Difference between revisions of "Roentgen"

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
Line 65: Line 65:
 
# Allow only NPG users and administrators
 
# Allow only NPG users and administrators
 
- : ALL EXCEPT tomcat4 dept staff faculty mri npg domain_admins dal testing web observatory : ALL
 
- : ALL EXCEPT tomcat4 dept staff faculty mri npg domain_admins dal testing web observatory : ALL
 +
</pre>
 +
== Backup Configuration ==
 +
=== /etc/rsync-backup.conf ===
 +
<pre># Backups are 'pull' only.  Too bad there isn't a better way to enforce this.
 +
read only      = yes
 +
 +
# Oh for the ability to retain CAP_DAC_READ_SEARCH, and no other. 
 +
uid            = root
 +
 +
# There's not much point in putting the superuser in a chroot jail
 +
# use chroot    = no
 +
 +
# This isn't really an effective "lock" per se, since the value is per-module,
 +
# but there really ought never be more than one, and it would at least
 +
# ensure serialized backups.
 +
max connections = 1
 +
 +
[var]
 +
        path    = /var
 +
        comment = user and system storage
 +
        filter  = - /lib/bind/proc
 +
 +
[srv]
 +
        path    = /srv
 +
        comment = published content
 +
 +
[usr_local]
 +
        path    = /usr/local
 +
        comment = unpackaged software
 +
 +
[opt]
 +
        path    = /opt
 +
        comment = unpackaged software
 +
 +
[etc]
 +
        path    = /etc
 +
        comment = conf files
 +
 +
[wheel]
 +
        path    = /wheel
 +
        comment = admin files
 +
        filter  =              \
 +
                : .rsync-filter \
 +
                + /            \
 +
                + /kickstart    \
 +
                + /custom      \
 +
                + /docs        \
 +
                + /gpg-pubkey  \
 +
                + /scripts      \
 +
                - /*            \
 
</pre>
 
</pre>

Revision as of 15:30, 18 July 2007

General Information

Roentgen is the old physics server, which now hosts this wiki.

Hostnames: roentgen.unh.edu, roentgen.farm.physics.unh.edu
Alias: physics.farm.physics.unh.edu

Network Configuration

Currently has ethernet cable to switch for local (farm) connection, and an ethernet cable to the wall for unh connection.

/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
HWADDR=00:E0:81:21:7D:B4
ONBOOT=yes
BOOTPROTO=static
IPADDR=132.177.88.61
NETMASK=255.255.252.0
GATEWAY=132.177.88.1

/etc/sysconfig/network-scripts/ifcfg-eth0:1

# Please read /usr/share/doc/initscripts-*/sysconfig.txt
# for the documentation of these parameters.
TYPE=Ethernet
IPADDR=132.177.91.234
DEVICE=eth0:1
BOOTPROTO=none
NETMASK=255.255.252.0
ONPARENT=yes
USERCTL=no
PEERDNS=yes

/etc/sysconfig/network-scripts/ifcfg-eth0:2

# Please read /usr/share/doc/initscripts-*/sysconfig.txt
# for the documentation of these parameters.
TYPE=Ethernet
IPADDR=132.177.88.130
DEVICE=eth0:2
BOOTPROTO=none
NETMASK=255.255.252.0
ONPARENT=yes
USERCTL=no
PEERDNS=yes

/etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1
HWADDR=00:E0:81:21:7D:B5
ONBOOT=yes
BOOTPROTO=static
IPADDR=10.0.0.249
NETMASK=255.255.255.0

/etc/sysconfig/network-scripts/ifcfg-lo

DEVICE=lo
IPADDR=127.0.0.1
NETMASK=255.0.0.0
NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback

Access Configuration

/etc/security/access.conf

# Allow direct root logins only from console and einstein
+ : root : LOCAL einstein.unh.edu lentil.unh.edu einstein.farm.physics.unh.edu lentil.farm.physics.unh.edu ennui.unh.edu

# Allow su to cyrus mail server account
+ : cyrus : LOCAL

# Allow only NPG users and administrators
- : ALL EXCEPT tomcat4 dept staff faculty mri npg domain_admins dal testing web observatory : ALL

Backup Configuration

/etc/rsync-backup.conf

# Backups are 'pull' only.  Too bad there isn't a better way to enforce this.
read only       = yes

# Oh for the ability to retain CAP_DAC_READ_SEARCH, and no other.  
uid             = root

# There's not much point in putting the superuser in a chroot jail
# use chroot    = no

# This isn't really an effective "lock" per se, since the value is per-module,
# but there really ought never be more than one, and it would at least 
# ensure serialized backups.
max connections = 1

[var]
        path    = /var
        comment = user and system storage
        filter  = - /lib/bind/proc

[srv]
        path    = /srv
        comment = published content

[usr_local]
        path    = /usr/local
        comment = unpackaged software

[opt]
        path    = /opt
        comment = unpackaged software

[etc]
        path    = /etc
        comment = conf files

[wheel]
        path    = /wheel
        comment = admin files
        filter  =               \
                : .rsync-filter \
                + /             \
                + /kickstart    \
                + /custom       \
                + /docs         \
                + /gpg-pubkey   \
                + /scripts      \
                - /*            \
Retrieved from "https://nuclear.unh.edu/wiki/index.php?title=Roentgen&oldid=2281"