100 recent changes in HPC Web retrieved at 05:04 (Local)

Rhel7Stig199
Implement after stability reached.
Rhel7Stig192
Do this one last as its annoying during development.
Rhel7Stig191
This one terminates network sessions after 10 minutes of inactivity. Leave this until things are stable.
Rhel7Stig189
This is about setting up the firewall. It can wait a little bit yet.
Rhel7Stig187
There is no expectation that users will receive mail on server 1. It serves as a way to forward mail off of the cluster (e.g., sending notifications back to the s...
Rhel7Stig186
Need to "document" that server 1 aggregates logs for the other hosts in the cluster.
Rhel7Stig127
DId cp /usr/share/doc/audit 2.8.4/rules/30 stig.rules stig.rules= to put these rules into /etc/audit/rules.d. Then restarted service using service auditd restart....
Rhel7Stig120
This can be done but we'll have to find a place to upload them to. Maybe an NRAO site?
Rhel7Stig118
See note for RHEL 07 030210.
Rhel7Stig116
This requirement seems to be aimed at sending audit messages off the machine. However, server 1 doesn't really have anywhere to send them. This feature is more ap...
Rhel7Stig115
The requirement for high availability will need to be documented and some sort of notification upon audit failure will have to be configured.
Rhel7Stig113
Removed the installed telnet server package.
Rhel7Stig108
This one works pretty much as the directions describe. I suggest copying the linux image (vmlinuz...) and the ram disk image (initramfs...) and /boot/efi/EFI/redh...
Rhel7Stig089
Better first search is find / xdev perm 002 type f perm /111 exec ls ld {} \; more since this will only return executable files that are world writable.
Rhel7Stig112
Looks like there is no entry to boot from removable media.
Rhel7Stig111
Most rules had sha256 already. Changed them to sha512.
Rhel7Stig110
It appears that xattr status is given to most of the watched files.
Rhel7Stig109
Installed the aide package and looked at its config file. It appears to have "acl" in most of its rules.
Rhel7Stig107
Either /tmp has to be mounted in its own partition or it has to be a memory resident beastie(?).
Rhel7Stig105
They want the /var to be in a separate filesystem (i.e. partition). Argh!
Rhel7Stig097
Made entry in /etc/fstab: tmpfs /dev/shm tmpfs defaults,rw,nosuid,nodev,noexec 0 0.
Rhel7Stig095
It is mounted outside of /etc/fstab but has nodev option.
Rhel7Stig094
No problem on server * but the swcs will require documented necessity.
Rhel7Stig090
Revisit after enabling selinux.
Rhel7Stig084
The checking logic provided seems to prevent any file sharing except by group which is not really consistent with the collaborative nature of this system's usage....
Rhel7Stig055
This appears to require that a MacAfee HBSS package be installed.
Rhel7Stig031
Edited /etc/login.defs and set PASS_MAX_DAYS to 60
Rhel7Stig029
Edited /etc/login.defs and set PASS_MIN_DAYS 1.
Rhel7Stig064
Edited /etc/yum.conf and added line "clean_requirements_on_remove=1".
Rhel7Stig063
The autofs service is currently disabled.
Rhel7Stig056
This is a configuration issue for SE Linux; defer until SE Linux issue is addressed.
Rhel7Stig053
The rsh server package is not installed.
Rhel7Stig052
Smartcard support is required for this. Not sure, yet, how to handle this.
Rhel7Stig050
Save this one until system is stable.
Rhel7Stig049
The systems are booting under UEFI so this rule does not apply.
Rhel7Stig048
System comes this way it appears.
Rhel7Stig047
This system is RHEL 7.6 and thus this rule is not applicable.
Rhel7Stig046
Edited /etc/ssh/sshd_config and uncommented "HostbasedAuthentication no". This was probably the default, but...
Rhel7Stig044
The gdm package is not installed.
Rhel7Stig043
The gdm package is not installed.
Rhel7Stig042
Edited /etc/login.defs and added line "FAIL_DELAY 4".
Rhel7Stig040
No account is given password free sudo.
Rhel7Stig039
Do this one at the last moment to keep usage reasonable.
Rhel7Stig038
Do this awful thing at the last moment.
Rhel7Stig037
Edited /etc/default/useradd setting "INACTIVE=0".
Rhel7Stig036
Edited /etc/ssh/sshd_config to uncomment "PermitEmptyPasswords no". This was already the default setting, but need to make autior happy : (.
Rhel7Stig035
Rule's query came back without anything of interest.
Rhel7Stig034
In /etc/security/pwquality.conf set minlen to 15.
Rhel7Stig033
Added line "password requisite pam_pwhistory.so use_authtok remember=5 retry=3" to /etc/pam.d/{system auth,password auth} as directed in rule.
Rhel7Stig032
Using "chage M 60 theUser" on pch,ajs,oper,difxmgr to meet this requirement.
Rhel7Stig030
Changed password aging for pch, ajs, difxmgr and oper accouts so that they are 1 rather than zero.
Rhel7Stig028
Performed query and got expected results.
Rhel7Stig027
Executing rule's grep command shows the expected result.
Rhel7Stig026
Verified that only sha512 hashes are allowed using the rule's command.
Rhel7Stig025
Set maxlassrepeat = 4 in /etc/security/pwquality.conf.
Rhel7Stig024
Set maxrepeat to 3 in /etc/security/pwquality.conf.
Rhel7Stig023
Set minclass = 4 in /etc/security/pwquality.conf.
Rhel7Stig022
In /etc/security/pwquality.conf set difok to 8.
Rhel7Stig021
Edited /etc/security/pwquality.conf setting ocredit to 1.
Rhel7Stig017
Doing cat /etc/pam.d/system auth pipe grep pam_pwquality returns password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type as ...
