 |
|
You are here: NRAO Public Wiki>HPC Web>DirectorsOffice>WebChanges (2009-10-19, CarolynWhite)
Edit wiki text
Edit
Attach
Print version
200 recent changes in HPC Web retrieved at 14:16 (Local)
UsnoDifxOsPatch2ChecklistItemState
WARNING! THIS TOPIC IS GENERATED BY System.ChecklistPlugin PLUGIN. DO NOT EDIT THIS TOPIC (except table data)! Back to the checklist topic UsnoDifxOsPatch2. *con...
r82 - 2021-02-23 - 17:44 by JimJacobs
UsnoMaintenanceLog2
USNO Maintenance Log 2 This log page allows significant maintenance/administration events to be logged for future use. The goal is to record information that migh...
r3 - 2021-02-01 - 13:50 by JimJacobs
UsnoDifxKVM2
KVM Console/Switchs (jhj 1/15/21) Currently two of the KVM retained from the old correlator are not on the net. These are the KVM in the second rack of SWCs and...
r7 - 2021-01-15 - 14:06 by JimJacobs
UsnoDifxEnvSensor2
Environment Monitor The environment monitor is positioned to read the temperature and humidity via a sensor mounted above the rack containing the correlator nodes...
r4 - 2021-01-11 - 16:26 by JimJacobs
UsnoHostAliases2
Host SSH Aliases In root's .bashrc are defined a number of aliases to make it a bit quicker to do commands to a single host. Basically it aliases the host name wi...
NEW - 2020-12-17 - 13:05 by JimJacobs
UsnoPingDiskless2
Ping Diskless The custom python3 utility ping diskless was originally designed to ping the SWCs to watch them through the reboot cycle. It has evolved such that ...
NEW - 2020-12-14 - 18:32 by JimJacobs
UsnoDifxNagios2
Nagios Nagios is a watchdog daemon that can be configured to check on various properties of a computer system and issue warnings and/or alarms if one of the prope...
r2 - 2020-12-11 - 18:05 by JimJacobs
UsnoDifxClientOSInstall2
Client (SWC) Installation The initial client installation was performed using the hard disk drive that came with SWC 001. The host was booted via PXE boot and the...
NEW - 2020-12-11 - 14:40 by JimJacobs
UsnoDifxLusterOSInstall2
BGFS Installation The BGFS hosts were installed by vendor. They were then modified by us to meet the most pressing requirements (i.e., "critical" and "high" find...
NEW - 2020-12-11 - 14:36 by JimJacobs
UsnoDifxLogging2
Logging Rsyslog Server 1 runs rsyslogd via the systemd rsyslog.service; the main configuration for the rsyslod is /etc/rsyslog.conf. DHCP Logging DHCPD messages...
r6 - 2020-12-11 - 13:00 by JimJacobs
UsnoDifxNTP2
Time Service Overview Time services is provided primarily by server 1 using the chronyd daemon. The configuration file for chronyd is /etc/chrony.conf. Service...
r3 - 2020-12-10 - 16:52 by JimJacobs
UsnoDifxNetworking2
Contents Networking As of this writing the plan is to fold the new correlator into the existing correlator network layout. This will facilitate keeping the two i...
r5 - 2020-12-10 - 16:51 by JimJacobs
UsnoDifxNetworkingDiagram2
Main.JimJacobs 2018 12 11
r4 - 2020-12-09 - 13:35 by JimJacobs
UsnoDifxBgfsServer2
BGFS File Servers Overview The new correlator is using BEEGFS (bgfs) in place of Lustre to provide a high speed, high capacity file system. The bgfs servers are ...
r6 - 2020-12-08 - 15:22 by JimJacobs
UsnoDifxComputeNodes2
Compute Nodes Basic System Specs The SWC (SoftWare Correlator) hosts are Dell R640 systems. These have two Intel Xeon Gold 6132 CPUs which run at 2.60 GHz; each ...
r3 - 2020-12-08 - 15:12 by JimJacobs
USNODifxCorrelator
USNO Correlator Documentation Wiki This Wiki section serves as the primary documentation for the NRAO project to provide a DifX correlator to USNO. It is intentio...
r15 - 2020-12-08 - 15:07 by JimJacobs
UsnoDifxFringe2
Fringing Host (test cluster only) Overview In addition to the normal correlation work, some other analytical work is done. At the USNO, they have two fringing...
r2 - 2020-12-08 - 12:36 by JimJacobs
UsnoDifxInfiniband2
Infiniband Switches Overview The correlators use Infiniband (IB) network connections to pass data between the correlator nodes (SWCs) and also with the file serv...
r3 - 2020-11-13 - 16:51 by JimJacobs
UsnoDifxRADIUS2
RADIUS Service RADIUS is an authentication service often supported by simpler devices such as switches. The servers run a systemd service named radiusd that the ...
