Latest revision as of 21:05, 27 April 2016

This page summarizes how Old Mirror was set up in Spring 2014.

Install

See Debian Server Setup

Debian 7 x64

71 GB / - Software RAID 1
4GB Swap per OS Drive

Setup

See Debian Server Setup

Raid

sda sdb sdc sde sdg sdh
/dev/md2
Software RAID 10
/storage xfs

Networking

eth2

Intel Corporation 82541PI Gigabit Ethernet Controller
HWADDR=00:1B:21:28:C8:48
IPADDR=128.153.145.19

eth1

Intel Corporation 82566DM-2 Gigabit Network Connection
HWADDR=00:30:48:9A:DB:26
IPADDR=10.0.1.36

eth3

Intel Corporation 82573L Gigabit Ethernet Controller
HWADDR=00:30:48:9A:DB:27
IPADDR=10.0.0.14

Set Up SSH Login Banner

/etc/issue.net

         _                 
  __ _  (_)__________  ____
 /  ' \/ / __/ __/ _ \/ __/
/_/_/_/_/_/ /_/  \___/_/

SSHD config

uncomment

Banner /etc/issue.net

Installed nginx

apt-get install install nginx

Configure rsync to run as a daemon

Installed xinetd

apt-get install rsync

Configured rsync /etc/rsyncd.conf

uid = nobody
gid = nogroup
use chroot = yes
max connections = 20
pid file = /var/run/rsyncd.pid
motd file = /etc/rsyncd.motd
log file = /var/log/rsync.log
transfer logging = yes
log format = %t %a %m %f %b
syslog facility = local3
timeout = 900
dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
refuse options = checksum

[name]
  comment = Name of Repository
  path = /storage/repository
  exclude = lost+found/
  read only = true
  ignore nonreadable = yes

Created rsync motd /etc/rsyncd.motd

###############################################################

The Clarkson University mirror is located in Potsdam, NY, US.

This mirror is operated by the Clarkson Open Source Institute.
http://cosi.clarkson.edu/

If you have any questions or problems, please email
mirror-admin@cslabs.clarkson.edu.

Recent changes can be found at
http://status.cslabs.clarkson.edu/tag/mirror.

###############################################################

Set Up Fedora Mirror Manager

Installed mirrormanager

cd /usr/local/sbin
git clone git://git.fedorahosted.org/mirrormanager/
ln -s /usr/local/sbin/mirrormanager/client/report_mirror /usr/local/sbin/report_mirror

Configured mirrormanager
- Modified /etc/mirrormanager-client/report_mirror.conf

[global]
# if enabled=0, no data is sent to the database
enabled=1
# server= is the URL to the MirrorManager XML-RPC interface
server=https://admin.fedoraproject.org/mirrormanager/xmlrpc


[site]
# if enabled=0, no data about this site is sent to the database
enabled=1
# Name and Password fields need to match the Site name and password
# fields you entered for your Site in the MirrorManager database at
# https://admin.fedoraproject.org/mirrormanager
name=Clarkson University
password=<PASSWORD GOES HERE>

[host]
# if enabled=0, no data about this host is sent to the database
enabled=1
# Name field need to match the Host name field you entered for your
# Host in the MirrorManager database at
# https://admin.fedoraproject.org/mirrormanager
name=mirror.clarkson.edu
# if user_active=0, no data about this category is given to the public
# This can be used to toggle between serving and not serving data,
# such enabled during the nighttime (when you have more idle bandwidth
# available) and disabled during the daytime.
# By not specifying user_active, the database will not be updated.
# user_active=1

[stats]
# Stats are only sent when run with the -s option
# and when this section is enabled.
# This feature is not presently implemented
enabled=0
apache=/var/log/httpd/access_log
vsftpd=/var/log/vsftpd.log
# remember to enable log file and transfer logging in rsyncd.conf
rsyncd=/var/log/rsyncd.log


