Merge pull request #554 from NethServer/refactor_apps

Refactor app sections

administrator-manual/en/antivirus.rst

@@ -4,10 +4,6 @@
 Antivirus
 =========
 
-.. note::
-
-  The configuration page of this module is available only in the new Server Manager.
-
 ClamAV is the open source antivirus engine of |product|. The server runs two different ClamAV instances:
 one for scanning received mail (see :ref:`email-section`) and the other one for analyzing HTTP web traffic (see :ref:`web_content_filter-section`).
 

administrator-manual/en/backup_legacy.rst

@@ -4,8 +4,6 @@
 Legacy backup
 =============
 
-.. note:: A new backup module is available inside the new Server Manager. See :ref:`backup-section`.
-
 |product| handles two kinds of backups: configuration backup and data backup.
 See :ref:`backup-section` for more details.
 

administrator-manual/en/chat.rst

@@ -23,8 +23,24 @@ All system users can access the chat using their own credentials.
                 a dedicated user account in AD is required by the module to be fully
                 operational! See :ref:`join-existing-ad-section`.
 
+Configuration
+=============
+
+All configuration options are available from *Configuration* page inside the **ejabberd** application.
+Main options are:
+
+* enable and disable ejabberd daemon
+* enable built-in web administration interface
+
+Under the *Advanced options* section, the administrator can also configure:
+
+- S2S federation
+- message archive
+- file upload to exchange data among clients using URL
+- file transfer speed
+
 Server to server (S2S)
-======================
+----------------------
 
 The XMPP system is federated by nature. If :index:`S2S` is enabled, users with accounts on one server
 can communicate with users on remote servers.
@@ -33,27 +49,19 @@ S2S allows for servers communicating seamlessly with each other, forming a globa
 For this purpose, the SRV DNS record must be configured for your domain (https://wiki.xmpp.org/web/SRV_Records#XMPP_SRV_records)
 and the server must have a valid SSL/TLS certificate.
 
-Client
-======
-
-Jabber clients are available for all desktop and mobile platforms. 
-
-Some widespread clients:
+Message Archive Management
+--------------------------
 
-* Pidgin is available for Windows and Linux 
-* Adium for Mac OS X 
-* BeejibelIM for Android and iOS, Xabber only for Android
+Message Archive Management (mod_mam) implements Message Archive Management as described in `XEP-0313 <http://xmpp.org/extensions/xep-0313.html>`_.
+When enabled, all messages will be stored inside the server and compatible XMPP clients can use it to store their chat history on the server.
 
-When you configure the client, make sure TLS (or SSL) is enabled.
-Enter the user name and the domain of the machine. 
+The database can store a maximum of 2GB of messages, archived messages can be purged automatically.
+To configure message retention policy, set :guilabel:`Clean messages older than X days` option.
 
-If |product| is also the DNS server of the network, the client should automatically find the server's address through special 
-pre-configured DNS records. Otherwise, specify the server address in the advanced options.
+.. note::
 
-With TLS capabilities, strictly configured servers or clients could reject connections with your Ejabberd server 
-if the SSL/TLS certificate doesn't match the domain name.
-Also, the certificate should contain two sub-domains ``pubsub.*`` and ``conference.*``.
-This certificate can be obtained for free with Let's Encrypt (see :ref:`server_certificate-section`).
+   If enabled, this module will store every message sent between users.
+   This behavior will affect the privacy of your users.
 
 
 Administrators
@@ -68,28 +76,26 @@ Administrators can:
 * Send broadcast messages 
 * Check the status of connected users 
 
+Clients
+=======
 
-Message Archive Management
-==========================
-
-Message Archive Management (mod_mam) implements Message Archive Management as described in `XEP-0313 <http://xmpp.org/extensions/xep-0313.html>`_.
-When enabled, all messages will be stored inside the server and compatible XMPP clients can use it to store their chat history on the server.
-
-The database can store a maximum of 2GB of messages, archived messages can be purged automatically.
-To configure message retention policy, set :guilabel:`Clean messages older than X days` option.
+Jabber clients are available for all desktop and mobile platforms. 
 
-.. note::
+Some widespread clients:
 
-   If enabled, this module will store every message sent between users.
-   This behavior will affect the privacy of your users.
+* Pidgin is available for Windows and Linux 
+* Adium for Mac OS X 
+* BeejibelIM for Android and iOS, Xabber only for Android
 
+When you configure the client, make sure TLS (or SSL) is enabled.
+Enter the user name and the domain of the machine. 
 