NEW - 2020-11-13 - 15:56 by JimJacobs
UsnoDifxServers2
Admin Servers Introduction Each correlator has two administrative servers, server 1 and server 2. The servers are used to administer the correlator and take no d...
r4 - 2020-11-13 - 13:24 by JimJacobs
UsnoDifxOverview2
USNO Correlator II Overview Production Correlator The USNO uses a computing cluster built and maintained by NRAO for performing correlations using DiFX. In 2019...
r3 - 2020-11-13 - 13:20 by JimJacobs
UsnoDifxPatch2Draft
Neo Correlator Patching The patch process for the Neo correlator (installed at USNO on November 2019) is outlined below. A set of "checkboxes" is provided to assi...
r2 - 2020-11-02 - 12:12 by JimJacobs
UsnoDifxAide2
AIDE AIDE is a program that scans important files in the system and reports any changes in the files relative to the accepted baseline. The security STIG require...
NEW - 2020-09-30 - 12:31 by JimJacobs
UsnoDifxServerNagiosAck2
Shutting off Nagios Alarms When a nagios problem can't be fixed right away it can get tiresome to have the alarm message coming out every hour or so. Almost the s...
NEW - 2020-09-30 - 11:26 by JimJacobs
UsnoDifx2-200924
17:38 root@bg mds 1 T ~ # yum install mlnx ofed all Loaded plugins: langpacks, product...
NEW - 2020-09-24 - 17:47 by JimJacobs
UsnoDifxPtyFix2
Pty Allocation Problem So far, this problem has mostly occurred on server 1 on both clusters, probably because it gets the most login traffic suring maintenance. ...
NEW - 2020-09-21 - 10:22 by JimJacobs
UsnoDifxServerDebuggingSeLinux2
Debugging SE Linux Both server 1..2 and the BGFS hosts are running SE Linux in targeted mode; the SWCs are not running SE Linux although since the images are host...
r2 - 2020-09-14 - 13:13 by JimJacobs
UsnoDifxDNS2
Correlator DNS Service Server Configuration Both server 1 and server 2 provide DNS service to the correlator. Server 2 should be considered a backup to server 1....
r2 - 2020-09-09 - 13:08 by JimJacobs
UsnoDifxSMTP2
Mail Service Overview Since the correlator is effectively a compute device, very little email service is required. The only exception is that the system administ...
r2 - 2020-09-09 - 13:02 by JimJacobs
UsnoFileTransfer2
File Transfer From an NRAO Host The hosts on either correlator can be reached via the NRAO DNS, file transfer can be initiated from an NRAO host in a pretty stra...
NEW - 2020-08-04 - 17:21 by JimJacobs
UsnoDoOnHosts2
Do on hosts This python script is designed to execute a command on a set of cluster hosts. It is invoked via the link do on hosts located in /opt/services/bin wh...
NEW - 2020-08-04 - 17:02 by JimJacobs
UsnoHostStatus2
Host Status Tool The host status tool can be used to summarize important attributes for all hosts in the system. It is invoked by doing host status all on one of...
NEW - 2020-08-04 - 16:28 by JimJacobs
UsnoDifxOsPatchChecklistItemState
WARNING! THIS TOPIC IS GENERATED BY System.ChecklistPlugin PLUGIN. DO NOT EDIT THIS TOPIC (except table data)! Back to the checklist topic UsnoDifxOsPatch. *cont...
r503 - 2020-07-13 - 15:01 by JimJacobs
UsnoDifxS1pS1tLink2
The file ~/.ssh/jjacobs s1t.config This is an instance of a user specific file to create the linkage from server 1p to server 1t. It currently hops to usno serv 1...
NEW - 2020-06-17 - 18:00 by JimJacobs
UsnoDifxInfinibandSoftwareInfo2
Mellanox (Infiniband) Switch Software information * Collected 5/15/20 by Jim Jacobs data m6036 1 standalone: master show version Product name: MLNX OS...
NEW - 2020-05-15 - 15:53 by JimJacobs
UsnoNodeBootMechanism2
Main.JimJacobs 2020 03 27
NEW - 2020-03-27 - 18:29 by JimJacobs
UsnoDifxServerDiskLayout2
Disk Layout Server Disk Partitioning The disk layout is shown below as displayed using lsblk. The two disks are partitioned somewhat in parallel although the fir...
r5 - 2020-02-25 - 13:01 by JimJacobs
UsnoDifxDHCP2
DHCP Overview Server 1 provides DHCP service on the network admin network. The setting for the daemon are in /etc/dhcp/dhcpd.conf. The IP addresses on all of ne...
NEW - 2020-01-23 - 17:33 by JimJacobs
UsnoDifxTFTP2
Main.JimJacobs 2020 01 23
NEW - 2020-01-23 - 17:31 by JimJacobs
UsnoVNC2
VNC and X Window Connections To launch an X application, make an ssh tunnel and then launch the X app an it'll appear locally. * ssh X J admin@usno serv 1t ...
NEW - 2019-10-24 - 17:38 by JimJacobs
Rhel7Stig055Production
This rule requires the installation and continuous execution of a host based intrusion detection system. The preferred package is McAfee but apparently something ...
r2 - 2019-09-25 - 17:04 by JimJacobs
UsnoRhel7Stig2ProductionChecklistItemState
WARNING! THIS TOPIC IS GENERATED BY System.ChecklistPlugin PLUGIN. DO NOT EDIT THIS TOPIC (except table data)! Back to the checklist topic UsnoRhel7Stig2Productio...
r19 - 2019-09-24 - 18:48 by JimJacobs
Rhel7Stig001Production
Done, though future fiddling might throw it off.
r2 - 2019-09-20 - 14:18 by JimJacobs
Rhel7Stig242Production
Pending on firewall implementation.