# Content Categories
# These sections match the Categories for content tracked by MirrorManager.
#
# enabled=1 means information about this category will be sent to the database.
# enabled=0, no data about this host is sent to the database.  If the
# database already has information for you for this Category, it will
# remain unchanged.  This can be used to update the database after you
# have manually synced some infrequently-updated content, such as
# historical releases.
#
# path= is the path on your local disk to the top-level directory for this Category

[Fedora Linux]
enabled=1
path=/usr/share/nginx/www/fedora/linux

[Fedora EPEL]
enabled=1
path=/usr/share/nginx/www/epel

# lesser used categories below

[Fedora Web]
enabled=0
path=/usr/share/nginx/www/pub/fedora/web

[Fedora Secondary Arches]
enabled=0
path=/usr/share/nginx/www/pub/fedora-secondary

[Fedora Other]
enabled=0
path=/usr/share/nginx/www/pub/alt

# historical content

[Fedora Core]
enabled=0
path=/usr/share/nginx/www/pub/fedora/linux/core

[Fedora Extras]
enabled=0
path=/usr/share/nginx/www/pub/fedora/linux/extras

[Fedora Archive]
enabled=0
path=/usr/share/nginx/www/pub/fedora-archive

Added cron entries for root

# Dir sizes
0 0 * * * /usr/local/bin/dir_sizes.sh

# backup
45 0 * * * /bin/nice -n 19 /usr/bin/ionice -c2 -n7 /usr/local/bin/backup.sh

10 0 * * * /usr/local/sbin/report_mirror

Setup Rsync Scripts

Difference between revisions of "Mirror Setup Process"

