Testmgr

Purpose

This system is used for managing test users and reading mails from the test system inbox.

Administration

System Administration

Application Administration

Application

Administrator(s)

Test manager

Bernhard Fröhlich

Contact

Additional People

Jan Dittberner and Mario Lipinski have sudo access on that machine too.

Basics

Physical Location

This system is located in an LXC container on physical machine Infra02.

Logical Location

IP Internet

213.154.225.248

IP Intranet

172.16.2.248

IP Internal

10.0.0.148

IPv6

2001:7b8:616:162:2::148

MAC address

00:16:3e:13:87:cc (eth0)

See also

See Network

Monitoring

internal checks

Monitoring checks for template.infra.cacert.org

external checks

Monitoring checks for template.cacert.org

Operating System

  • Debian GNU/Linux 8.10

Services

Listening services

Port

Service

Origin

Purpose

22/tcp

ssh

ANY

admin console access

25/tcp

smtp

local

mail delivery to local MTA

80/tcp

http

ANY

application

443/tcp

https

ANY

application

3306/tcp

mysql

local

MySQL database for testmgr

Running services

Service

Usage

Start mechanism

Apache httpd

Webserver for testmgr

init script /etc/init.d/apache2

cron

job scheduler

init script /etc/init.d/cron

MySQL

MySQL database server for testmgr

init script /etc/init.d/mysql

openssh server

ssh daemon for remote administration

init script /etc/init.d/ssh

Postfix

SMTP server for local mail submission

init script /etc/init.d/postfix

rsyslog

syslog daemon

init script /etc/init.d/rsyslog

Databases

RDBMS

Name

Used for

MySQL

ca_mgr

testmgr

MySQL

cats_db

CATS test instance

Outbound network connections

Security

SSH host keys

Algorithm

Fingerprints

RSA

SHA256:CPeGCQX1p4hITy3IbTURQSZUQDBg9gg8I5jgf3m9+hs, MD5:16:60:fe:47:49:e3:4a:5e:de:86:ae:be:66:29:b7:1e

DSA

-

ECDSA

-

ED25519

-

Non-distribution packages and modifications

The testmgr software is a custom PHP application installed in /var/www/ca-mgr1.it-sls.de.

The CATS test setup is a custom PHP application installed in /var/www/cats1.it-sls.de.

Risk assessments on critical packages

The system uses an unsupported OS version and needs to be updated as soon as possible.

Critical Configuration items

The system uses certificates issued by a test CA.

Keys and X.509 certificates

  • Certificate for CN mgr.test.cacert.org, see details in the certificate list

    • certificate in file /etc/ssl/certs/mgr_test_cacert_org.crt

    • private key in file /etc/ssl/private/mgr_test_cacert_org.pem

  • Certificate for CN cats.test.cacert.org, see details in the certificate list

    • certificate in file /etc/ssl/certs/cats_test_cacert_org.crt

    • private key in file /etc/ssl/private/cats_test_cacert_org.pem

Apache2 configuration

The Apache web server is configured using the usual Debian /etc/apache2 configuration directory. The VirtualHost entries are linked to /etc/apache2/sites-enabled.

Changes

Planned

Todo

setup monitoring for testmgr

Todo

make testmgr available on default ports via proxyin

Todo

setup proper DNS entries for testmgr

Todo

upgrade testmgr to a supported OS version (depends on upgraded CATS and testmgr software)

Todo

use Puppet to manage testmgr

System Future

The testmgr system should support all test systems/stages. The testmgr application should either be rolled out multiple times or should have support for multiple test systems. This needs to be discussed in a broader group of software development, software assessment and system administration teams.

Additional documentation