NEW - 2019-09-20 - 13:35 by JimJacobs
Rhel7Stig245Production
The STIG requires multifactor access for all privleged accounts; it mentions using two government approved mechanisms (one is CAC) as examples. It's possible that...
NEW - 2019-09-20 - 13:34 by JimJacobs
Rhel7Stig241Production
This will occur as part of setting up the firewall.
NEW - 2019-09-20 - 13:06 by JimJacobs
Rhel7Stig239Production
The twoservers do not mount any NFS volumes. The SWCs have two mounts to server 1. We'll have to see if this causes any heartburn when it's enabled on the SWCs.
NEW - 2019-09-20 - 13:04 by JimJacobs
Rhel7Stig238Production
None of the hosts are currently doing any packet forwarding. On the old cluster the firewall had to be modified to allow packet forwarding to support some of the ...
NEW - 2019-09-20 - 12:58 by JimJacobs
Rhel7Stig237Production
Xwindows is used for remote administration purposes on server 1 and server 2. It is not installed on the SWCs.
NEW - 2019-09-20 - 12:55 by JimJacobs
Rhel7Stig236Production
The tftp server package is not installed on the SWCs. On the two servers, the service file is located in /etc/systemd/system/tftp.service and this starts the serv...
NEW - 2019-09-20 - 12:52 by JimJacobs
Rhel7Stig234Production
The two servers need TFTP server functionality to support diskless bootup. The daemon is invoked with a root, /opt/services/tftpboot, which limits its scope. The ...
NEW - 2019-09-19 - 15:58 by JimJacobs
Rhel7Stig216Production
Set it to 500 on the servers and at the 1000 limit on the SWCs as I'm worried that there might be a lot of traffic on them.
NEW - 2019-09-19 - 15:01 by JimJacobs
Rhel7Stig215Production
We'll need to tunnel back to the NRAO to get a clock sync. The SWCs will get their time from server 1.
NEW - 2019-09-19 - 14:57 by JimJacobs
Rhel7Stig204Production
Apply this one last since it'll make setup a lot harder.
NEW - 2019-09-18 - 18:42 by JimJacobs
Rhel7Stig190Production
FIPS stuff is on hold right now.
NEW - 2019-09-18 - 17:08 by JimJacobs
Rhel7Stig189Production
This rule should be revisited as part of firewall setup.
NEW - 2019-09-17 - 17:02 by JimJacobs
Rhel7Stig187Production
The servers provide SMTP service but act as relays so that alarm messages from within the cluster can propagate outside of the cluster to system administrators, e...
NEW - 2019-09-17 - 17:00 by JimJacobs
Rhel7Stig186Production
The two servers do allow remote messages over TCP. This allows them to capture syslog messages from the SWCs and other devices on the system. Thus they serve as l...
NEW - 2019-09-17 - 16:59 by JimJacobs
Rhel7Stig127Production
The config files for audit have changed since the STIG. They are now located in /etc/audit/rules.d though I think they're actually "compiled" into /etc/audit/audi...
NEW - 2019-09-17 - 15:12 by JimJacobs
Rhel7Stig115Production
Auditting is enabled on the systems and will be tweaked per STIG specs about coverage. The system must have high availability, so having a doomsday switch on audi...
NEW - 2019-09-17 - 14:15 by JimJacobs
Rhel7Stig112Production
There are a couple of other grub.cfg files located under /opt. These are served up to the diskless systems and are not part of the boot process for the server's t...
NEW - 2019-09-16 - 18:47 by JimJacobs
Rhel7Stig111Production
This appears to be related to FIPS installation, which we're skipping for the time being.
NEW - 2019-09-16 - 18:36 by JimJacobs
Rhel7Stig108Production
As soon as we do this one we'll lose the ability to use Radius to the switches, etc. Let's hold off for now.
NEW - 2019-09-16 - 17:13 by JimJacobs
Rhel7Stig105Production
The hard drives on the servers have a separate partition for /var. I'm not sure that this rule applies to the diskless systems since they have no disks.
NEW - 2019-09-16 - 17:02 by JimJacobs
Rhel7Stig057Production
The aide program is installed on server {1,2} and the swc diskless image. Cron should run it once a day on the servers. An email message will go out to usno admin...
NEW - 2019-09-12 - 16:44 by JimJacobs
Rhel7Stig056Production
This rule is moot if McAfee is installed and active; otherwise SELinux needs to be enabled and then configured appropriately.
NEW - 2019-09-12 - 14:54 by JimJacobs
Rhel7Stig052Production
Mandatory multifactor authentication is likely to be problematic for the cluster both for administration and DiFX usage because both actions require easy login to...
NEW - 2019-09-12 - 14:34 by JimJacobs
Rhel7Stig051Production
Applying this rule will end up requiring console access to complete a reboot which is not appropriate for either a cluster and for a remotely administrated system...
NEW - 2019-09-12 - 13:41 by JimJacobs
Rhel7Stig040Production
Made mod using polkit scheme to allow passwordless reboot on the swcs creating /etc/polkit 1/rules.d/51 wheel.rules.
