TODO ==== High priority ------------- - cleanup, merge and refactor. - virtual: migrate to kvm-manager, purge util-vserver. - switch from syslog-ng to rsyslog with anonimization. - nodo: journald: volatile logs only: - https://wiki.debian.org/systemd#Configuring_as_default - https://www.freedesktop.org/software/systemd/man/systemd.unit.html - https://www.freedesktop.org/software/systemd/man/journald.conf.html - sshd: - https://stribika.github.io/2015/01/04/secure-secure-shell.html - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774711#60 - loginrecords: deploy module. - deploy https://github.com/wido/puppet-module-tcpwrappers Medium priority --------------- - switch to conf.d: - https://wiki.debian.org/PHP/ - apache2. - syslog-ng. Low priority ------------ - drupal/wordpress: - files: under platform user, not root. - cronjobs: switch to the platform user. - mail: - [use ssl::dhparams, move to 2048 bit and use the standard file names and paths](https://leap.se/code/issues/4012). - support for [preventing SPAM connections with bird](http://www.debian-administration.org/article/715/Preventing_SPAM_connections_with_bird.). - deploy https://git.autistici.org/ale/smtp-fp/tree/master (use cert from ca.autistici.org/ca.pem).