 |
|
You are here: NRAO Public Wiki>HPC Web>DirectorsOffice>WebChanges (2009-10-19, CarolynWhite)
Edit wiki text
Edit
Attach
Print version
50 recent changes in HPC Web retrieved at 13:08 (Local)
Rhel7Stig055Production
This rule requires the installation and continuous execution of a host based intrusion detection system. The preferred package is McAfee but apparently something ...
r2 - 2019-09-25 - 17:04 by JimJacobs
UsnoRhel7Stig2ProductionChecklistItemState
WARNING! THIS TOPIC IS GENERATED BY System.ChecklistPlugin PLUGIN. DO NOT EDIT THIS TOPIC (except table data)! Back to the checklist topic UsnoRhel7Stig2Productio...
r19 - 2019-09-24 - 18:48 by JimJacobs
Rhel7Stig001Production
Done, though future fiddling might throw it off.
r2 - 2019-09-20 - 14:18 by JimJacobs
Rhel7Stig242Production
Pending on firewall implementation.
NEW - 2019-09-20 - 13:35 by JimJacobs
Rhel7Stig245Production
The STIG requires multifactor access for all privleged accounts; it mentions using two government approved mechanisms (one is CAC) as examples. It's possible that...
NEW - 2019-09-20 - 13:34 by JimJacobs
Rhel7Stig241Production
This will occur as part of setting up the firewall.
NEW - 2019-09-20 - 13:06 by JimJacobs
Rhel7Stig239Production
The twoservers do not mount any NFS volumes. The SWCs have two mounts to server 1. We'll have to see if this causes any heartburn when it's enabled on the SWCs.
NEW - 2019-09-20 - 13:04 by JimJacobs
Rhel7Stig238Production
None of the hosts are currently doing any packet forwarding. On the old cluster the firewall had to be modified to allow packet forwarding to support some of the ...
NEW - 2019-09-20 - 12:58 by JimJacobs
Rhel7Stig237Production
Xwindows is used for remote administration purposes on server 1 and server 2. It is not installed on the SWCs.
NEW - 2019-09-20 - 12:55 by JimJacobs
Rhel7Stig236Production
The tftp server package is not installed on the SWCs. On the two servers, the service file is located in /etc/systemd/system/tftp.service and this starts the serv...
NEW - 2019-09-20 - 12:52 by JimJacobs
Rhel7Stig234Production
The two servers need TFTP server functionality to support diskless bootup. The daemon is invoked with a root, /opt/services/tftpboot, which limits its scope. The ...
NEW - 2019-09-19 - 15:58 by JimJacobs
Rhel7Stig216Production
Set it to 500 on the servers and at the 1000 limit on the SWCs as I'm worried that there might be a lot of traffic on them.
NEW - 2019-09-19 - 15:01 by JimJacobs
Rhel7Stig215Production
We'll need to tunnel back to the NRAO to get a clock sync. The SWCs will get their time from server 1.
NEW - 2019-09-19 - 14:57 by JimJacobs
Rhel7Stig204Production
Apply this one last since it'll make setup a lot harder.
NEW - 2019-09-18 - 18:42 by JimJacobs
Rhel7Stig190Production
FIPS stuff is on hold right now.
NEW - 2019-09-18 - 17:08 by JimJacobs
Rhel7Stig189Production
This rule should be revisited as part of firewall setup.
NEW - 2019-09-17 - 17:02 by JimJacobs
Rhel7Stig187Production
The servers provide SMTP service but act as relays so that alarm messages from within the cluster can propagate outside of the cluster to system administrators, e...
NEW - 2019-09-17 - 17:00 by JimJacobs
Rhel7Stig186Production
The two servers do allow remote messages over TCP. This allows them to capture syslog messages from the SWCs and other devices on the system. Thus they serve as l...
NEW - 2019-09-17 - 16:59 by JimJacobs
Rhel7Stig127Production
The config files for audit have changed since the STIG. They are now located in /etc/audit/rules.d though I think they're actually "compiled" into /etc/audit/audi...
NEW - 2019-09-17 - 15:12 by JimJacobs
Rhel7Stig115Production
Auditting is enabled on the systems and will be tweaked per STIG specs about coverage. The system must have high availability, so having a doomsday switch on audi...
NEW - 2019-09-17 - 14:15 by JimJacobs
Rhel7Stig112Production
There are a couple of other grub.cfg files located under /opt. These are served up to the diskless systems and are not part of the boot process for the server's t...
NEW - 2019-09-16 - 18:47 by JimJacobs
Rhel7Stig111Production
This appears to be related to FIPS installation, which we're skipping for the time being.
NEW - 2019-09-16 - 18:36 by JimJacobs
Rhel7Stig108Production
As soon as we do this one we'll lose the ability to use Radius to the switches, etc. Let's hold off for now.
NEW - 2019-09-16 - 17:13 by JimJacobs
Rhel7Stig105Production
The hard drives on the servers have a separate partition for /var. I'm not sure that this rule applies to the diskless systems since they have no disks.
NEW - 2019-09-16 - 17:02 by JimJacobs
Rhel7Stig057Production
The aide program is installed on server {1,2} and the swc diskless image. Cron should run it once a day on the servers. An email message will go out to usno admin...
NEW - 2019-09-12 - 16:44 by JimJacobs
Rhel7Stig056Production
This rule is moot if McAfee is installed and active; otherwise SELinux needs to be enabled and then configured appropriately.
NEW - 2019-09-12 - 14:54 by JimJacobs
Rhel7Stig052Production
Mandatory multifactor authentication is likely to be problematic for the cluster both for administration and DiFX usage because both actions require easy login to...