NEW - 2019-09-11 - 19:19 by JimJacobs
Rhel7Stig038Production
This rule appears to need application hwover, the instructions are such that I'm not sure exactly what should be done.
NEW - 2019-09-11 - 18:23 by JimJacobs
Rhel7Stig002Production
Server 1 only had config file mods as expected. Server 2 has a mods to /etc/NetworkManager/dispatcher.d/20 chrony; I think a system update did this? The SWCs have...
NEW - 2019-09-11 - 13:31 by JimJacobs
CHTCSiteVisit
Wiki page to track August 26/27 CHTC site visit to NRAO Date: August 26 27 2019 Locations: SO Auditorium, CV Auditorium(Monday) and ER 245 (Tuesday) Connection In...
r32 - 2019-08-27 - 17:21 by KScottRowe
UsnoRhel7Stig2ChecklistItemState
WARNING! THIS TOPIC IS GENERATED BY System.ChecklistPlugin PLUGIN. DO NOT EDIT THIS TOPIC (except table data)! Back to the checklist topic UsnoRhel7Stig2. *conte...
r19 - 2019-08-02 - 15:10 by JimJacobs
Rhel7Stig245
System is not currently using the sssd functionality.
NEW - 2019-08-01 - 16:36 by JimJacobs
Rhel7Stig241
This is on hold until the firewall is configured.
NEW - 2019-08-01 - 16:29 by JimJacobs
Rhel7Stig239
Server 1 only nfs mounts usno serv 1. This mount should be removed after the system is read to be put into production.
NEW - 2019-08-01 - 16:24 by JimJacobs
Rhel7Stig237
The x windows server is installed and is need to allow remote administration of the system. This needs to be in the ISSO document.
NEW - 2019-08-01 - 16:20 by JimJacobs
Rhel7Stig236
The commands provided are not appropriate for this system given it's version of RHEL 7.6. Use systemctl status tftp l to see that the tftp daemon is started in a...
NEW - 2019-08-01 - 16:19 by JimJacobs
Rhel7Stig234
Server 1 has tftpd installed and it's used for booting of the diskless hosts (swc xxx). It is set up to only transfer files located below /opt/services/tftpboot. ...
NEW - 2019-08-01 - 16:15 by JimJacobs
Rhel7Stig232
I believe that postfix on server 1 is configured to only relay messages from hosts on 10.1.36.* but it's not using, nor does it even show, the parameter described...
NEW - 2019-08-01 - 16:12 by JimJacobs
Rhel7Stig221
Need to better understand this one.
NEW - 2019-07-31 - 18:38 by JimJacobs
Rhel7Stig217
Activate firewall once stability is achieved.
NEW - 2019-07-31 - 18:34 by JimJacobs
Rhel7Stig215
This rule is tied tightly to NTP whereas RHEL is using chrony. This will take some research, probably. Also we'llhave to find a direct, acceptable official clock ...
NEW - 2019-07-31 - 18:28 by JimJacobs
Rhel7Stig204
Wait until stability.
NEW - 2019-07-31 - 18:15 by JimJacobs
Rhel7Stig201
Wait for stability.
NEW - 2019-07-31 - 18:06 by JimJacobs
Rhel7Stig199
Implement after stability reached.
NEW - 2019-07-31 - 18:04 by JimJacobs
Rhel7Stig192
Do this one last as its annoying during development.
NEW - 2019-07-31 - 15:01 by JimJacobs
Rhel7Stig191
This one terminates network sessions after 10 minutes of inactivity. Leave this until things are stable.
NEW - 2019-07-31 - 15:00 by JimJacobs
Rhel7Stig189
This is about setting up the firewall. It can wait a little bit yet.
NEW - 2019-07-31 - 14:54 by JimJacobs
Rhel7Stig187
There is no expectation that users will receive mail on server 1. It serves as a way to forward mail off of the cluster (e.g., sending notifications back to the s...
NEW - 2019-07-31 - 13:54 by JimJacobs
Rhel7Stig186
Need to "document" that server 1 aggregates logs for the other hosts in the cluster.
NEW - 2019-07-31 - 13:52 by JimJacobs
Rhel7Stig127
DId cp /usr/share/doc/audit 2.8.4/rules/30 stig.rules stig.rules= to put these rules into /etc/audit/rules.d. Then restarted service using service auditd restart....
NEW - 2019-07-31 - 13:22 by JimJacobs
Rhel7Stig120
This can be done but we'll have to find a place to upload them to. Maybe an NRAO site?
NEW - 2019-07-31 - 13:13 by JimJacobs
Rhel7Stig118
See note for RHEL 07 030210.
NEW - 2019-07-31 - 11:47 by JimJacobs
Rhel7Stig116
This requirement seems to be aimed at sending audit messages off the machine. However, server 1 doesn't really have anywhere to send them. This feature is more ap...
NEW - 2019-07-31 - 11:46 by JimJacobs
Rhel7Stig115
The requirement for high availability will need to be documented and some sort of notification upon audit failure will have to be configured.
NEW - 2019-07-31 - 11:43 by JimJacobs
Rhel7Stig113
Removed the installed telnet server package.
