Testmgr

Purpose

This system is used for managing test users and reading mails from the test system inbox.

Application Links

Testmgr application

https://test.cacert.org:14843/

Administration

System Administration

• Primary: Bernhard Fröhlich

• Secondary: Dirk Astrath

Application Administration

Application	Administrator(s)
Test manager	Bernhard Fröhlich

Contact

• bernhard@cacert.org

Additional People

Jan Dittberner and Mario Lipinski have sudo access on that machine too.

Basics

Physical Location

This system is located in an LXC container on physical machine Infra02.

Logical Location

IP Internet

213.154.225.248

IP Intranet

172.16.2.248

IP Internal

10.0.0.148

IPv6

2001:7b8:616:162:2::148

MAC address

00:16:3e:13:87:cc (eth0)

See also

See Network

Monitoring

internal checks

Monitoring checks for template.infra.cacert.org

external checks

Monitoring checks for template.cacert.org

Operating System

• Debian GNU/Linux 8.10

Services

Listening services

Port	Service	Origin	Purpose
22/tcp	ssh	ANY	admin console access
25/tcp	smtp	local	mail delivery to local MTA
80/tcp	http	ANY	application
443/tcp	https	ANY	application
3306/tcp	mysql	local	MySQL database for testmgr

Running services

Service	Usage	Start mechanism
Apache httpd	Webserver for testmgr	init script /etc/init.d/apache2
cron	job scheduler	init script /etc/init.d/cron
MySQL	MySQL database server for testmgr	init script /etc/init.d/mysql
openssh server	ssh daemon for remote administration	init script /etc/init.d/ssh
Postfix	SMTP server for local mail submission	init script /etc/init.d/postfix
rsyslog	syslog daemon	init script /etc/init.d/rsyslog

Databases

RDBMS	Name	Used for
MySQL	ca_mgr	testmgr
MySQL	cats_db	CATS test instance

Outbound network connections

• DNS (53) resolver at 10.0.0.1 (Infra02)

• Emailout as SMTP relay

• Proxyout as HTTP proxy for APT

Security

SSH host keys

Algorithm	Fingerprints
RSA	SHA256:CPeGCQX1p4hITy3IbTURQSZUQDBg9gg8I5jgf3m9+hs, MD5:16:60:fe:47:49:e3:4a:5e:de:86:ae:be:66:29:b7:1e
DSA	-
ECDSA	-
ED25519	-

See also

SSH host key list

Non-distribution packages and modifications

The testmgr software is a custom PHP application installed in /var/www/ca-mgr1.it-sls.de.

The CATS test setup is a custom PHP application installed in /var/www/cats1.it-sls.de.

Risk assessments on critical packages

The system uses an unsupported OS version and needs to be updated as soon as possible.

Critical Configuration items

The system uses certificates issued by a test CA.

Keys and X.509 certificates

• Certificate for CN mgr.test.cacert.org, see details in the certificate list

• certificate in file /etc/ssl/certs/mgr_test_cacert_org.crt

• private key in file /etc/ssl/private/mgr_test_cacert_org.pem

• Certificate for CN cats.test.cacert.org, see details in the certificate list

• certificate in file /etc/ssl/certs/cats_test_cacert_org.crt

• private key in file /etc/ssl/private/cats_test_cacert_org.pem

See also

• Wiki SystemAdministration/CertificateList

Apache2 configuration

The Apache web server is configured using the usual Debian /etc/apache2 configuration directory. The VirtualHost entries are linked to /etc/apache2/sites-enabled.

Changes

Planned

Todo

setup monitoring for testmgr

Todo

make testmgr available on default ports via proxyin

Todo

setup proper DNS entries for testmgr

Todo

upgrade testmgr to a supported OS version (depends on upgraded CATS and testmgr software)

Todo

use Puppet to manage testmgr

System Future

The testmgr system should support all test systems/stages. The testmgr application should either be rolled out multiple times or should have support for multiple test systems. This needs to be discussed in a broader group of software development, software assessment and system administration teams.

Additional documentation

See also

• Wiki PostfixConfiguration