...
Deployment
...
preamble
Carinet Responsibilities
Provision hardware and VMs
All machines
- OS: Centos 5
...
- 64 bit
Security
Physical server security: Assumes data center is secured
OS kernel security: Assumes VMware installation has latest kernel updates/patches
Do not enable No SE Linux.
...
SSH Access
...
All access will be through ssh.
The city will provide public keys for those that will have root access.
...
All services shall be disabled unless otherwise requested.
...
This shall include the following:
- NFS
- FTP
- incoming mail
The following services shall be enabled.
- outgoing mail
- SSH
- firewall
...
Firewall Configuration
...
- web
- TCP wrapper
- geo
- TCP wrapper
- db
- TCP wrapper
Software requirements:
Packages/Modules: Barebone Barebones from VMware on all servers with firewall enabled and package manager(yum or Apt-get) installed
Web Server: -list of custom installations-
Geo Server: -list of custom installations-
DB Server: -list of custom installations-
Security requirements:
Physical server security: Assumes data center is secured
...
SFGov Responsibilites
Install application software including the following:
- java virutal machine
- tomcat
- postresql
Set up appropriate new users, restricting root access
File system security: Umask settings, setting up appropriate file permissions
OS kernel security: Assumes VMware installation has latest kernel updates/patches
Password & Access security: Use of public/private keys, SSH tunnels. Network security: Firewall, TCP wrapper, disabling unused ports & services