NEW - 2019-07-30 - 11:30 by JimJacobs
Rhel7Stig108
This one works pretty much as the directions describe. I suggest copying the linux image (vmlinuz...) and the ram disk image (initramfs...) and /boot/efi/EFI/redh...
r2 - 2019-07-30 - 11:30 by JimJacobs
Rhel7Stig089
Better first search is find / xdev perm 002 type f perm /111 exec ls ld {} \; more since this will only return executable files that are world writable.
r2 - 2019-07-30 - 11:25 by JimJacobs
Rhel7Stig112
Looks like there is no entry to boot from removable media.
NEW - 2019-07-29 - 18:16 by JimJacobs
Rhel7Stig111
Most rules had sha256 already. Changed them to sha512.
NEW - 2019-07-29 - 17:49 by JimJacobs
Rhel7Stig110
It appears that xattr status is given to most of the watched files.
NEW - 2019-07-29 - 17:47 by JimJacobs
Rhel7Stig109
Installed the aide package and looked at its config file. It appears to have "acl" in most of its rules.
NEW - 2019-07-29 - 17:40 by JimJacobs
Rhel7Stig107
Either /tmp has to be mounted in its own partition or it has to be a memory resident beastie(?).
NEW - 2019-07-26 - 18:17 by JimJacobs
Rhel7Stig105
They want the /var to be in a separate filesystem (i.e. partition). Argh!
NEW - 2019-07-26 - 18:14 by JimJacobs
Rhel7Stig097
Made entry in /etc/fstab: tmpfs /dev/shm tmpfs defaults,rw,nosuid,nodev,noexec 0 0.
NEW - 2019-07-26 - 18:08 by JimJacobs
Rhel7Stig095
It is mounted outside of /etc/fstab but has nodev option.
NEW - 2019-07-26 - 17:21 by JimJacobs
Rhel7Stig094
No problem on server * but the swcs will require documented necessity.
NEW - 2019-07-26 - 17:18 by JimJacobs
Rhel7Stig090
Revisit after enabling selinux.
NEW - 2019-07-26 - 17:09 by JimJacobs
Rhel7Stig084
The checking logic provided seems to prevent any file sharing except by group which is not really consistent with the collaborative nature of this system's usage....
NEW - 2019-07-26 - 16:49 by JimJacobs
Rhel7Stig055
This appears to require that a MacAfee HBSS package be installed.
r2 - 2019-07-19 - 18:47 by JimJacobs
Rhel7Stig031
Edited /etc/login.defs and set PASS_MAX_DAYS to 60
r2 - 2019-07-19 - 11:53 by JimJacobs
Rhel7Stig029
Edited /etc/login.defs and set PASS_MIN_DAYS 1.
r2 - 2019-07-19 - 11:53 by JimJacobs
Rhel7Stig064
Edited /etc/yum.conf and added line "clean_requirements_on_remove=1".
NEW - 2019-07-18 - 17:38 by JimJacobs
Rhel7Stig063
The autofs service is currently disabled.
NEW - 2019-07-18 - 17:36 by JimJacobs
Rhel7Stig056
This is a configuration issue for SE Linux; defer until SE Linux issue is addressed.
NEW - 2019-07-18 - 17:33 by JimJacobs
Rhel7Stig053
The rsh server package is not installed.
NEW - 2019-07-18 - 17:29 by JimJacobs
Rhel7Stig052
Smartcard support is required for this. Not sure, yet, how to handle this.
NEW - 2019-07-18 - 17:27 by JimJacobs
Rhel7Stig050
Save this one until system is stable.
NEW - 2019-07-18 - 17:25 by JimJacobs
Rhel7Stig049
The systems are booting under UEFI so this rule does not apply.
NEW - 2019-07-18 - 17:21 by JimJacobs
Rhel7Stig048
System comes this way it appears.
NEW - 2019-07-18 - 17:20 by JimJacobs
Rhel7Stig047
This system is RHEL 7.6 and thus this rule is not applicable.
NEW - 2019-07-18 - 17:19 by JimJacobs
Rhel7Stig046
Edited /etc/ssh/sshd_config and uncommented "HostbasedAuthentication no". This was probably the default, but...
NEW - 2019-07-18 - 17:17 by JimJacobs
Rhel7Stig044
The gdm package is not installed.
NEW - 2019-07-18 - 16:12 by JimJacobs
Rhel7Stig043
The gdm package is not installed.
NEW - 2019-07-18 - 16:11 by JimJacobs
Rhel7Stig042
Edited /etc/login.defs and added line "FAIL_DELAY 4".
NEW - 2019-07-18 - 16:09 by JimJacobs
Rhel7Stig040
No account is given password free sudo.
NEW - 2019-07-18 - 16:06 by JimJacobs
Rhel7Stig039
Do this one at the last moment to keep usage reasonable.
NEW - 2019-07-18 - 16:03 by JimJacobs
Rhel7Stig038
Do this awful thing at the last moment.
NEW - 2019-07-18 - 15:56 by JimJacobs
Rhel7Stig037
Edited /etc/default/useradd setting "INACTIVE=0".
NEW - 2019-07-18 - 12:51 by JimJacobs
Rhel7Stig036
Edited /etc/ssh/sshd_config to uncomment "PermitEmptyPasswords no". This was already the default setting, but need to make autior happy : (.
