Keres
From Federal Burro of Information
Overview
This machine has put Athena out of service.
- AMD
- centos 7
Hardware
Mother board: E45M1 - I Deluxe - Mobo - from Martin McCourt - what a guy.
Key Devices:
00:11.0 SATA controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 SATA Controller [AHCI mode] (rev 40) 02:00.0 Network controller: Qualcomm Atheros AR9285 Wireless Network Adapter (PCI-Express) (rev 01) 03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 06)
Services / Apps
- wiki
- smokeping https://www.quadratic.net/cgi-bin/smokeping.cgi
ID
users
david 1001 ashley 1002 webcam 1003
groups
users 100
removed splunk
Todo
- OS - DONE - centos 7
- firewalld - kicked out , not good logging features, so now have iptables back in and firewalld disabled.
- Wifi - none - disabled for now.
- snmp
- powertop tuning
- systemd bootchart.conf(5)
- services
Service | Software | process | status | notes |
firewall | iptables | n/a | DONE | not using firewalld due to lack of default deny log. |
web | apache | httpd | DONE | |
ntp | chrony | chronyd | DONE | |
monitoring | misc | n/a | PENDING | still looking at optins, possibly ganglia / collectd / statsd |
sql | mariadb | mysqld | DONE | and backups done. |
dns | isc bind | named | DONE | really need to try something new here. |
- web apps:
- wiki - DONE
- pagespeed - https://developers.google.com/speed/pagespeed/module - DONE
- rancid:
- rancid installed : done
- fortigate (http://thedonkeyland.com/blog/2011/07/backing-up-fortinet-fortigate-configs-with-rancid/)
- CVSROOT=/home/rancid/var/rancid/CVS
- one module: firewall ( /home/rancid/var/rancid/firewall )
- snmp
- acpi
- backups
from local disk to freenas
- wiki - done
- mysql done
- system config ( etc etc? )
Done
- nfs setup / data exported
athena -> keres data sync
time /usr/bin/rsync -avzr /etc/ /mnt/keres/data/athena/etc --stats time /usr/bin/rsync -avzr /var/bind/ /mnt/keres/data/athena/var/bind --stats
Firewall
# Generated by iptables-save v1.4.21 on Wed Feb 10 13:39:12 2016 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :DOCKER - [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p udp -m multiport --dports 67,68,8612 -j DROP -A INPUT -s 192.168.1.97/32 -d 192.168.1.98/32 -p tcp -m tcp --dport 2145 -j ACCEPT -A INPUT -s 192.168.1.28/32 -d 192.168.1.98/32 -p udp -m udp --dport 514 -j ACCEPT -A INPUT -s 192.168.1.28/32 -d 192.168.1.98/32 -p tcp -m tcp --dport 514 -j ACCEPT -A INPUT -s 192.168.1.65/32 -d 192.168.1.98/32 -p tcp -m tcp --sport 514 -j ACCEPT -A INPUT -s 74.213.172.121/32 -d 192.168.1.98/32 -p tcp -m multiport --dports 9200 -j ACCEPT -A INPUT -s 192.168.1.0/24 -d 192.168.1.98/32 -p tcp -m multiport --dports 8000,9200 -j ACCEPT -A INPUT -s 192.168.1.0/24 -d 192.168.1.98/32 -p udp -m multiport --dports 123 -j ACCEPT -A INPUT -p udp -m multiport --dports 53,5353 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m multiport --dports 22,53,80,443,3000 -j ACCEPT -A INPUT -m limit --limit 6/min -j LOG --log-prefix "INPUT " -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -o docker0 -j DOCKER -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i docker0 ! -o docker0 -j ACCEPT -A FORWARD -i docker0 -o docker0 -j ACCEPT -A FORWARD -j REJECT --reject-with icmp-host-prohibited -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -d 224.0.0.22/32 -j ACCEPT -A OUTPUT -s 192.168.1.98/32 -j ACCEPT -A OUTPUT -s 192.168.1.0/24 -p udp -m udp --dport 53 -A OUTPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 53 -A OUTPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT -A OUTPUT -m limit --limit 6/min -j LOG --log-prefix "OUTPUT " COMMIT # Completed on Wed Feb 10 13:39:12 2016 # Generated by iptables-save v1.4.21 on Wed Feb 10 13:39:12 2016 *nat :PREROUTING ACCEPT [251015:40774444] :INPUT ACCEPT [128835:9930810] :OUTPUT ACCEPT [109194:8547204] :POSTROUTING ACCEPT [109194:8547204] :DOCKER - [0:0] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE COMMIT # Completed on Wed Feb 10 13:39:12 2016
hfs plus
mac Files ystem stupport
Software outside of YUM
- mediawiki - source install.
- https://developers.google.com/speed/pagespeed/module https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_x86_64.rpm