Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

Deployment

preamble

Carinet Responsibilities

Provision hardware and VMs

All machines

  • OS: Centos 5 64 bit
Security

Physical server security: Assumes data center is secured
OS kernel security: Assumes VMware installation has latest kernel updates/patches
Do not enable No SE Linux.

SSH Access

All access will be through ssh.
The city will provide public keys for those that will have root access.

All services shall be disabled unless otherwise requested.

This shall include the following:

  • NFS
  • FTP
  • incoming mail

The following services shall be enabled.

  • outgoing mail
  • SSH
  • firewall
Firewall Configuration
  • web
    • TCP wrapper
  • geo
    • TCP wrapper
  • db
    • TCP wrapper

Software requirements:

Packages/Modules: Barebones from VMware on all servers with firewall enabled and package manager(yum or Apt-get) installed

SFGov Responsibilites

Install application software including the following:

  • java virutal machine
  • tomcat
  • postresql

Set up appropriate new users, restricting root access

File system security: Umask settings, setting up appropriate file permissions
Password & Access security: Use of public/private keys, SSH tunnels.

  • No labels