NEW - 2019-07-18 - 12:49 by JimJacobs
Rhel7Stig035
Rule's query came back without anything of interest.
NEW - 2019-07-18 - 12:36 by JimJacobs
Rhel7Stig034
In /etc/security/pwquality.conf set minlen to 15.
NEW - 2019-07-18 - 12:34 by JimJacobs
Rhel7Stig033
Added line "password requisite pam_pwhistory.so use_authtok remember=5 retry=3" to /etc/pam.d/{system auth,password auth} as directed in rule.
NEW - 2019-07-18 - 12:33 by JimJacobs
Rhel7Stig032
Using "chage M 60 theUser" on pch,ajs,oper,difxmgr to meet this requirement.
NEW - 2019-07-18 - 12:28 by JimJacobs
Rhel7Stig030
Changed password aging for pch, ajs, difxmgr and oper accouts so that they are 1 rather than zero.
NEW - 2019-07-18 - 12:20 by JimJacobs
Rhel7Stig028
Performed query and got expected results.
NEW - 2019-07-18 - 12:12 by JimJacobs
Rhel7Stig027
Executing rule's grep command shows the expected result.
NEW - 2019-07-18 - 12:10 by JimJacobs
Rhel7Stig026
Verified that only sha512 hashes are allowed using the rule's command.
NEW - 2019-07-18 - 12:09 by JimJacobs
Rhel7Stig025
Set maxlassrepeat = 4 in /etc/security/pwquality.conf.
NEW - 2019-07-18 - 12:04 by JimJacobs
Rhel7Stig024
Set maxrepeat to 3 in /etc/security/pwquality.conf.
NEW - 2019-07-18 - 12:02 by JimJacobs
Rhel7Stig023
Set minclass = 4 in /etc/security/pwquality.conf.
NEW - 2019-07-18 - 12:00 by JimJacobs
Rhel7Stig022
In /etc/security/pwquality.conf set difok to 8.
NEW - 2019-07-18 - 11:57 by JimJacobs
Rhel7Stig021
Edited /etc/security/pwquality.conf setting ocredit to 1.
NEW - 2019-07-17 - 18:51 by JimJacobs
Rhel7Stig017
Doing cat /etc/pam.d/system auth pipe grep pam_pwquality returns password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type as ...
NEW - 2019-07-17 - 18:50 by JimJacobs
Rhel7Stig016
Rule command returns "password substack system auth" as required.
NEW - 2019-07-17 - 18:49 by JimJacobs
Rhel7Stig020
Edited /etc/security/pwquality.conf and set dcredit to 1 to require at least one digit character.
NEW - 2019-07-17 - 18:39 by JimJacobs
Rhel7Stig019
Edited /etc/security/pwquality.conf and set lcredit to 1 to require at least one uppercase character.
NEW - 2019-07-17 - 18:39 by JimJacobs
Rhel7Stig018
Edited /etc/security/pwquality.conf and set ucredit to 1 to require at least one uppercase character.
NEW - 2019-07-17 - 18:38 by JimJacobs
Rhel7Stig015
Implied by 010081.
NEW - 2019-07-17 - 18:22 by JimJacobs
Rhel7Stig014
The setting org.gnome.desktop.screensaver idle activation enable is deprecated and ignored according to =gsettings".
NEW - 2019-07-17 - 18:20 by JimJacobs
Rhel7Stig012
Doing yum list installed screen shows that this packages is installed.
NEW - 2019-07-17 - 18:18 by JimJacobs
Rhel7Stig011
Implied by rule 010070.
NEW - 2019-07-17 - 18:16 by JimJacobs
Rhel7Stig010
Doing gsettings get org.gnome.desktop.screensaver lock delay returns zero which means that the screen is locked when the sceensaver activates.
NEW - 2019-07-17 - 18:14 by JimJacobs
Rhel7Stig009
Performed gsettings set org.gnome.desktop.session idle delay 900 to apply the 15 minute idle setting.
NEW - 2019-07-17 - 18:09 by JimJacobs
Rhel7Stig008
This appears to require the same actions as rule 010060 and meeting that one (which is the case) implies meeting this one.
NEW - 2019-07-17 - 18:05 by JimJacobs
Rhel7Stig006
This is the default setting which can be demonstrated by doing gsettings get org.gnome.desktop.screensaver lock enabled which returns "true"
NEW - 2019-07-17 - 17:30 by JimJacobs
Rhel7Stig001
Waiting until the system installation has solidified.
r2 - 2019-07-17 - 17:23 by JimJacobs
Rhel7Stig005
Gross boiler plate so add this at the end before cloning.
NEW - 2019-07-17 - 17:13 by JimJacobs
Rhel7Stig004
Gross boiler plate so add this at the end before cloning.
