localhost < id-pools.ldif

Added structural objects: ou=people,dc=techinc,dc=nl and ou=groups,dc=techinc,dc=nl

Added groups:

  • cn=everybody,ou=groups,dc=techinc,dc=nl - all people/meatsacks (not machines, systems or automations) in the system.
  • cn=members,ou=groups,dc=techinc,dc=nl - all members should be in this group

Importer system

  • Created dedicated non-login user "memberizer" that will run the member creation script.
  • git cloned https://github.com/chotee/memberizer.git
  • Installed debian package 'sendemail' to send email, but don't know what the techinc MTA is for sending.

GPG

Created gpg keyring with memberizer@techinc.nl: 324B E31C F74F 3078 1EB9 AB22 F71A 39FF D2AB FD78

Imported keys of Chotee and Wizzup.

Secondary products

CA

Created a CA authority for signing the LDAP SSL certificates. No idea of Techinc already has something like this. Might need to regenerate the files if it turns out a CA already exists and is being used.

If not, we now have a CA to sign our stuff with.

MTA outbound

Armitage now has an outbound MTA. The idea is that if your system needs to send it can just pass the email to Armitage for that. It's configured so that it will relay for the ipv4 /24 and ipv6 /48 machines on the network.

Retrieved from "https://wiki.techinc.nl/index.php?title=Armitage/notes&oldid=6869"