Latest revision as of 21:05, 27 April 2016

Contents

Install

Debian 7 x64

Setup

Raid

Networking

eth2

eth1

eth3

Set Up SSH Login Banner

SSHD config

Installed nginx

Configure rsync to run as a daemon

Set Up Fedora Mirror Manager

Navigation menu

Views

Personal tools

Navigation

Search

Tools

@@ Line 1: / Line 1: @@
-This page summarizes how [[Mirror]] was set up in Spring 2009.
+[[Category:Server Setup Documentation]]
-==Install==
-*Installed CentOS 5.3 x64.
-**Partition Scheme ('''Note: This isn't the most ideal partition layout but was the best use of space at the time while providing redundancy for some things that we mirror.''')
-***100 MB /boot - Software RAID 1
-***73 GB root_lvg - Logical Volume Group Software RAID 1
-****53 GB / (root_lvg-root_lv)
-****10 GB /var (root_lvg-var_lv)
-****10 GB swap (root_lvg-swap_lv)
-***903 GB /mnt/raid - Software RAID 1
-***1.8 TB /mnt/lvg_storage (storage_lvg-storage_lv)
-***903 GB /mnt/storage1
-***903 GB /mnt/storage2
-===Kickstart File===
-<code><pre>
-# Kickstart file automatically generated by anaconda.
-install
-cdrom
-lang en_US.UTF-8
-keyboard us
-network --device eth0 --bootproto static --ip 128.153.145.19 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname mirror
-network --device eth1 --bootproto static --ip 10.0.1.36 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname mirror
-network --device eth2 --bootproto static --ip 10.0.0.14 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname mirror
-rootpw --iscrypted ENCRYPTED-PASSWORD-GOES-HERE
-firewall --enabled --port=22:tcp
-authconfig --enableshadow --enablemd5
-selinux --enforcing
-timezone --utc America/New_York
-bootloader --location=partition --driveorder=hda,hdb,sda,sdc,sdb,sdd,sde,sdf --md5pass=ENCRYPTED-PASSWORD-GOES-HERE
-# The following is the partition information you requested
-# Note that any partitions you deleted are not expressed
-# here so unless you clear all partitions first, this is
-# not guaranteed to work
-clearpart --linux
-part raid.11 --size=100 --ondisk=hda
-part raid.14 --size=100 --ondisk=hdb
-part /mnt/storage2 --fstype ext3 --size=100 --grow --ondisk=sdf
-part /mnt/storage1 --fstype ext3 --size=100 --grow --ondisk=sde
-part pv.25 --size=100 --grow --ondisk=sdd
-part pv.24 --size=100 --grow --ondisk=sdc
-part raid.22 --size=100 --grow --ondisk=sdb
-part raid.21 --size=100 --grow --ondisk=sda
-part raid.13 --size=100 --grow --ondisk=hdb
-part raid.12 --size=100 --grow --ondisk=hda
-raid /boot --fstype ext3 --level=RAID1 --device=md0 raid.11 raid.14
-raid pv.16 --fstype "physical volume (LVM)" --level=RAID1 --device=md1 raid.12 raid.13
-raid /mnt/raid --fstype ext3 --level=RAID1 --device=md2 raid.21 raid.22
-volgroup root_lvg --pesize=32768 pv.16
-volgroup storage_lvg --pesize=32768 pv.24 pv.25
-logvol swap --fstype swap --name=swap_lv --vgname=root_lvg --size=10240
-logvol /var --fstype ext3 --name=var_lv --vgname=root_lvg --size=10240
-logvol / --fstype ext3 --name=root_lv --vgname=root_lvg --size=55712
-logvol /mnt/lvg_storage --fstype ext3 --name=storage_lv --vgname=storage_lvg --size=1907712
-%packages
-@core
-@base
-device-mapper-multipath
--NetworkManager
--bluez-utils
-</pre></code>
-==Configuration==
-===Updated System===
-*Added Extra Repositories
-**RPMForge Yum Repository
-***<code>rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm</code>
-****From [http://dag.wieers.com/rpm/FAQ.php#B2 Dag Wieers]
-**Fedora EPEL Yum Repository
-***<code>rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-3.noarch.rpm</code>
-****From [http://download.fedora.redhat.com/pub/epel/5/x86_64/repoview/epel-release.html Fedora]
-*Configured Yum Priorities & to use our mirror
-**Edited <code>/etc/yum.repos.d/CentOS-Base.repo</code>
-<code><pre>
-# CentOS-Base.repo
-#
-# This file uses a new mirrorlist system developed by Lance Davis for CentOS.
-# The mirror system uses the connecting IP address of the client and the
-# update status of each mirror to pick mirrors that are updated to and
-# geographically close to the client.  You should use this for CentOS updates
-# unless you are manually picking other mirrors.
-#
-# If the mirrorlist= does not work for you, as a fall back you can try the
-# remarked out baseurl= line instead.
-#
-#
-[base]
-name=CentOS-$releasever - Base
-#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
-baseurl=http://mirror.clarkson.edu/centos/$releasever/os/$basearch/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
-priority=1
-exclude=rsync
-#released updates
-[updates]
-name=CentOS-$releasever - Updates
-#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
-baseurl=http://mirror.clarkson.edu/centos/$releasever/updates/$basearch/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
-priority=1
-exclude=rsync
-#packages used/produced in the build but not released
-[addons]
-name=CentOS-$releasever - Addons
-#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=addons
-baseurl=http://mirror.clarkson.edu/centos/$releasever/addons/$basearch/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
-priority=1
-#additional packages that may be useful
-[extras]
-name=CentOS-$releasever - Extras
