From Notes

Some specific items and discussion topic about configuration for the SuSE servers.

Partition of drive array ?

Should / be seperated out into different chunks for /home /tmp /var, etc ?

Size of Swap? First Partition or Last ?

Solution #1 (default)

Filesystem            Size  Used Avail Use% Mounted on
/dev/cciss/c0d0p2      67G  2.5G   65G   4% /
tmpfs                1003M  4.0K 1003M   1% /dev/shm

/dev/cciss/c0d0p1    1027M   (swap)

Solution #2 (Tech Services/AdmCS suggestion)

Filesystem Size Used Avail Use% Mounted on

/dev/cciss/c0d0p2      39G  2.0G   37G   6% /
tmpfs                1003M  4.0K 1003M   1% /dev/shm
/dev/cciss/c0d0p3      43M  7.0M   34M  18% /boot
/dev/cciss/c0d0p5      11G   33M   10G   1% /home
/dev/cciss/c0d0p8     5.3G  312M  5.0G   6% /opt
/dev/cciss/c0d0p7     5.1G   33M  5.0G   1% /tmp
/dev/cciss/c0d0p6     5.1G  517M  4.5G  11% /var

/dev/cciss/c0d0p1     4342M (swap)

/dev/cciss/c0d0p1              12        1101     4447200   82  Linux swap
/dev/cciss/c0d0p2            1102       10945    40163520   83  Linux
/dev/cciss/c0d0p3   *           1          11       44864   83  Linux
/dev/cciss/c0d0p4           10946       17433    26471040    f  W95 Ext'd (LBA)
/dev/cciss/c0d0p5           10946       13516    10489664   83  Linux
/dev/cciss/c0d0p6           13517       14802     5246864   83  Linux
/dev/cciss/c0d0p7           14803       16088     5246864   83  Linux
/dev/cciss/c0d0p8           16089       17433     5487584   83  Linux

SUDOERS

(/etc/sudoers)

Who is allowed to sudo to root

 YOURNAME

Option between requiring 'root' password, or 'user' password ?

DHCP

• Fix scripts, website -> lease tables
• Use centralized DHCP resources instead ?

DNS

• Use campus wide resources instead ?
  • Internet incoming .MYDOMAIN.COM -> Centralialized DNS Server
  • PC/DHCP DNS entries, Centralized DNS server, then backup ?

1. 1. Master Copy, MYHOST.MYDOMAIN.COM -> Centralized DNS Server
   2. Master Copy, Centralized DNS Server (no local customizations)

• Tie into GPLI (inventory information)
• update the 'dns-reference' page.
• Tie into DHCP information (??)

Firewall setup

phase 1  /etc/init.d/SuSEFirewall2_inital     (don't run 'start', it will shutdown yourself)
phase 2  /etc/init.d/SuSEFirewall2_setup stop
phase 3  /etc/init.d/SuSEFirewall2_final start

all run program of /sbin/SuSEfirewall2

RULES:

 INCOMING
 OUTGOING

Connection scopes:

1. Internet (ROUTER LEVEL, Border-Edge Router)
2. Campus
3. Residence Halls
4. Same subnet
5. Special subnets
6. Specific other servers
7. Self/localhost

Other topics, or un-answered questions

PRODUCTION

•  ?? Root password, make more secure, remove all keys?
• never use again?

•  ?? /etc/crontab, what needs to be moved over ?
• check_db
• make dns_reference pages (& fix script)
• cleanup conduct temp files.
• cbord match program
• webalizer checkall
• backup system files, home directories, logs, and configuration files?

DEVELOPMENT

•  ?? backup system files, home directories, logs, and configuration files?

GENERAL

?? Startup issues (DEV & PRODUCTION) ??? php temp area ??? firewall rules

?? Log rotate rules

?? backup scripts

?? Nagios.org

• Monitor each other?

?? sysconfig <filename> -> SVN:sysconfig (only as root)

• Put system files into SVN, version controlling somehow ?

?? other customizations to /etc/init.d scripts ?

• DNS restart, show bottom of log file...

?? /var/www/local/ ? Any files not in SVN ?

• Webalizer

?? Files on FREYA, could be moved elsewhere..

• Move web logs and processing to other server

 (move older logs over, plus copies of recent logs)

• Webalizer , access logs ?
• A different one?, AW Stats? http://awstats.sourceforge.net