= System admin for the BRICCS infrastructure = BRICCS page in the RCS wiki : https://rcs-manage-1.star.le.ac.uk/wiki/index.php5/BRICCS A list of the systems we have available, and what software they are running. == Hospital systems == On the hospital side, the machines are created within the UHL server facility managed by IM&T. We currently have eight VMs, visible only from within the hospital environment. * Standard packages: mailutils build-essential clamav htop fail2ban logwatch nagios3 chkrootkit snort make zip unzip * Mail setting 'Internet with smarthost': System needs to be able to manage local and outgoing mail. 'smarthost' used for everything else: smtp.xuhl-tr.nhs.uk - the server IPs then need adding to the UHL smtp whitelist. This is arranged by UHL IM&T (Paul Tracey). * ClamAV: Put the following in cron.weekly and chmod 755: {{{ #!/bin/bash clamscan -ri --exclude-dir=^/sys\|^/proc\|^/dev / | mail -s "ClamAV Scan Results for `date +%D`" email@email.domain }}} * All UHL machines need to be able to access the internet for updates, etc. For this they need to be 'allowed by rule' through the BlueCoat firewall. This is arranged by UHL IM&T (Geoff Harrison) === briccs === * Hostname : briccs.xuhl-tr.nhs.uk * Location : UHL 10.156.254.207 * Subnet - 255.255.255.128, Gateway - 10.156.254.129 * DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166 * Hardware : Virtual machine * Software : Ubuntu 9.10 * Packages: sun-java6-bin sun-java6-jdk maven2 perl openssl apache2 php webmin.deb * Services * [[Onyx]] and dependencies, including the pmi lookup * MRBS for room bookings * REDCap for production studies and surveys * webmin to port 10000 (HTTPS) * byobu for multiple terminals if desired * Printing: cups on app01. Configure using web interface, but when in normal mode comment out the Listen 10.156.254.207 line from the /etc/cups/cupsd.conf - currently only user in lpadmin group is nick. Printer configured as 'TMF-HP' for use in Onyx. === briccsdb === * Hostname : briccsdb.xuhl-tr.nhs.uk * Location : UHL 10.156.254.206 * Subnet - 255.255.255.128, Gateway - 10.156.254.129 * DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166 * Hardware : Virtual machine * Software : Ubuntu 9.10 * Packages: phpmyadmin mysql perl openssl webmin.deb * Services * MySQL database for [[Onyx]], REDCap and the BRICCS ID label system. * phpmyadmin at /phpmyadmin/ * webmin to port 10000 (HTTPS) * byobu for multiple terminals if desired === briccsdev === * Hostname : uhlbriccsdev.xuhl-tr.nhs.uk * Location : UHL 10.147.126.57 * Subnet - 255.255.255.128, Gateway - 10.147.126.1 * DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166 * Hardware : Virtual machine * Software : Ubuntu 10.04 * Packages: phpmyadmin mysql perl openssl webmin.deb * Services * OnyxTestSystem and dependencies, including the test pmi lookup === briccsdbdev === * Hostname : uhlbriccsdbdev.xuhl-tr.nhs.uk * Location : UHL 10.147.126.56 * Subnet - 255.255.255.128, Gateway - 10.147.126.1 * DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166 * Hardware : Virtual machine * Software : Ubuntu 10.04 * Packages: phpmyadmin mysql perl openssl webmin.deb * Services * MySQL database for OnyxTestSystem === uhlbriccsapp02 === * Hostname : uhlbriccsapp02.xuhl-tr.nhs.uk * Location : UHL 10.156.254.252 * Subnet - 255.255.255.128, Gateway - 10.156.254.129 * DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166 * Hardware : Virtual machine * Software : Ubuntu 10.04 * Packages: phpmyadmin mysql perl openssl webmin.deb * Services * Testing version of i2b2 - NG using for clinical data interchange work === uhlbriccsapp03 === * Hostname : uhlbriccsapp03.xuhl-tr.nhs.uk * Location : UHL 10.156.254.254 * Subnet - 255.255.255.128, Gateway - 10.156.254.129 * DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166 * Hardware : Virtual machine * Software : Ubuntu 10.04 * Packages: phpmyadmin mysql perl openssl webmin.deb * Services * Testing version of REDCap * Testing version of i2b2 - NH using for onyx export / import === uhlbriccsapp04 === * Hostname : uhlbriccsapp04.xuhl-tr.nhs.uk * Location : UHL 10.156.253.176 * Subnet - 255.255.255.128, Gateway - 10.156.253.129 * DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166 * Hardware : Virtual machine * Software : Ubuntu 12.04 * Packages: pwgen php5 php5-mysql php5-ldap php5-sybase php5-gd php5-gmp php-pear php5-dev subversion mysql-client-core-5.5 git * Services * Testing version of CiviCRM === uhlbriccsapp05 === * Hostname : uhlbriccsapp05.xuhl-tr.nhs.uk * Location : UHL 10.156.253.177 * Subnet - 255.255.255.128, Gateway - 10.156.253.129 * DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166 * Hardware : Virtual machine * Software : Ubuntu 12.04 * Packages: pwgen php5 php5-mysql php5-ldap php5-sybase php5-gd php5-gmp php-pear php5-dev subversion mysql-client-core-5.5 git * Services * Live version of CiviCRM === uhlbriccsEXT01 === * Hostname : briccsext01.xuhl-tr.nhs.uk * Location : UHL 10.156.253.175 * Subnet - 255.255.255.128, Gateway - 10.156.254.129 * DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166 * Hardware : Virtual machine * Software : Ubuntu 12.04 * Packages: sun-java6-bin sun-java6-jdk maven2 perl openssl apache2 php webmin.deb * Services * [[Onyx]] and dependencies, NOT including the pmi lookup, to service external recruitment * webmin to port 10000 (HTTPS) * byobu for multiple terminals if desired * Printing: cups on app01. Configure using web interface, but when in normal mode comment out the Listen 10.156.254.207 line from the /etc/cups/cupsd.conf - currently only user in lpadmin group is nick. Printer configured as 'TMF-HP' for use in Onyx. == University systems: LAMP Infrastructure == All systems on the University side should eventually run on LAMP insfrastructure. The systems are VM's provided by RCS. === lamp-api-08 === * Hostname: lamp-api-08.rcs.le.ac.uk * Ownership: JL * Software: SLES 11 Linux * Services * Development deployment of i2b2 v1.5.5 * Access to SQL Server 2005 development instance === lamp-api-15 === * Hostname: lamp-api-15.rcs.le.ac.uk * Ownership: JL * Software: SLES 11 Linux * Services * Projected development deployment of i2b2 v1.6 * Access to SQL Server 2008 development instance for 1 briccs project === lamp-api-16 === * Hostname: lamp-api-16.rcs.le.ac.uk * Ownership: JL * Software: SLES 11 Linux * Services * Projected development deployment of i2b2 v1.5.5 for exploring multiple versions of Ontologies. * Access to SQL Server 2008 development instance for 3 briccs projects == Pre-LAMP University systems == The following are existing systems on the University side which have yet to be moved to the LAMP infrastructure. The systems are provided by RCS. === briccs-1 === * Hostname : briccs-1.rcs.le.ac.uk * Location : RCS * Hardware : ? * Software : OpenSuse * Services * Host VirtualBox system for sandbox VMs * ex-Live deployment of BriccsLabelsWebapp (not used) * ex-Test deployment of CaTissue (not used) * Accessing the VirtualBox GUI Control Panel: ssh -X briccs-1.rcs.le.ac.uk[[BR]] nrh11@briccs-1:~> echo $DISPLAY[[BR]] localhost:13.1 [[BR]] nrh11@briccs-1:~> sudo su -[[BR]] nrh11's password:[[BR]] briccs-1:~ # export DISPLAY=localhost:13.1 [[BR]] briccs-1:~ # xauth merge ~nrh11/.Xauthority [[BR]] briccs-1:~ # VirtualBox[[BR]] * VMs currently provisioned: > briccs-4.rcs.le.ac.uk 02:01:8F:D2:AA:8C 143.210.170.140[[BR]] > briccs-5.rcs.le.ac.uk 02:01:8F:D2:AA:8D 143.210.170.141[[BR]] > briccs-6.rcs.le.ac.uk 02:01:8F:D2:AA:8E 143.210.170.142[[BR]] > briccs-7.rcs.le.ac.uk 02:01:8F:D2:AA:8F 143.210.170.143[[BR]] Settings IP mask : 255.255.255.0 Gateway : 143.210.170.1 DNS one : 143.210.12.152 DNS two : 143.210.12.154 VBoxManage man page: http://www.virtualbox.org/manual/ch08.html Note: when rebuilding a VM, the ssh key will change. On local machines use "ssh-keygen -R hostname" and "ssh-keygen -R IP" to remove them and then reconnect. === briccs-2 === * Hostname : briccs-2.rcs.le.ac.uk * Location : RCS * Hardware : VirtualBox virtual machine * Software : OpenSuse * Services * Subversion (svn) repository === briccs-3 === * Hostname : briccs-3.rcs.le.ac.uk * Location : RCS * Hardware : VirtualBox virtual machine * Software : OpenSuse * Services * Deployment of caTissue * Label printing webapp, accessed by http://services.briccs.org.uk/labels/ === VMs on briccs-1 === * The VMs on briccs-1 are transitory, however please check with the listed owner before destruction. ==== briccs-4 ==== * Hostname : briccs-4.rcs.le.ac.uk * Ownership: DM * Location : briccs-1 * Hardware : VirtualBox virtual machine * Software : CentOS 6.2 * Services * BRISSkit Drupal * BRISSkit MediaWiki ==== briccs-5 ==== * Hostname : briccs-5.rcs.le.ac.uk * Ownership: JL * Location : briccs-1 * Hardware : VirtualBox virtual machine * Software : CentOS * Services * Test deployment of i2b2 ==== briccs-6 ==== * Hostname : briccs-6.rcs.le.ac.uk * Ownership: JL * Location : briccs-1 * Hardware : VirtualBox virtual machine * Software : CentOS * Services * Deployment of caTissue p5 for API client testing ==== briccs-7 ==== * Hostname : briccs-7.rcs.le.ac.uk * Ownership: * Location : briccs-1 * Hardware : VirtualBox virtual machine * Software : CentOS 5.5 (64bit) * Services * Trac system * http://trac.briccs.org.uk/ * Maven repository * http://mvn.briccs.org.uk/ * Data repository * http://data.briccs.org.uk/ = BRICCS Server Security = The following should be considered the standard specification for BRICCS Server Security: ClamAV: Put the following in cron.weekly and chmod 755: {{{ #!\bin\bash clamscan -ri --exclude-dir=^/sys\|^/proc\|^/dev / | mail -s "ClamAV Scan Results for `date +%D`" email@email.domain }}} fail2ban * Note: If installing on a CentOS machine, fail2ban is only available from the EPEL repo: rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm logwatch * Note: By default logwatch mails daily reports to root@localhost - this probably isn't what we want. Configure /usr/share/logwatch/default.conf/logwatch.conf and alter the target address to someone who gives a damn. NagiOS chkrootkit Snort What else?