NEW - 2019-09-12 - 14:34 by JimJacobs
Rhel7Stig051Production
Applying this rule will end up requiring console access to complete a reboot which is not appropriate for either a cluster and for a remotely administrated system...
NEW - 2019-09-12 - 13:41 by JimJacobs
Rhel7Stig040Production
Made mod using polkit scheme to allow passwordless reboot on the swcs creating /etc/polkit 1/rules.d/51 wheel.rules.
NEW - 2019-09-11 - 19:19 by JimJacobs
Rhel7Stig038Production
This rule appears to need application hwover, the instructions are such that I'm not sure exactly what should be done.
NEW - 2019-09-11 - 18:23 by JimJacobs
Rhel7Stig002Production
Server 1 only had config file mods as expected. Server 2 has a mods to /etc/NetworkManager/dispatcher.d/20 chrony; I think a system update did this? The SWCs have...
NEW - 2019-09-11 - 13:31 by JimJacobs
CHTCSiteVisit
Wiki page to track August 26/27 CHTC site visit to NRAO Date: August 26 27 2019 Locations: SO Auditorium, CV Auditorium(Monday) and ER 245 (Tuesday) Connection In...
r32 - 2019-08-27 - 17:21 by KScottRowe
UsnoRhel7Stig2ChecklistItemState
WARNING! THIS TOPIC IS GENERATED BY System.ChecklistPlugin PLUGIN. DO NOT EDIT THIS TOPIC (except table data)! Back to the checklist topic UsnoRhel7Stig2. *conte...
r19 - 2019-08-02 - 15:10 by JimJacobs
Rhel7Stig245
System is not currently using the sssd functionality.
NEW - 2019-08-01 - 16:36 by JimJacobs
Rhel7Stig241
This is on hold until the firewall is configured.
NEW - 2019-08-01 - 16:29 by JimJacobs
Rhel7Stig239
Server 1 only nfs mounts usno serv 1. This mount should be removed after the system is read to be put into production.
NEW - 2019-08-01 - 16:24 by JimJacobs
Rhel7Stig237
The x windows server is installed and is need to allow remote administration of the system. This needs to be in the ISSO document.
NEW - 2019-08-01 - 16:20 by JimJacobs
Rhel7Stig236
The commands provided are not appropriate for this system given it's version of RHEL 7.6. Use systemctl status tftp l to see that the tftp daemon is started in a...
NEW - 2019-08-01 - 16:19 by JimJacobs
Rhel7Stig234
Server 1 has tftpd installed and it's used for booting of the diskless hosts (swc xxx). It is set up to only transfer files located below /opt/services/tftpboot. ...
NEW - 2019-08-01 - 16:15 by JimJacobs
Rhel7Stig232
I believe that postfix on server 1 is configured to only relay messages from hosts on 10.1.36.* but it's not using, nor does it even show, the parameter described...
NEW - 2019-08-01 - 16:12 by JimJacobs
Rhel7Stig221
Need to better understand this one.
NEW - 2019-07-31 - 18:38 by JimJacobs
Rhel7Stig217
Activate firewall once stability is achieved.
NEW - 2019-07-31 - 18:34 by JimJacobs
Rhel7Stig215
This rule is tied tightly to NTP whereas RHEL is using chrony. This will take some research, probably. Also we'llhave to find a direct, acceptable official clock ...
NEW - 2019-07-31 - 18:28 by JimJacobs
Rhel7Stig204
Wait until stability.
NEW - 2019-07-31 - 18:15 by JimJacobs
Rhel7Stig201
Wait for stability.
NEW - 2019-07-31 - 18:06 by JimJacobs
Rhel7Stig199
Implement after stability reached.
NEW - 2019-07-31 - 18:04 by JimJacobs
Rhel7Stig192
Do this one last as its annoying during development.
NEW - 2019-07-31 - 15:01 by JimJacobs
Rhel7Stig191
This one terminates network sessions after 10 minutes of inactivity. Leave this until things are stable.
NEW - 2019-07-31 - 15:00 by JimJacobs
Rhel7Stig189
This is about setting up the firewall. It can wait a little bit yet.
NEW - 2019-07-31 - 14:54 by JimJacobs
Rhel7Stig187
There is no expectation that users will receive mail on server 1. It serves as a way to forward mail off of the cluster (e.g., sending notifications back to the s...
NEW - 2019-07-31 - 13:54 by JimJacobs
Number of topics: 50
< Previous Page 2 of 10 Next >
See also:
RSS feed, recent changes with 50, 100, 200, 500, 1000 topics, all changes Edit | Attach | Print version | History: r3 < r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r3 - 2009-10-19, CarolynWhite
- Webs
-
ALMA
- NAASC
- SCIIPT
- CDL
- CICADA
- Ccs
- Littlethings
- Cville
- DSAA
- EVLA
- FASR
- GB
- Computing
- Data
- Dynamic
- Electronics
- Gbtpipeline
- Knowledge
- Mechanical
- Observing
- WbandVLBACal
- Obsreports
- Operate
- PTCS
- OOF
- ServoImprovementsHome
- ServoSiteAcceptTestProcs
- Pennarray
- Projects
- Recreation
- Scicenter
- Skynet
- Software
- CLEO
- StaffEvents
- TACTool
- HPC
- JVLA
- KPAF
- Library
- Main
- Metrics
- NGVLA
- NM
- Computing
- Electronics
- OSAA
- OSX
- SRDP
- Software
- Algorithms
- CASA
- Splat
- System
- VLBA
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding NRAO Public Wiki? Send feedback