wiki:Crin1

Version 8 (modified by chris, 2 years ago) (diff)

SSH Fingerprints added

crin1.crin.org

The crin1.crin.org server, at 93.95.228.179 is a 8G RAM, 10 CPU core, virtual server running 64 bit Debian 8.0, Jessie, which was configured in April/May 2015.

This server is running these sites:

SSH Fingerprints

These were produced using the SshFingerprints script:

1024 ec:22:ee:b7:8b:fb:bb:1d:18:fe:52:1c:37:99:65:e9 /etc/ssh/ssh_host_dsa_key.pub (DSA)
256 f0:e6:f4:42:9e:2f:82:52:e1:68:0d:d8:d0:2b:97:d6 /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA)
256 bc:70:7a:43:9e:96:40:1e:92:07:ae:2f:a3:1d:4d:57 /etc/ssh/ssh_host_ed25519_key.pub (ED25519)
2048 71:8c:92:eb:6a:63:8f:97:a7:5f:39:be:41:6e:fb:59 /etc/ssh/ssh_host_rsa_key.pub (RSA)

tmpreaper

PHP session files are deleted when older than a day via tmpreaper which was setup on ticket:44#comment:2 and is configured via /etc/tmpreaper.conf which contains:

TMPREAPER_PROTECT_EXTRA=''
TMPREAPER_TIME=1d
TMPREAPER_DIRS='/tmp/. /var/www/piwik/tmp/. /var/www/mediawiki/tmp/. /var/www/mediawiki/w/tmp/. /var/www/owncloud/tmp/.'
TMPREAPER_DELAY='256'
TMPREAPER_ADDITIONALOPTIONS=''

And is run via cron:

crontab -l -u piwik | grep -v ^#
05 23 * * * tmpreaper /var/www/piwik/tmp
crontab -l -u owncloud | grep -v ^#
15 23 * * * tmpreaper /var/www/owncloud/tmp
crontab -l -u mediawiki | grep -v ^#
10 23 * * * tmpreaper /var/www/mediawiki/w/tmp /var/www/mediawiki/tmp

iptables

fail2ban

sshd

mysqld

Current crin1 tickets

Ticket Summary Owner Reporter
#127 1984.is Server Rebuild chris chris
#119 MySQL Downtime chris chris
#116 Limit the number of MySQL connections from Crin4 to Crin1 chris chris
#114 Update TLS certs for MySQL chris chris
#113 MySQL Performance chris chris
#106 MySQL Error chris chris
#82 Attempted DDOS? chris chris
#76 Google Apps setup for crin.com chris chris
#65 Custom 502 and 503 pages for crin.org chris chris
#64 Let's Encrypt HTTPS Certs chris chris
#17 Debian System Updates chris chris

Closed crin1 tickets

Ticket Summary Owner Reporter
#78 HTTP_PROXY possible security risk chris chris
#74 Visit to CRIN office chris chris
#44 PHP temp session files need deleting chris chris
#28 Crin1 server email problem chris chris
#26 Create ssh and Trac account(s) for Code Positive chris chris
#10 Install Munin server and clients chris chris
#9 Monitor and adjust server settings after Crin1 and Crin2 server go live chris chris
#8 Install phpMyAdmin on crin1 and enable encrypted connections from crin2 chris chris
#2 Set up firewall and fail2ban to stop brute force ssh attacks chris chris