mccarthy.hcoop.net is our first Debian Jessie VM, and is intended to run mail services and the member portal.
1. Setup Issues
- test fail2ban before deploying
- Defaults look OK for protecting ssh, but is ferm resetting rules added by fail2ban?
sudo $command > file does not work, piping does however. Probably a new sudo option to detect output redirection and squelch output.
- systemd work:
- domtool unit files seem to work OK so far
- ferm is likely starting earlier than it should be, and may fail if the generated config references any pts users
dnscache-run starts very late by virtue of daemontools starting late. Either hack daemontools to be WantedBy=nss-lookup.target (systemd equiv of LSB $named service), or make dnscache-run a native systemd service.
- Hacked momentarily by adding Google DNS servers as backups