Page MenuHomePhabricator
Create Task
Maniphest T194157

Set up maintenance routine for servers and websites
Open, HighPublic
Actions

Description

During the server migration we've had some turbulence with respect to who should keep an eye on what and as a consequence some of our websites have gone unpatched (and there is at least one confirmed security incidence).

Historically this has had severe negative impact on a variety of our Wordpress sites, our Piwik installation, SSL certificates as well as our main Drupal site.

To ensure this does not happen again we should
a) Inventory all

  • websites/servers we maintain
  • components on these which may need monitoring for updates/patches
  • ensure there is clear documented info for HOW these are updated patched
  • ensure there is one person assigned with the main responsibility for keeping these up-to-date

b) For each component identified above. Ensure that drift@ is subscribed to the relevant feeds/lists for security announcements
c) Ensure that there is

  • a schedule for regularly checking in to all of the identified components/websites/servers and updating them
  • A protocol so that we can follow up on this having been done
  • Time/budget set aside to ensure that this maintenance can be performed without competing for time with other responsibilities.

d) Ensure we have someone we can turn to (with rather short notice) when shit hits the fan and fixing the problem is beyond the skill set of our in-house staff.

Related Objects
Search...

Event Timeline

Lokal_Profil created this task.May 8 2018, 1:31 PM
Lokal_Profil triaged this task as High priority.EditedMay 8 2018, 1:38 PM

I created this after

  • last weeks incident,
  • the fact that GDPR increases the demands on us,
  • the variety of new services we are getting through Ola which we will take over maintenance of
  • the lack of documentation discovered during T192556: Inventory of FSdata and Glesys of what we are running where, how it was installed and how it should be maintained.

The inventory could probably be initialised by @Sebastian_Berlin-WMSE (I'm happy to do some initial discussions on structure).

The last two points need input from @Jopparn, a discussion regarding that could ideally be scheduled for some point in May after the 25th

Lokal_Profil updated the task description. (Show Details)May 8 2018, 2:37 PM
Lokal_Profil mentioned this in T192556: Inventory of FSdata and Glesys.May 9 2018, 6:45 AM
Jopparn awarded a token.May 9 2018, 7:20 AM
Sebastian_Berlin-WMSE mentioned this in T194635: Determine what technical maintenance can be handled internally.May 14 2018, 9:55 AM
Vvjjkkii renamed this task from Set up maintenance routine for servers and webbsites to 2ddaaaaaaa.Jul 1 2018, 1:11 AM
Vvjjkkii added projects: CheckUser, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), Tamil-Sites, Gamepress, Hashtags, Jade, KartoEditor, Language-2018-Apr-June, New-Editor-Experiences, Mail, TCB-Team (now WMDE-TechWish).
Vvjjkkii updated the task description. (Show Details)
CommunityTechBot renamed this task from 2ddaaaaaaa to Set up maintenance routine for servers and webbsites.Jul 2 2018, 1:52 PM
CommunityTechBot updated the task description. (Show Details)
CommunityTechBot removed projects: TCB-Team (now WMDE-TechWish), Mail, New-Editor-Experiences, Language-2018-Apr-June, KartoEditor, Jade, Hashtags, Gamepress, Tamil-Sites, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), CheckUser.
Jopparn added a comment.Aug 5 2018, 6:08 AM

We need to look into this shortly.

Sebastian_Berlin-WMSE added a subtask: T192556: Inventory of FSdata and Glesys.Aug 20 2018, 9:11 AM
Lokal_Profil mentioned this in T202420: Follow up on possible server failure/intrusion.Aug 22 2018, 10:18 AM
Lokal_Profil added a comment.Oct 11 2018, 4:28 PM
This comment was removed by Lokal_Profil.
Sebastian_Berlin-WMSE closed subtask T192556: Inventory of FSdata and Glesys as Resolved.Oct 29 2018, 8:51 AM
Jopparn removed a project: User-Jopparn.Jan 29 2019, 11:13 AM
Sebastian_Berlin-WMSE edited projects, added WMSE-Organisational-Development-2019; removed WMSE-Organisational-Development-2018.Jan 29 2019, 3:19 PM
Lokal_Profil renamed this task from Set up maintenance routine for servers and webbsites to Set up maintenance routine for servers and websites.Sep 25 2019, 1:03 PM
Jopparn added a subtask: T194635: Determine what technical maintenance can be handled internally.Jan 16 2020, 1:20 PM
Sebastian_Berlin-WMSE edited projects, added WMSE-Organisational-Development-2020; removed WMSE-Organisational-Development-2019.Jan 16 2020, 2:37 PM
Jopparn edited projects, added WMSE-Organisational-Development-2021; removed WMSE-Organisational-Development-2020.Jan 12 2021, 11:29 PM
Jopparn added a project: User-kalle.
Sebastian_Berlin-WMSE added a comment.Jan 24 2022, 11:01 AM

ensure there is clear documented info for HOW these are updated patched

I started a page on the wiki for this (I couldn't find one from before): https://se.wikimedia.org/wiki/Underhåll_av_servrar. I added a quick description of Matomo.

Jopparn removed a project: User-kalle.Jan 27 2022, 7:52 AM
Jopparn edited projects, added WMSE-Organisational-Development-2022; removed WMSE-Organisational-Development-2021.Feb 6 2022, 10:06 PM
Lokal_Profil closed subtask T194635: Determine what technical maintenance can be handled internally as Resolved.Jan 24 2023, 1:48 PM
Jopparn edited projects, added WMSE-Development-of-the-association-2023; removed WMSE-Organisational-Development-2022.May 30 2023, 8:34 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL