Difference between revisions of "CNM Bureau Farm"
(→Security) |
(→Security) |
||
Line 14: | Line 14: | ||
: [[iptables]] as a firewall | : [[iptables]] as a firewall | ||
− | : For security, we use [[Fail2ban]] because it operates by monitoring log files (e.g. /var/log/auth.log, /var/log/apache/access.log, etc.) for selected entries and running scripts based on them. Most commonly this is used to block selected IP addresses that may belong to hosts that are trying to breach the system's security. It can ban any host IP address that makes too many login attempts or performs any other unwanted action within a time frame defined by the administrator. Includes support for both IPv4 and IPv6 | + | : For security, we use [[Fail2ban]] because it operates by monitoring log files (e.g. /var/log/auth.log, /var/log/apache/access.log, etc.) for selected entries and running scripts based on them. Most commonly this is used to block selected IP addresses that may belong to hosts that are trying to breach the system's security. It can ban any host IP address that makes too many login attempts or performs any other unwanted action within a time frame defined by the administrator. Includes support for both IPv4 and IPv6. |
− | |||
===Backup and recovery=== | ===Backup and recovery=== |
Revision as of 18:15, 21 April 2023
CNM Bureau Farm (formerly known as CNM EndUser Farm; hereinafter, the Farm) is the CNM farm that is based on bare-metal servers. This Farm also utilizes a portion of one bare-metal server that belongs to the CNM Lab Farm. The issues to work on may include (a) security outside of iptables, (b) adding NAS, as well as advanced backup and recovery systems, and (c) advanced monitoring systems.
Contents
Features
DNS entry point
- load balancer on a public web address
Syncronization
- synchronization of resources of common individual nodes, at least databases.
Monitoring
Security
- iptables as a firewall
- For security, we use Fail2ban because it operates by monitoring log files (e.g. /var/log/auth.log, /var/log/apache/access.log, etc.) for selected entries and running scripts based on them. Most commonly this is used to block selected IP addresses that may belong to hosts that are trying to breach the system's security. It can ban any host IP address that makes too many login attempts or performs any other unwanted action within a time frame defined by the administrator. Includes support for both IPv4 and IPv6.
Backup and recovery
Development
Development of the Farm occurs under the Administration for CNM Farms project.