Deployment
preamble
Carinet Responsibilities
Provision hardware and VMs
All machines
- OS: Centos 5 64 bit
Security
Physical server security: Assumes data center is secured
OS kernel security: Assumes VMware installation has latest kernel updates/patches
Do not enable No SE Linux.
SSH Access
All access will be through ssh.
The city will provide public keys for those that will have root access.
All services shall be disabled unless otherwise requested.
This shall include the following:
- NFS
- FTP
- incoming mail
The following services shall be enabled.
- outgoing mail
- SSH
- firewall
Firewall Configuration
- web
- TCP wrapper
- geo
- TCP wrapper
- db
- TCP wrapper
Software requirements:
Packages/Modules: Barebones from VMware on all servers with firewall enabled and package manager(yum or Apt-get) installed
SFGov Responsibilites
Install application software including the following:
- java virutal machine
- tomcat
- postresql
Set up appropriate new users, restricting root access
File system security: Umask settings, setting up appropriate file permissions
Password & Access security: Use of public/private keys, SSH tunnels.
Add Comment