-Other options
-=============
+If |product| is also the DNS server of the network, the client should automatically find the server's address through special 
+pre-configured DNS records. Otherwise, specify the server address in the advanced options.
 
-From the new Server Manager the administrator can configure all the options described above.
+With TLS capabilities, strictly configured servers or clients could reject connections with your Ejabberd server 
+if the SSL/TLS certificate doesn't match the domain name.
+Also, the certificate should contain two sub-domains ``pubsub.*`` and ``conference.*``.
+This certificate can be obtained for free with Let's Encrypt (see :ref:`server_certificate-section`).
 
-Other available options:
 
-- upload and dowload transfer speed
-- enable/disable the administrator web interface

administrator-manual/en/dedalo.rst

@@ -78,12 +78,10 @@ Hotspot Unit on |product|
 
 After that just choose the ethernet interface where the hotspot will be active.
 
-If you have the proxy web active a specific flag in the hotspot unit page will allow you to forward all the hotspot traffic (http and httpas protocols) to the web proxy for logging purposes (Be aware of the privacy implications!).
-
-
-* connect an AP to the hostpot interface.
-
+If you have the proxy web active a specific flag in the hotspot unit page will allow you to forward all the hotspot traffic (HTTP and HTTPS protocols) 
+to the web proxy for logging purposes. Please be aware that this configuration has privacy implications.
 
+Finally connect an Access Point (AP) to the hostpot interface.
 
 
 Access Point Configuration

administrator-manual/en/fail2ban.rst

@@ -6,83 +6,65 @@ Fail2ban
 
 Fail2ban scans log files (e.g. :file:`/var/log/apache/error_log`) and bans IPs that show the malicious signs – too many password failures, seeking for exploits, etc. Generally Fail2ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2ban comes with filters for various services (Apache, Dovecot, Ssh, Postfix, etc).
 
-Fail2ban is able to reduce the rate of incorrect authentications attempts however, it cannot eliminate the risk that weak authentication presents. To improve the security, open the access to service only for secure networks using the firewall.
+Fail2ban is able to reduce the rate of incorrect authentications attempts however, it cannot eliminate the risk that weak authentication presents. To improve the security, open the access to service only for secure networks using the firewall or :ref:`services-section`.
 
-Installation
-============
+Configuration
+=============
 
-Install from the Software Center or use the command line: ::
+Access :menuselection:`Applications > fail2ban` and click on the :guilabel:`Settings` button of **Fail2ban** application.
+The configuration is split into two pages:
 
-  yum install nethserver-fail2ban
-
-
-Settings
-========
-
-Fail2ban is configurable in the security category of the server-manager. Most of settings can be changed in the :guilabel:`Configuration` tab, only really advanced settings must be configured by the terminal.
-
-Jails
------
+- :guilabel:`Settings`: general configuration options
+- :guilabel:`Jails`: manage available jails
 
 A jail is enabled and start to protect a service when you install a new module, the relevant jail (if existing) is automatically activated after the package installation.
-
-
 All jails can be disabled individually in the Jails settings.
 
-Number of attempts
-    Number of matches (i.e. value of the counter) which triggers ban action on the IP.
-
-Time span
-    The counter is set to zero if no match is found within "findtime" seconds.
+Available settings are:
 
-Ban time
-    Duration for IP to be banned for.
+* :guilabel:`IP Whitelist`: IPs listed in the text area will be never banned by fail2ban (one IP per line).
 
-Recidive ban
-    Extend the ban of persistent abusers. Recidive ban can have 2 different behaviors:
+* :guilabel:`Recidive ban`: extend the ban of persistent abusers. Recidive ban can have 2 different behaviors:
 
     * *Static ban time*: ban recidive hosts for 2 weeks, like brute force attack bots. The rule applies when an IP address has been already banned multiple times.
     * *Incremental ban time*: increase the ban time after each failure found in log. When enabled, if you set a short ban time, a valid user can be banned for a a little while but a brute force attacker will be banned for a very long time.
 
-Network
--------
+* :guilabel:`Allow bans on the LAN`: by default the failed attempts from your Local Network are ignored, except when you enabled the option.
+  :ref:`trusted_networks-section` are considered part of the LAN.
 
-Allow bans on the LAN
-    By default the failed attempts from your Local Network are ignored, except when you enabled the option.
+* :guilabel:`Logging Level`: increase or decrease the log level
 
+* :guilabel:`Number of attempts`: number of matches (i.e. value of the counter) which triggers ban action on the IP.
 
