From caafd48fb461b1bc44df24805e6ab1b267f82dca Mon Sep 17 00:00:00 2001 From: Robert Date: Wed, 15 May 2024 20:43:08 -0700 Subject: [PATCH] Delete obsolete/significantly out of date sections of PAUSE.pod. This is just chipping away at it. It still either needs to be removed or replaced. --- lib/PAUSE.pod | 75 --------------------------------------------------- 1 file changed, 75 deletions(-) diff --git a/lib/PAUSE.pod b/lib/PAUSE.pod index c9c07ab5b..284728230 100644 --- a/lib/PAUSE.pod +++ b/lib/PAUSE.pod @@ -42,23 +42,6 @@ One *.pm file in a distro. One package statement within a L. -=head2 Overview of contents of the PAUSE distribution - - apache-conf/ Apache Configuration - apache-perl/ Legacy from the very first pause - bin/ scripts, mainly paused, the pause daemon - cron/ cronjobs - doc/ doc - htdocs/ symlinked to Apache's document root - lib/ PAUSE.pm and such - mirror/ mirror configuration, symlinked to /usr/local/mirror - -The two core scripts are F and F. Both would -need to be broken down into reusable and maintainable code. - -PAUSE.pm was originally the pure configuration file, but now also -contains some frequently used routines. - =head2 Excluded files The following file has been excluded from the repository for obvious @@ -73,38 +56,11 @@ Other sensitive files, like the SSL key of the server, password files need to be maintained separately from the repository. See below the section about user management. -=head2 File system layout - -(last time updated: 2012-01-03) - -If you have an older installation of PAUSE you probably want to know: -/home/k is gone, cfengine is gone; puppet is supposed to replace -cfengine, but in a way that the master and the client must run on -localhost because we often take files directly from the repo. - -Debian is gone, centos6 replaces it. - =head2 Cronjob table for PAUSE The repository has a file CRONTAB.ROOT which is usually quite in sync with the real pause. -=head2 External programs needed to run PAUSE - - apache with mod_perl and Apache-SSL - perl - mirror (the good old one) - mon - proftpd (update 2013: ftp is not any more supported) - mysqld - rsync (runs as daemon) - gpg - unzip - zsh - -At the time of this writing (2012-01-03), all perl scripts were -running under 5.16.2. - =head2 Database schema See F and F for schema @@ -114,25 +70,6 @@ A dump of the mod database is produced every few hours and available for download in the rsync area (pause.perl.org::pausedata). A dump of the authen_pause database is -- of course -- not available. -=head2 User management - -This section is about the fun of making mysql safe based on UNIX user -and group permissions. This is dangerous stuff. Be careful here and -follow the advice in the mysql manual about how to secure mysql in -general. E.g. C<--skip-networking> and root user password are a must, -etc. - -PAUSE is running processes as user root, apache, and -pause-unsafe. The user "puppet" in the group "puppet" owns the working -copy of the repository and all the sensitive files. There are no -members in the group puppet. The SSL data for the webservers and the -passwords for accessing the DB are only readable by root who starts -the webservers and runs the cronjobs. - -This setup must ensure that the user apuse-unsafe cannot read the -database account informations. The root password to mysql is not -needed by any script, so can be stored offline. - =head2 Other security considerations We practice security by visibility by giving the users as much @@ -146,18 +83,6 @@ us the possibility to maintain a I, a backup of all relevant files of all times. Any attempt to upload malicious code can thus be tracked much better. -=head2 Missing pieces - -As always, there are things we didn't bother to integrate into the -repository because they are so basic stuff for any UNIX machine: - - logrotate - xntpd/ntpd - sendmail/postfix - -and probably more. If you discover pieces that are important but -missing in the repository or documentation, please let us know. - =head1 AUTHOR Andreas Koenig Eandreas.koenig@anima.deE