NEW - 2019-07-17 - 17:12 by JimJacobs
Rhel7Stig003
Gross boiler plate so add this at the end before cloning.
r2 - 2019-07-17 - 17:12 by JimJacobs
Rhel7Stig002
none
NEW - 2019-07-17 - 16:46 by JimJacobs
WebStatistics
Statistics for HPC Web Month: Topic views: Topic saves: File uploads: Most popular topic views: Top contributors for topic save and uploads: ...
r7 - 2019-05-20 - 11:25 by AdminUser
CatchAndRelease
Catch and Release %TWISTY{ showlink="Show TOC" hidelink="Hide TOC" showimgright="" hideimgright="" }% TL;DR remove an OST from a pool on CV lustr...
r12 - 2019-04-12 - 10:16 by CjAllen
UsnoDifxEnvSensor
Environment Monitor The environment monitor is positioned to read the temperature and humidity via a sensor mounted above the rack containing the correlator nodes...
NEW - 2019-02-04 - 13:44 by JimJacobs
UsnoA7050Interfaces
usno a7050 show interfaces Ethernet1 is up, line protocol is up (connected) Hardware is Ethernet, address is 001c.7318.2adb (bia 001c.7318.2adb) Description: ...
NEW - 2019-01-30 - 17:23 by JimJacobs
ALMABenchmarking
Points of Contact ALMA Science Tony Remijan aremijan@ ALMA Systems Mike Hatz mhatz@ Background This page establishes a set of benchmarks that can be used...
r39 - 2018-12-11 - 21:42 by JamesRobnett
UsnoDifxOperatingSystem2
Correlator Operating System The all the computing hardware will be running a version of RHEL 7.x. Because of security issues, the installed version will track th...
NEW - 2018-12-11 - 16:28 by JimJacobs
HPCSupport
GBO / LBO / JAO / NRAO HPC (High Performance Computing) Support Wiki Introduction This wiki is to track open tasks and to collect detailed logs for HPC relate...
r27 - 2018-10-22 - 10:37 by MikeHatz
WebHome
This is a wiki home for high performance computing at the NRAO. The area is still undergoing organizational changes but content in the Categories section is eith...
r23 - 2018-10-16 - 12:40 by MikeHatz
UsnoDifxNagios
Nagios We install service software in /opt/services instead of the normal location. This seperates it from the OS install and allows us to re install and/or upgr...
r25 - 2018-04-17 - 13:11 by MarkWainright
UsnoVNC
Connecting to the USNO Using VNC * Login to usno serv 1 ext and start VNC ssh admin@usno serv 1 ext vncserver * Start VNC on local machine vncviewer via a...
r2 - 2018-04-17 - 11:27 by MarkWainright
UsnoSshUser
Creating a new SSH user Access to the cluster from the outside is only permitted using ssh with a public key. This page describes how to add a new account as wel...
NEW - 2017-08-09 - 15:40 by JimJacobs
AutomateLustreClientBuild
Thoughts on automating Lustre Client module builds. * Keep a copy of the current lustre package under /opt/services/lustre client on usno serv 1t. (Had to inst...
r2 - 2017-07-13 - 18:20 by JimJacobs
SmileyTestChecklistItemState
WARNING! THIS TOPIC IS GENERATED BY System.ChecklistPlugin PLUGIN. DO NOT EDIT THIS TOPIC (except table data)! Back to the checklist topic SmileyTest. context ...
NEW - 2017-05-23 - 14:58 by JimJacobs
SmileyTest
Main.JimJacobs 2017 05 23 Checkbox
NEW - 2017-05-23 - 14:55 by JimJacobs
CheckboxTest
Title One Two Main.JimJacobs 2017 05 15
NEW - 2017-05-15 - 18:53 by JimJacobs
CheckboxTestChecklistItemState
WARNING! THIS TOPIC IS GENERATED BY System.ChecklistPlugin PLUGIN. DO NOT EDIT THIS TOPIC (except table data)! Back to the checklist topic CheckboxTest. *context...
NEW - 2017-05-15 - 18:49 by JimJacobs
HeraLibrarian
HERA Librarian software Instructions on configuring the hardware can be found at https://staff.nrao.edu/wiki/bin/view/CIS/Documentation/Herastore01 Installation...
r2 - 2017-04-25 - 11:22 by KScottRowe
HERA
HERA * HeraLibrarian
NEW - 2017-04-24 - 10:26 by KScottRowe
FidindirectActivity
Summary of NAASC Lustre FID in direct Activation Activity This page provides a summary of the activity conducted at NAASC on Fri/Sat April 21/22, 2017. %TWISTY{ ...
NEW - 2017-04-24 - 09:55 by JessicaOtey
UsnoDifxMegaRAID
LSI MegaRAID Install The MegaRAID software installs /usr/local but we actually want it in /opt/services. So we make a symlink. $ To install the software, be...
r5 - 2017-03-23 - 15:31 by KScottRowe
UsnoNodeBootMechanism
Node Boot Mechanism Configure BIOS $ Disable Hyper Threading: Hyper Threading is a very cheap trick to simulate dual CPUs. All it does is create a second ent...
r5 - 2017-03-13 - 13:08 by KScottRowe
UsnoDifxDHCP
DHCP Install DHCP Retrieve DHCP from http://isc.org/products/DHCP/ The latest release as of2012 06 26is DHCP 4.2.4. Looks like they still can't write a good mak...
r17 - 2017-03-13 - 13:01 by KScottRowe
LustreRoundRobin
File distribution across OSTs (Applies to Lustre 2.5.3) %TWISTY{ showlink="Show TOC" hidelink="Hide TOC" showimgright="" hideimgright="" }% # The...
r6 - 2017-03-13 - 12:00 by JessicaOtey
LustreBugABoo
Tracking Lustre Bugs %TWISTY{ showlink="Show TOC" hidelink="Hide TOC" showimgright="" hideimgright="" }% # A table of bugs we care about Link ...
r6 - 2017-03-02 - 11:23 by JessicaOtey
HPC20170301
HPC Meeting: 2017/03/01 Participants * NRAO: * David Halstead * Jessica Ottey * Patrick Murphy * Mike Hatz * James Robnett * ...