-IP/Network Whitelisting
-    IP listed in the text area will be never banned by fail2ban (one IP per line). Network could be allowed in the Trusted-Network panel.
+* :guilabel:`Time span`: the counter is set to zero if no match is found within "findtime" seconds.
 
-Email
------
+* :guilabel:`Ban time`: duration for IP to be banned for.
 
-Send email notifications
-    Enable to send administrative emails.
 
-Administrators emails
-    List of email addresses of administrators (one address per line).
 
-Notify jail start/stop events
-    Send email notifications when a jail is started or stopped.
+.. rubric:: Mail notifications
 
-Unban IP
-========
+Mail notification are disabled by default.
+To enable them, click on the :guilabel:`Email notifications` button, then add
+one ore more mail address using the :guilabel:`Add an email` button and filling the :guilabel:`Notify to` field.
+Existing mail addresses can be removed by clicking on the :guilabel:`-` button.
 
-IPs are banned when they are found several times in log, during a specific find time. They are stored in a database to be banned again each time your restart the server or the service. To unban an IP you can use the :guilabel:`Unban IP` tab in the status category of the server-manager.
+To receive also notification when a jail is enabled or disabled, check the :guilabel:`Notify jail start/stop events` option.
 
-Statistics
-==========
+Unban IP
+========
 
-The :guilabel:`Ban statistics` tab is available in the status category of the server-manager, it gives you the total number of bans per jail as well as the total of all bans.
+IPs are banned when they are found several times in log, during a specific find time.
+They are stored in a database to be banned again each time the server is restarted.
+List of current bans is available inside the :guilabel:`Unban` page.
+To unban an IP just click on the corresponding :guilabel:`Unban` button.
 
-Tools
-=====
+Command line tools
+==================
 
-Fail2ban-client
----------------
+.. rubric:: fail2ban-client
 
-Fail2ban-client is part of the fail2ban rpm, it gives the state of fail2ban and all available jails: ::
+``fail2ban-client`` gives the state of fail2ban and all available jails: ::
 
   fail2ban-client status
 
@@ -94,19 +76,17 @@ To see which log files are monitored for a jail: ::
 
   fail2ban-client get nginx-http-auth logpath
 
-Fail2ban-listban
-----------------
+.. rubric:: fail2ban-listban
 
-Fail2ban-listban counts the IPs currently and totally banned in all activated jails, at the end it shows the IPs which are still banned by shorewall. ::
+``fail2ban-listban`` counts the IPs currently and totally banned in all activated jails, at the end it shows the IPs which are still banned by shorewall. ::
 
   fail2ban-listban
 
-Fail2ban-regex
---------------
+.. rubric:: fail2ban-regex
 
-Fail2ban-regex is a tool which is used to test the regex on you logs, it is a part of fail2ban software. Only one filter is allowed per jail, but it is possible to specify several actions, on separate lines.
+``fail2ban-regex`` is a tool which is used to test the regex on you logs, it is a part of fail2ban software. Only one filter is allowed per jail, but it is possible to specify several actions, on separate lines.
 
-The documentation is `readable at the fail2ban project <http://fail2ban.readthedocs.io/en/latest/filters.html>`_. 
+The documentation is `available at the fail2ban project <http://fail2ban.readthedocs.io/en/latest/filters.html>`_. 
 
 ::
 
@@ -116,18 +96,16 @@ You can also test custom regex directly: ::
 
   fail2ban-regex /var/log/secure '^%(__prefix_line)s(?:error: PAM: )?[aA]uthentication (?:failure|error) for .* from <HOST>( via \S+)?\s*$'
 
-Fail2ban-unban
---------------
+.. rubric:: fail2ban-unban
 
-Fail2ban-unban is used to unban an IP when the ban must be removed manually. ::
+``fail2ban-unban`` is used to unban an IP when the ban must be removed manually. ::
 
   fail2ban-unban <IP>
 
 You can use also the built-in command with fail2ban-client: ::
 
   fail2ban-client set <JAIL> unbanip <IP>
 
-Whois
-=====
+.. rubric:: Whois
 
 If you desire to query the IP ``whois`` database and obtain the origin of the banned IP by email, you could  Install the ``whois`` rpm.

administrator-manual/en/fax_server.rst

@@ -4,9 +4,7 @@ Fax server
 
 .. note::
 
-  The configuration page of this module is available only in the old Server Manager
-  and will not be ported to the new one.
-
+  The configuration page of this module is available only in the old Server Manager.
 
 The :index:`fax` server allows you to send and receive faxes via a modem
 connected directly to a server port or through a :index:`virtual modem`.