Seagate ST150176LC Instrukcja Użytkownika Pobierz pdf (Strona 8)

epic4 Configuration and Administration Guide

aliased to in /etc/aliases. Currently I just keep an eye on ssh logins and mail leaving the

system. The mechanism for the daily log reports is called logwatch, and is configured in

/etc/log.d.

Each service and its configuration details are outlined below.

SSH

The ssh daemon’s configuration and public/private key pairs are stored in /etc/ssh. The only

changes from the default configuration are:

• only SSH version 2 connections are allowed (there are security issues with the version 1

protocol)

• root logins are disallowed (you must login as a normal user and use su to become root)

• X11 forwarding is turned on

SSH connections can be made to epic4 from anywhere, without restriction. Because X11 traffic

is tunnelled through ssh, direct X logins have been switched off. As long as your ssh client

knows how to tunnel X and you have an X11 server, there is no need to set the DISPLAY

environment variable, and the tunnel will work through firewalls and masqueraded

connections.

NTP

NTP is the Network Time Protocol, and is used to keep the clocks synchronised accurately

between hosts. epic4 has a very simple NTP setup – its clock is synchronised to that of

dms1.xra.le.ac.uk, which in turn is synchronised with the Campus time service.

The NTP configuration file is /etc/ntp.conf.

The University’s NTP service is documented at http://www.le.ac.uk/cc/nss/ntp/

. The NTP

protocol itself can be found at http://www.ntp.org/

NFS

For historical reasons, epic4 allows NFS exports to be mounted on epic3, though there are

currently no filesystems exported.

Because NFS uses dynamic port numbers above 32000 for its connections, the iptables rules

aren’t as clean as they ought to be. As a workaround, ports 111 (portmapper), 2049 (nfsd)

and all ports between 32000 and 32999 inclusive are allowed to accept connections from

epic3.

A solution to this is to ensure that the NFS-related services rpc.rquotad, rpc.statd,

rpc.lockd and rpc.mountd are altered to use fixed ports. I haven’t got round to this, but

details can be found at http://librenix.com/?inode=3081

As epic3 is the EPIC FTP server, a portion of epic3’s FTP filesystem is exported and mounted on

epic4 under /mnt/epic3/cal-pv.

1 2 3 4 5 6 7 8 9 10 11 12 13 ... 18 19

Brak uwag

Seagate ST150176LC Instrukcja Użytkownika Strona 8