NEW - 2017-03-01 - 13:47 by MaxsSimmonds
HPCMeetings
Meetings * HPC: 2017/03/01
NEW - 2017-03-01 - 13:46 by MaxsSimmonds
LustreLessons
%TWISTY{ showlink="Show TOC" hidelink="Hide TOC" showimgright="" hideimgright="" }% # Key points * Lustre clients require lustre modules, while M...
r2 - 2017-03-01 - 09:55 by JessicaOtey
NaascLustreUpgradeToaster
Naasc Lustre Upgrade 'Toaster' Notes %TWISTY{ showlink="Show TOC" hidelink="Hide TOC" showimgright="" hideimgright="" }% # What is the toaster? ...
r6 - 2017-01-28 - 11:57 by MikeHatz
UsnoDifxInstallation
Installing DiFX Quick help To get usage instructions: difxbuild h To get in line documentation printed to your terminal: difxbuild d Introduction This DiFX in...
r19 - 2017-01-13 - 15:23 by MarkWainright
CasaParallelTaskList
CASA Parallelization Task List Item No. System Element Description Status Prerequisites People Target Cycle Notes 1 Environment Management ...
r12 - 2017-01-12 - 10:53 by SandraCastro
NagiosOstFullness
Using Nagios to monitor OST capacity %TWISTY{ showlink="Show TOC" hidelink="Hide TOC" showimgright="" hideimgright="" }% # How to use this plugin...
r2 - 2016-12-30 - 10:35 by JessicaOtey
AnsibledOssBuild
Building an OST using Ansible (Lustre 2.x) %TWISTY{ showlink="Show TOC" hidelink="Hide TOC" showimgright="" hideimgright="" }% # Editing the temp...
r3 - 2016-12-15 - 13:37 by JessicaOtey
JAOpostClientesGotKERNELPANIC
Hi all, SInce last Wednesday (2016 12 07) we at jao started having reports of some jaopost client machines (around 10 in 4 days) that got frozen during Pipeline R...
NEW - 2016-12-12 - 10:03 by BernardoMalet
HPCTroubleshootingRequests
When you log a troubleshooting request, please remember to include relevant logs: 1 MDS log as an attachment 1 OSS log(s) as an attachment 1 Client log(s...
r8 - 2016-12-12 - 09:59 by BernardoMalet
JaoFailedExecutionRepeat
In NRAO RHEL 6.5 image. Execute: /opt/sacm/bin/calPipeIF mous=uid://A001/X2d8/X367 Repeatedly fails with: /usr/bin/xvfb run: line 166: 42615 Segmentation fault ...
NEW - 2016-12-08 - 15:39 by MaxsSimmonds
NAASC_Lustre_2016-11-22
Description NAASC MDS freezes due to being out of memory. More RAM is installed taking it from 12 GB to 48 GB. On a subsequent reboot, the MDS cannot mount the M...
NEW - 2016-11-22 - 22:44 by MikeHatz
64GBPipeline-20161031
Description Some CASA Pipeline jobs do not complete successfully at JAO on 64 GB cluster machines, but do on machines with more memory at JAO and the NAASC. This ...
r2 - 2016-11-08 - 09:59 by MaxsSimmonds
JAOPOST020-20161103
Description Phone call from Maxs stating they were having problems with JAOPOST020 not being able to run CASA when connected to sciops lustre. Who JAO Maxs Sim...
NEW - 2016-11-04 - 00:00 by MikeHatz
Number of topics: 200
Page 1 of 3 Next >
See also:
RSS feed, recent changes with 50, 100, 200, 500, 1000 topics, all changes Edit | Attach | Print version | History: r3 < r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r3 - 2009-10-19, CarolynWhite
- Webs
-
ALMA
- NAASC
- SCIIPT
- CDL
- CICADA
- Ccs
- Littlethings
- Cville
- DSAA
- EVLA
- FASR
- GB
- Computing
- Data
- Dynamic
- Electronics
- Gbtpipeline
- Knowledge
- Mechanical
- Observing
- WbandVLBACal
- Obsreports
- Operate
- PTCS
- OOF
- ServoImprovementsHome
- ServoSiteAcceptTestProcs
- Pennarray
- Projects
- Recreation
- Scicenter
- Skynet
- Software
- CLEO
- StaffEvents
- TACTool
- HPC
- JVLA
- KPAF
- Library
- Main
- Metrics
- NGVLA
- NM
- Computing
- Electronics
- OSAA
- OSX
- SRDP
- Software
- Algorithms
- CASA
- Splat
- System
- VLBA
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding NRAO Public Wiki? Send feedback