Armitage/notes

Notes on configuration of Armitage.

LDAP Installation

Following along with the [SpaceFed] instructions.

Worked well until step 4 (Add a samba domain Unix ID pool). Here the command to add the objects had to be:

sudo ldapadd -x -D cn=admin,dc=techinc,dc=nl -W -h localhost < id-pools.ldif

Added structural objects: ou=people,dc=techinc,dc=nl and ou=groups,dc=techinc,dc=nl

Added groups:

• cn=everybody,ou=groups,dc=techinc,dc=nl - all people/meatsacks (not machines, systems or automations) in the system.
• cn=members,ou=groups,dc=techinc,dc=nl - all members should be in this group

Importer system

• Created dedicated non-login user "memberizer" that will run the member creation script.
• git cloned https://github.com/chotee/memberizer.git
• Installed debian package 'sendemail' to send email, but don't know what the techinc MTA is for sending.

GPG

Created gpg keyring with memberizer@techinc.nl: 324B E31C F74F 3078 1EB9 AB22 F71A 39FF D2AB FD78

Imported keys of Chotee and Wizzup.

Secondary products

CA

Created a CA authority for signing the LDAP SSL certificates. No idea of Techinc already has something like this. Might need to regenerate the files if it turns out a CA already exists and is being used.

If not, we now have a CA to sign our stuff with.

MTA outbound

Armitage now has an outbound MTA. The idea is that if your system needs to send it can just pass the email to Armitage for that. It's configured so that it will relay for the ipv4 /24 and ipv6 /48 machines on the network.