= System admin for the BRICCS infrastructure = BRICCS page in the RCS wiki : https://rcs-manage-1.star.le.ac.uk/wiki/index.php5/BRICCS A list of the systems we have available, and what software they are running. == Hospital systems == On the hospital side, the machines are created within the UHL server facility managed by IM&T. We currently have four VMs, visible only from within the hospital environment. Mail: System needs to be able to manage local and outgoing mail. 'smarthost' used for everything else: smtp.xuhl-tr.nhs.uk ClamAV: Put the following in cron.weekly and chmod 755: clamscan -ri --exclude-dir=^/sys\|^/proc\|^/dev / | mail -s "ClamAV Scan Results for `date +%D`" email@email.domain All UHL machines need to be able to access the internet for updates, etc. For this they need to be 'allowed by rule' through the BlueCoat firewall. This is arranged by UHL IM&T (Geoff Harrison) === briccs === * Hostname : briccs.xuhl-tr.nhs.uk * Location : UHL 10.156.254.207 * Subnet - 255.255.255.128, Gateway - 10.156.254.129 * DNS - UHLAD13 (10.147.126.165) and UHLAD14 (10.147.126.166) * Hardware : Virtual machine * Software : Ubuntu 9.10 * Packages: sun-java6-bin sun-java6-jdk maven2 perl openssl apache2 php webmin.deb build-essential clamav * Services * [[Onyx]] and dependencies, including the pmi lookup * webmin to port 10000 (HTTPS) * byobu for multiple terminals if desired * Printing: cups on app01. Configure using web interface, but when in normal mode comment out the Listen 10.156.254.207 line from the /etc/cups/cupsd.conf - currently only user in lpadmin group is nick. Printer configured as 'TMF-HP' for use in Onyx. === briccsdb === * Hostname : briccsdb.xuhl-tr.nhs.uk * Location : UHL 10.156.254.206 * Subnet - 255.255.255.128, Gateway - 10.156.254.129 * DNS - UHLAD13 (10.147.126.165) and UHLAD14 (10.147.126.166) * Hardware : Virtual machine * Software : Ubuntu 9.10 * Packages: phpmyadmin mysql perl openssl webmin.deb build-essential clamav * Services * MySQL database for [[Onyx]] * phpmyadmin at /phpmyadmin/ * webmin to port 10000 (HTTPS) * byobu for multiple terminals if desired === briccsdev === * Hostname : uhlbriccsdev.xuhl-tr.nhs.uk * Location : UHL 10.147.126.57 * Subnet - 255.255.255.128, Gateway - 10.147.126.1 * DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166 * Hardware : Virtual machine * Software : Ubuntu 10.04 * Packages: phpmyadmin mysql perl openssl webmin.deb build-essential clamav * Services * OnyxTestSystem and dependencies, including the test pmi lookup === briccsdbdev === * Hostname : uhlbriccsdbdev.xuhl-tr.nhs.uk * Location : UHL 10.147.126.56 * Subnet - 255.255.255.128, Gateway - 10.147.126.1 * DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166 * Hardware : Virtual machine * Software : Ubuntu 10.04 * Packages: phpmyadmin mysql perl openssl webmin.deb build-essential clamav * Services * MySQL database for OnyxTestSystem == University systems == On the University side, the systems are provided by RCS. === briccs-1 === * Hostname : briccs-1.rcs.le.ac.uk * Location : RCS * Hardware : ? * Software : OpenSuse * Services * Host VirtualBox system for sandbox VMs * ex-Live deployment of BriccsLabelsWebapp (not used) * ex-Test deployment of CaTissue (not used) * Accessing the VirtualBox GUI Control Panel: ssh -X briccs-1.rcs.le.ac.uk[[BR]] nrh11@briccs-1:~> echo $DISPLAY[[BR]] localhost:13.1 [[BR]] nrh11@briccs-1:~> sudo su -[[BR]] nrh11's password:[[BR]] briccs-1:~ # export DISPLAY=localhost:13.1 [[BR]] briccs-1:~ # xauth merge ~nrh11/.Xauthority [[BR]] briccs-1:~ # VirtualBox[[BR]] * VMs currently provisioned: > briccs-4.rcs.le.ac.uk 02:01:8F:D2:AA:8C 143.210.170.140[[BR]] > briccs-5.rcs.le.ac.uk 02:01:8F:D2:AA:8D 143.210.170.141[[BR]] > briccs-6.rcs.le.ac.uk 02:01:8F:D2:AA:8E 143.210.170.142[[BR]] > briccs-7.rcs.le.ac.uk 02:01:8F:D2:AA:8F 143.210.170.143[[BR]] Settings IP mask : 255.255.255.0 Gateway : 143.210.170.1 DNS one : 143.210.12.152 DNS two : 143.210.12.154 VBoxManage man page: http://www.virtualbox.org/manual/ch08.html === briccs-2 === * Hostname : briccs-2.rcs.le.ac.uk * Location : RCS * Hardware : VirtualBox virtual machine * Software : OpenSuse * Services * Subversion (svn) repository === briccs-3 === * Hostname : briccs-3.rcs.le.ac.uk * Location : RCS * Hardware : VirtualBox virtual machine * Software : OpenSuse * Services * Test deployment of CaTissue (evaluation by lab staff) === VMs on briccs-1 === * The VMs on briccs-1 are transitory, however please check with the listed owner before destruction. ==== briccs-4 ==== * Hostname : briccs-4.rcs.le.ac.uk * Ownership: * Location : briccs-1 * Hardware : VirtualBox virtual machine * Software : * Services * ==== briccs-5 ==== * Hostname : briccs-5.rcs.le.ac.uk * Ownership: NRH * Location : briccs-1 * Hardware : VirtualBox virtual machine * Software : CentOS * Services * Deployment of CaTissue (testing upgrade from p5 to 1.2) ==== briccs-6 ==== * Hostname : briccs-6.rcs.le.ac.uk * Ownership: JL * Location : briccs-1 * Hardware : VirtualBox virtual machine * Software : CentOS * Services * Deployment of caTissue p5 for API client testing ==== briccs-7 ==== * Hostname : briccs-7.rcs.le.ac.uk * Ownership: * Location : briccs-1 * Hardware : VirtualBox virtual machine * Software : CentOS 5.5 (64bit) * Services * Trac system * http://trac.briccs.org.uk/ * Maven repository * http://mvn.briccs.org.uk/ * Data repository * http://data.briccs.org.uk/ === sparrow === * Hostname : sparrow.briccs.org.uk * Location : [http://www.slicehost.com/ SliceHost] * Hardware : Xen virtual machine, Quad core Opteron, 256M RAM, 10G HD * Software : CentOS 5.5 (32bit) * Services * No longer running any live services. * All services now migrated to briccs-7. * Scheduled to be shutdown once migrated services have been tested. = BRICCS Server Security = The following should be considered the standard specification for BRICCS Server Security: ClamAV: Put the following in cron.weekly and chmod 755: clamscan -ri --exclude-dir=^/sys\|^/proc\|^/dev / | mail -s "ClamAV Scan Results for `date +%D`" email@email.domain fail2ban logwatch NagiOS chkrootkit Snort What else?