wiki:SystemAdmin

Version 31 (modified by Nick Holden, 14 years ago) ( diff )

--

System admin for the BRICCS infrastructure

BRICCS page in the RCS wiki : https://rcs-manage-1.star.le.ac.uk/wiki/index.php5/BRICCS

A list of the systems we have available, and what software they are running.

Hospital systems

On the hospital side, the machines are created within the UHL server facility managed by IM&T. We currently have four VMs, visible only from within the hospital environment.

Mail: System needs to be able to manage local and outgoing mail. 'smarthost' used for everything else: smtp.xuhl-tr.nhs.uk

ClamAV: Put the following in cron.weekly and chmod 755: clamscan -ri --exclude-dir=/sys\|/proc\|/dev / | mail -s "ClamAV Scan Results for date +%D" email@…

All UHL machines need to be able to access the internet for updates, etc. For this they need to be 'allowed by rule' through the BlueCoat firewall. This is arranged by UHL IM&T (Geoff Harrison)

briccs

  • Hostname : briccs.xuhl-tr.nhs.uk
  • Location : UHL 10.156.254.207
  • Subnet - 255.255.255.128, Gateway - 10.156.254.129
  • DNS - UHLAD13 (10.147.126.165) and UHLAD14 (10.147.126.166)
  • Hardware : Virtual machine
  • Software : Ubuntu 9.10
    • Packages: sun-java6-bin sun-java6-jdk maven2 perl openssl apache2 php webmin.deb build-essential clamav
  • Services
    • Onyx and dependencies, including the pmi lookup
    • webmin to port 10000 (HTTPS)
    • byobu for multiple terminals if desired
    • Printing: cups on app01. Configure using web interface, but when in normal mode comment out the Listen 10.156.254.207 line from the /etc/cups/cupsd.conf - currently only user in lpadmin group is nick. Printer configured as 'TMF-HP' for use in Onyx.

briccsdb

  • Hostname : briccsdb.xuhl-tr.nhs.uk
  • Location : UHL 10.156.254.206
  • Subnet - 255.255.255.128, Gateway - 10.156.254.129
  • DNS - UHLAD13 (10.147.126.165) and UHLAD14 (10.147.126.166)
  • Hardware : Virtual machine
  • Software : Ubuntu 9.10
    • Packages: phpmyadmin mysql perl openssl webmin.deb build-essential clamav
  • Services
    • MySQL database for Onyx
    • phpmyadmin at /phpmyadmin/
    • webmin to port 10000 (HTTPS)
    • byobu for multiple terminals if desired

briccsdev

  • Hostname : uhlbriccsdev.xuhl-tr.nhs.uk
  • Location : UHL 10.147.126.57
  • Subnet - 255.255.255.128, Gateway - 10.147.126.1
  • DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166
  • Hardware : Virtual machine
  • Software : Ubuntu 10.04
    • Packages: phpmyadmin mysql perl openssl webmin.deb build-essential clamav
  • Services

briccsdbdev

  • Hostname : uhlbriccsdbdev.xuhl-tr.nhs.uk
  • Location : UHL 10.147.126.56
  • Subnet - 255.255.255.128, Gateway - 10.147.126.1
  • DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166
  • Hardware : Virtual machine
  • Software : Ubuntu 10.04
    • Packages: phpmyadmin mysql perl openssl webmin.deb build-essential clamav

University systems

On the University side, the systems are provided by RCS.

briccs-1

  • Hostname : briccs-1.rcs.le.ac.uk
  • Location : RCS
  • Hardware : ?
  • Software : OpenSuse

ssh -X briccs-1.rcs.le.ac.uk
nrh11@briccs-1:~> echo $DISPLAY
localhost:13.1
nrh11@briccs-1:~> sudo su -
nrh11's password:
briccs-1:~ # export DISPLAY=localhost:13.1
briccs-1:~ # xauth merge ~nrh11/.Xauthority
briccs-1:~ # VirtualBox

  • VMs currently provisioned:

briccs-4.rcs.le.ac.uk 02:01:8F:D2:AA:8C 143.210.170.140
briccs-5.rcs.le.ac.uk 02:01:8F:D2:AA:8D 143.210.170.141
briccs-6.rcs.le.ac.uk 02:01:8F:D2:AA:8E 143.210.170.142
briccs-7.rcs.le.ac.uk 02:01:8F:D2:AA:8F 143.210.170.143

Settings

IP mask : 255.255.255.0 Gateway : 143.210.170.1 DNS one : 143.210.12.152 DNS two : 143.210.12.154

VBoxManage man page: http://www.virtualbox.org/manual/ch08.html

Note: when rebuilding a VM, the ssh key will change. On local machines use "ssh-keygen -R hostname" and "ssh-keygen -R IP" to remove them and then reconnect.

briccs-2

  • Hostname : briccs-2.rcs.le.ac.uk
  • Location : RCS
  • Hardware : VirtualBox virtual machine
  • Software : OpenSuse
  • Services
    • Subversion (svn) repository

briccs-3

  • Hostname : briccs-3.rcs.le.ac.uk
  • Location : RCS
  • Hardware : VirtualBox virtual machine
  • Software : OpenSuse
  • Services
    • Test deployment of CaTissue (evaluation by lab staff)

VMs on briccs-1

  • The VMs on briccs-1 are transitory, however please check with the listed owner before destruction.

briccs-4

  • Hostname : briccs-4.rcs.le.ac.uk
  • Ownership:
  • Location : briccs-1
  • Hardware : VirtualBox virtual machine
  • Software :
  • Services

briccs-5

  • Hostname : briccs-5.rcs.le.ac.uk
  • Ownership: JL
  • Location : briccs-1
  • Hardware : VirtualBox virtual machine
  • Software : CentOS
  • Services
    • Test deployment of i2b2

briccs-6

  • Hostname : briccs-6.rcs.le.ac.uk
  • Ownership: JL
  • Location : briccs-1
  • Hardware : VirtualBox virtual machine
  • Software : CentOS
  • Services
    • Deployment of caTissue p5 for API client testing

briccs-7

  • Hostname : briccs-7.rcs.le.ac.uk
  • Ownership:
  • Location : briccs-1
  • Hardware : VirtualBox virtual machine
  • Software : CentOS 5.5 (64bit)

sparrow

  • Hostname : sparrow.briccs.org.uk
  • Location : SliceHost
  • Hardware : Xen virtual machine, Quad core Opteron, 256M RAM, 10G HD
  • Software : CentOS 5.5 (32bit)
  • Services
    • No longer running any live services.
    • All services now migrated to briccs-7.
    • Scheduled to be shutdown once migrated services have been tested.

BRICCS Server Security

The following should be considered the standard specification for BRICCS Server Security:

ClamAV: Put the following in cron.weekly and chmod 755: clamscan -ri --exclude-dir=/sys\|/proc\|/dev / | mail -s "ClamAV Scan Results for date +%D" email@…

fail2ban

logwatch

NagiOS

chkrootkit

Snort

What else?

Note: See TracWiki for help on using the wiki.