cdr:vms:web-server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
cdr:vms:web-server [2017/03/24 05:23]
jamesdro maga 		cdr:vms:web-server [2017/05/06 04:29]
jamesdro [Access Control]
Line 1: Line 1:
-====== ​ubnetdef ​======+====== ​Web Server ​======
 Our front-facing public webserver. You're literally connected to this server right now, as you're on our wiki. Our front-facing public webserver. You're literally connected to this server right now, as you're on our wiki.
  
 ===== Host Information ===== ===== Host Information =====
   * IP: 128.205.44.157   * IP: 128.205.44.157
 +  * IP: 192.168.0.21 ([Red Team Network](/​cdr/​networks/​blue_red))
   * Reverse DNS: net-def.cse.buffalo.edu   * Reverse DNS: net-def.cse.buffalo.edu
-  * vCenter Cluster: ​UBNetDef / LEGACY +  * vCenter Cluster: ​MAIN 
-  * vCenter Datastore: [cdr-iscsi2](/​cdr/​servers/​cdr-iscsi2)+  * vCenter Datastore: [cdr-iscsi1](/​cdr/​servers/​cdr-iscsi1)
  
 ===== Access Control ===== ===== Access Control =====
-Accounts on this machine ​is manually ​controlled.+Access to this server ​is controlled ​via our [central authentication server](master).
  
-===== Notes =====+===== Firewall Rules ===== 
 +As this machine is dual-homed, we have additional firewall rules on it.  Below is the (saved) IPTables rules.
  
 +<file conf /​etc/​iptables/​rules.v4>​
 +# Generated by iptables-save v1.4.21 on Fri Mar 24 01:42:12 2017
 +*filter
 +:INPUT DROP [1:36]
 +:FORWARD ACCEPT [0:0]
 +:OUTPUT DROP [1:84]
 +-A INPUT -i lo -j ACCEPT
 +-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
 +-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 +-A INPUT -p udp -m udp --dport 123 -j ACCEPT
 +-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
 +-A INPUT -m state --state RELATED,​ESTABLISHED -j ACCEPT
 +-A OUTPUT -o lo -j ACCEPT
 +-A OUTPUT -p tcp -m tcp -d 128.205.32.55 --dport 25 -j ACCEPT
 +-A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
 +-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
 +-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
 +-A OUTPUT -p udp -m udp --dport 123 -j ACCEPT
 +-A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
 +-A OUTPUT -d 128.205.44.172/​32 -p udp -m udp --dport 1514 -j ACCEPT
 +-A OUTPUT -m state --state RELATED,​ESTABLISHED -j ACCEPT
 +COMMIT
 +# Completed on Fri Mar 24 01:42:12 2017
 +</​file>​
 +
 +===== Notes =====
 +[fail2ban](https://​www.fail2ban.org/​wiki/​index.php/​Main_Page) is installed, protecting against SSH bruteforce attacks. ​ Don't mess up a login multiple times, as your IP will be banned.
  • cdr/vms/web-server.txt
  • Last modified: 2018/03/12 06:54
  • by jamesdro