wiki:AdminNotesGitServer

Administrator Notes

This page contains documentation about how the server hosting GIT was setup. Note that that server used to be the Trac server, but that moved to a new server.

Platform

The site is on a dual-Pentium III machine with 2 gibibyte of RAM and 70 Gbyte of disk.

It is running Debian 5.0 (lenny) update 1 as of 2009-05-26, which was the latest stable release at that time. It has had some ISC voodoo of unspecified nature applied, but is mostly a stock system.

All software was installed from Debian repositories via aptitude except as noted.

Subversion

Subversion is not used any more. Please see GitGuidelines for our Git repository.

Change emails

The Git commits are emailed including diffs. Subscribe at https://lists.isc.org/mailman/listinfo/bind10-changes

Apache Httpd

The apache22 port is installed. It is used for userdirs (such as the builder reports).

On 2010-09-14 the /etc/security/limits.conf file was modified to increase the maximum number of file descriptors, because of messages in /var/log/apache2/error.log which said "Too many open files":

$ rcsdiff /etc/security/limits.conf
===================================================================
RCS file: /etc/security/limits.conf,v
retrieving revision 1.1
diff -r1.1 /etc/security/limits.conf
51a52,54
> *		hard	nofile		2048
> *		soft	nofile		2048
> 

DenyHosts

DenyHosts is running on the box. Repeated unsuccessful logins will get the IP address blocked from the machine. It's not a perfect solution, but as of 2010-05 it has blocked over 350 IP addresses so at least some hacks have been slowed by this technique.

Sometimes legitimate users get blocked. To unblock a user, someone with root access to the box needs to follow these steps:

http://denyhosts.sourceforge.net/faq.html#3_19

Note that the directory with the DenyHosts files is /var/lib/denyhosts.

Disabled Services

The portmap and rpc.statd processes were disabled:

root@bind10:/etc# update-rc.d -f portmap remove
 Removing any system startup links for /etc/init.d/portmap ...
   /etc/rc0.d/S32portmap
   /etc/rc1.d/K81portmap
   /etc/rc6.d/S32portmap
   /etc/rcS.d/S43portmap
root@bind10:/etc# update-rc.d -f nfs-common remove
 Removing any system startup links for /etc/init.d/nfs-common ...
   /etc/rc0.d/K20nfs-common
   /etc/rc1.d/K20nfs-common
   /etc/rc2.d/S20nfs-common
   /etc/rc3.d/S20nfs-common
   /etc/rc4.d/S20nfs-common
   /etc/rc5.d/S20nfs-common
   /etc/rc6.d/K20nfs-common
   /etc/rcS.d/S44nfs-common

Time & NTP

NTP is configured in /etc/ntp.conf. The system uses t1.isc.org (IPv4), t2.isc.org (IPv4 and IPv6), and t3.isc.org (IPv4) as servers.

Localization

The locale for the site is set to en_DK. This means the language is English, but we use ISO 8601 for dates and times.

The time zone is UTC.

About this Document

Created by Shane 2009-05-26
Last review 2011-07-14
Review scheduled 2011-10-14

Last modified 6 years ago Last modified on Jul 14, 2011, 7:25:55 PM