Mailman settings monitoring
Goal
The goal is to ensure that the FSFE's mailing list sensitive settings are properly configured.
How it works?
It works in three steps:
- export.py export the sensitive part of the mailing lists configuration to a machine and human readable format
- update_ref_file.py.py uses the mailman configuration to update our mailing list reference file (expected configuration)
- check.py compare the actual configuration to the expected configuration, stored in the internal repository. Each difference triggers an email to the mailing list administrators and a CC email address. It also verifies the password
The sensitive attributes of a mailing list are:
private_rostersubscribe_policy
Details about those attributes can be found here.
and:
archivearchive_privat
Details about those attributes can be found here.
How it use it?
Requirements
The scripts use python 3 and two libraries:
- yaml (to store the mailing list configuration)
- requests (to get the expected mailing list configuration from git)
You can install them on Debian with the packages python3-yaml and
python3-requests.
The export.py scripts needs a custom mailman script in your PATH.
Download it from
here.
Configuration
The check.py script uses a configuration file. Move
config.cfg.dist to config.cfg and change the values according to your
setup.
Run
Once the requirements are satisfied and the configuration file is ready, run the export.py script and redirect its output to a file (this must be done directly on the mailman server):
python3 export.py > actual_config
Then run the update_ref_file.py script:
python3 update_ref_file.py > output
output can be considered as the current state of the mailman configuration.
Then run the check.py script:
python3 check.py
Deployment with Ansible
Once you have adjusted the settings in config.cfg, you can use the Ansible
playbook to deploy the script to a remote mailman server