Rhel7Stig016
Rule command returns "password substack system auth" as required.
Rhel7Stig020
Edited /etc/security/pwquality.conf and set dcredit to 1 to require at least one digit character.
Rhel7Stig019
Edited /etc/security/pwquality.conf and set lcredit to 1 to require at least one uppercase character.
Rhel7Stig018
Edited /etc/security/pwquality.conf and set ucredit to 1 to require at least one uppercase character.
Rhel7Stig015
Implied by 010081.
Rhel7Stig014
The setting org.gnome.desktop.screensaver idle activation enable is deprecated and ignored according to =gsettings".
Rhel7Stig012
Doing yum list installed screen shows that this packages is installed.
Rhel7Stig011
Implied by rule 010070.
Rhel7Stig010
Doing gsettings get org.gnome.desktop.screensaver lock delay returns zero which means that the screen is locked when the sceensaver activates.
Rhel7Stig009
Performed gsettings set org.gnome.desktop.session idle delay 900 to apply the 15 minute idle setting.
Rhel7Stig008
This appears to require the same actions as rule 010060 and meeting that one (which is the case) implies meeting this one.
Rhel7Stig006
This is the default setting which can be demonstrated by doing gsettings get org.gnome.desktop.screensaver lock enabled which returns "true"
Rhel7Stig001
Waiting until the system installation has solidified.
Rhel7Stig005
Gross boiler plate so add this at the end before cloning.
Rhel7Stig004
Gross boiler plate so add this at the end before cloning.
Rhel7Stig003
Gross boiler plate so add this at the end before cloning.
WebStatistics
Statistics for HPC Web Month: Topic views: Topic saves: File uploads: Most popular topic views: Top contributors for topic save and uploads: ...
CatchAndRelease
Catch and Release %TWISTY{ showlink="Show TOC" hidelink="Hide TOC" showimgright="" hideimgright="" }% TL;DR remove an OST from a pool on CV lustr...
UsnoDifxEnvSensor
Environment Monitor The environment monitor is positioned to read the temperature and humidity via a sensor mounted above the rack containing the correlator nodes...
UsnoA7050Interfaces
usno a7050 show interfaces Ethernet1 is up, line protocol is up (connected) Hardware is Ethernet, address is 001c.7318.2adb (bia 001c.7318.2adb) Description: ...
ALMABenchmarking
Points of Contact ALMA Science Tony Remijan aremijan@ ALMA Systems Mike Hatz mhatz@ Background This page establishes a set of benchmarks that can be used...
UsnoDifxOperatingSystem2
Correlator Operating System The all the computing hardware will be running a version of RHEL 7.x. Because of security issues, the installed version will track th...
HPCSupport
GBO / LBO / JAO / NRAO HPC (High Performance Computing) Support Wiki Introduction This wiki is to track open tasks and to collect detailed logs for HPC relate...
WebHome
This is a wiki home for high performance computing at the NRAO. The area is still undergoing organizational changes but content in the Categories section is eith...
UsnoDifxNagios
Nagios We install service software in /opt/services instead of the normal location. This seperates it from the OS install and allows us to re install and/or upgr...
UsnoVNC
Connecting to the USNO Using VNC * Login to usno serv 1 ext and start VNC ssh admin@usno serv 1 ext vncserver * Start VNC on local machine vncviewer via a...
UsnoSshUser
Creating a new SSH user Access to the cluster from the outside is only permitted using ssh with a public key. This page describes how to add a new account as wel...
AutomateLustreClientBuild
Thoughts on automating Lustre Client module builds. * Keep a copy of the current lustre package under /opt/services/lustre client on usno serv 1t. (Had to inst...
SmileyTestChecklistItemState
WARNING! THIS TOPIC IS GENERATED BY System.ChecklistPlugin PLUGIN. DO NOT EDIT THIS TOPIC (except table data)! Back to the checklist topic SmileyTest. context ...
SmileyTest
Main.JimJacobs 2017 05 23 Checkbox
CheckboxTest
Title One Two Main.JimJacobs 2017 05 15
CheckboxTestChecklistItemState
WARNING! THIS TOPIC IS GENERATED BY System.ChecklistPlugin PLUGIN. DO NOT EDIT THIS TOPIC (except table data)! Back to the checklist topic CheckboxTest. *context...
HeraLibrarian
HERA Librarian software Instructions on configuring the hardware can be found at https://staff.nrao.edu/wiki/bin/view/CIS/Documentation/Herastore01 Installation...
HERA
HERA * HeraLibrarian
FidindirectActivity
Summary of NAASC Lustre FID in direct Activation Activity This page provides a summary of the activity conducted at NAASC on Fri/Sat April 21/22, 2017. %TWISTY{ ...
UsnoDifxMegaRAID
LSI MegaRAID Install The MegaRAID software installs /usr/local but we actually want it in /opt/services. So we make a symlink. $ To install the software, be...
UsnoNodeBootMechanism
Node Boot Mechanism Configure BIOS $ Disable Hyper Threading: Hyper Threading is a very cheap trick to simulate dual CPUs. All it does is create a second ent...
UsnoDifxDHCP
DHCP Install DHCP Retrieve DHCP from http://isc.org/products/DHCP/ The latest release as of2012 06 26is DHCP 4.2.4. Looks like they still can't write a good mak...
LustreRoundRobin
File distribution across OSTs (Applies to Lustre 2.5.3) %TWISTY{ showlink="Show TOC" hidelink="Hide TOC" showimgright="" hideimgright="" }% # The...
Number of topics: 100
< Previous Page 2 of 5 Next >

See also: rss-small RSS feed, recent changes with 50, 100, 200, 500, 1000 topics, all changes
Topic revision: r3 - 2009-10-19, CarolynWhite
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding NRAO Public Wiki? Send feedback