50 recent changes in HPC Web retrieved at 14:27 (Local)

The two servers need TFTP server functionality to support diskless bootup. The daemon is invoked with a root, /opt/services/tftpboot, which limits its scope. The ...
Set it to 500 on the servers and at the 1000 limit on the SWCs as I'm worried that there might be a lot of traffic on them.
We'll need to tunnel back to the NRAO to get a clock sync. The SWCs will get their time from server 1.
Apply this one last since it'll make setup a lot harder.
FIPS stuff is on hold right now.
This rule should be revisited as part of firewall setup.
The servers provide SMTP service but act as relays so that alarm messages from within the cluster can propagate outside of the cluster to system administrators, e...
The two servers do allow remote messages over TCP. This allows them to capture syslog messages from the SWCs and other devices on the system. Thus they serve as l...
The config files for audit have changed since the STIG. They are now located in /etc/audit/rules.d though I think they're actually "compiled" into /etc/audit/audi...
Auditting is enabled on the systems and will be tweaked per STIG specs about coverage. The system must have high availability, so having a doomsday switch on audi...
There are a couple of other grub.cfg files located under /opt. These are served up to the diskless systems and are not part of the boot process for the server's t...
This appears to be related to FIPS installation, which we're skipping for the time being.
As soon as we do this one we'll lose the ability to use Radius to the switches, etc. Let's hold off for now.
The hard drives on the servers have a separate partition for /var. I'm not sure that this rule applies to the diskless systems since they have no disks.
The aide program is installed on server {1,2} and the swc diskless image. Cron should run it once a day on the servers. An email message will go out to usno admin...
This rule is moot if McAfee is installed and active; otherwise SELinux needs to be enabled and then configured appropriately.
Mandatory multifactor authentication is likely to be problematic for the cluster both for administration and DiFX usage because both actions require easy login to...
Applying this rule will end up requiring console access to complete a reboot which is not appropriate for either a cluster and for a remotely administrated system...
Made mod using polkit scheme to allow passwordless reboot on the swcs creating /etc/polkit 1/rules.d/51 wheel.rules.
This rule appears to need application hwover, the instructions are such that I'm not sure exactly what should be done.
Server 1 only had config file mods as expected. Server 2 has a mods to /etc/NetworkManager/dispatcher.d/20 chrony; I think a system update did this? The SWCs have...
Wiki page to track August 26/27 CHTC site visit to NRAO Date: August 26 27 2019 Locations: SO Auditorium, CV Auditorium(Monday) and ER 245 (Tuesday) Connection In...
WARNING! THIS TOPIC IS GENERATED BY System.ChecklistPlugin PLUGIN. DO NOT EDIT THIS TOPIC (except table data)! Back to the checklist topic UsnoRhel7Stig2. *conte...
System is not currently using the sssd functionality.
This is on hold until the firewall is configured.
Server 1 only nfs mounts usno serv 1. This mount should be removed after the system is read to be put into production.
The x windows server is installed and is need to allow remote administration of the system. This needs to be in the ISSO document.
The commands provided are not appropriate for this system given it's version of RHEL 7.6. Use systemctl status tftp l to see that the tftp daemon is started in a...
Server 1 has tftpd installed and it's used for booting of the diskless hosts (swc xxx). It is set up to only transfer files located below /opt/services/tftpboot. ...
I believe that postfix on server 1 is configured to only relay messages from hosts on 10.1.36.* but it's not using, nor does it even show, the parameter described...
Need to better understand this one.
Activate firewall once stability is achieved.
This rule is tied tightly to NTP whereas RHEL is using chrony. This will take some research, probably. Also we'llhave to find a direct, acceptable official clock ...
Wait until stability.
Wait for stability.
Implement after stability reached.
Do this one last as its annoying during development.
This one terminates network sessions after 10 minutes of inactivity. Leave this until things are stable.
This is about setting up the firewall. It can wait a little bit yet.
There is no expectation that users will receive mail on server 1. It serves as a way to forward mail off of the cluster (e.g., sending notifications back to the s...
Need to "document" that server 1 aggregates logs for the other hosts in the cluster.
DId cp /usr/share/doc/audit 2.8.4/rules/30 stig.rules stig.rules= to put these rules into /etc/audit/rules.d. Then restarted service using service auditd restart....
This can be done but we'll have to find a place to upload them to. Maybe an NRAO site?
See note for RHEL 07 030210.
This requirement seems to be aimed at sending audit messages off the machine. However, server 1 doesn't really have anywhere to send them. This feature is more ap...
The requirement for high availability will need to be documented and some sort of notification upon audit failure will have to be configured.
Removed the installed telnet server package.
This one works pretty much as the directions describe. I suggest copying the linux image (vmlinuz...) and the ram disk image (initramfs...) and /boot/efi/EFI/redh...
Better first search is find / xdev perm 002 type f perm /111 exec ls ld {} \; more since this will only return executable files that are world writable.
Looks like there is no entry to boot from removable media.
Number of topics: 50
< Previous Page 2 of 9 Next >

See also: rss-small RSS feed, recent changes with 50, 100, 200, 500, 1000 topics, all changes
Topic revision: r3 - 2009-10-19, CarolynWhite
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding NRAO Public Wiki? Send feedback