-#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
-baseurl=http://mirror.clarkson.edu/centos/$releasever/extras/$basearch/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
-priority=1
-#additional packages that extend functionality of existing packages
-[centosplus]
-name=CentOS-$releasever - Plus
-#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
-baseurl=http://mirror.clarkson.edu/centos/$releasever/centosplus/$basearch/
-gpgcheck=1
-enabled=0
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
-priority=2
-#contrib - packages by Centos Users
-[contrib]
-name=CentOS-$releasever - Contrib
-#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
-baseurl=http://mirror.clarkson.edu/centos/$releasever/contrib/$basearch/
-gpgcheck=1
-enabled=0
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
-priority=2
-</pre></code>
-**Edited <code>/etc/yum.repos.d/rpmforge.repo</code>
-<code><pre>
-# Name: RPMforge RPM Repository for Red Hat Enterprise 5 - dag
-# URL: http://rpmforge.net/
-[rpmforge]
-name = Red Hat Enterprise $releasever - RPMforge.net - dag
-baseurl = http://mirror.clarkson.edu/rpmforge/redhat/el5/en/$basearch/dag
-#mirrorlist = http://apt.sw.be/redhat/el5/en/mirrors-rpmforge
-#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge
-enabled = 1
-gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
-gpgcheck = 1
-priority=15
-</pre></code>
-**Edited <code>/etc/yum.repos.d/epel.repo</code>
-<code><pre>
-[epel]
-name=Extra Packages for Enterprise Linux 5 - $basearch
-baseurl=http://mirror.clarkson.edu/epel/5/$basearch
-#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch
-failovermethod=priority
-enabled=1
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
-priority=30
-[epel-debuginfo]
-name=Extra Packages for Enterprise Linux 5 - $basearch - Debug
-baseurl=http://mirror.clarkson.edu/epel/5/$basearch/debug
-#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=$basearch
-failovermethod=priority
-enabled=0
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
-gpgcheck=1
-priority=30
-[epel-source]
-name=Extra Packages for Enterprise Linux 5 - $basearch - Source
-baseurl=http://mirror.clarkson.edu/epel/5/SRPMS
-#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-5&arch=$basearch
-failovermethod=priority
-enabled=0
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
-gpgcheck=1
-priority=30
-</pre></code>
-**Edited <code>/etc/yum.repos.d/epel-testing.repo</code>
-<code><pre>
-[epel-testing]
-name=Extra Packages for Enterprise Linux 5 - Testing - $basearch
-baseurl=http://mirror.clarkson.edu/epel/testing/5/$basearch
-#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel5&arch=$basearch
-failovermethod=priority
-enabled=0
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
-priority=40
-[epel-testing-debuginfo]
-name=Extra Packages for Enterprise Linux 5 - Testing - $basearch - Debug
-baseurl=http://mirror.clarkson.edu/epel/testing/5/$basearch/debug
-#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-debug-epel5&arch=$basearch
-failovermethod=priority
-enabled=0
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
-gpgcheck=1
-priority=40
-[epel-testing-source]
-name=Extra Packages for Enterprise Linux 5 - Testing - $basearch - Source
-baseurl=http://mirror.clarkson.edu/epel/testing/5/SRPMS
-#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel5&arch=$basearch
-failovermethod=priority
-enabled=0
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
-gpgcheck=1
-priority=40
-</pre></code>
-*Disabled Yum FastestMirror since using local mirror
-**<code>sed -i 's/enabled=1/enabled=0/g' /etc/yum/pluginconf.d/fastestmirror.conf</code>
-*Installed Yum Priorities (Note: This must be installed prior to installing the packages below.)
-**<code>yum install yum-priorities</code>
-*Configured Yum Priorities to check for obsoletes
-**<code>echo "check_obsoletes=1" >> /etc/yum/pluginconf.d/priorities.conf</code>
-*<code>yum install vim-enhanced gcc emacs-nox screen iftop</code>
-*<code>yum update</code>
-===Created User===
-*Created user mccarrms
-**<code>/usr/sbin/useradd -m mccarrms</code>
-*Set password for mccarrms
-**<code>passwd mccarrms</code>
-===Configured Sudo===
-*<code>/usr/sbin/visudo</code>
-<code><pre>
-## Sudoers allows particular users to run various commands as
-## the root user, without needing the root password.
-## Networking
-Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
-## Installation and management of software
-Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
-## Services
-Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
-## Updating the locate database
-Cmnd_Alias LOCATE = /usr/sbin/updatedb
-## Storage
+This page summarizes how [[Old Mirror]] was set up in Spring 2014.
-Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
-## Delegating permissions
+=Install=
-Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
+See [[Debian Server Setup]]
-## Processes
+==Debian 7 x64==
-Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
+*71 GB  / - Software RAID 1
+*4GB Swap per OS Drive
-## Drivers
+=Setup=
-Cmnd_Alias DRIVERS = /sbin/modprobe
+See [[Debian Server Setup]]
-## Shells
+==Raid==
-Cmnd_Alias SHELLS = /bin/sh, /bin/bash, /usr/bin/rsh, /bin/dash, /bin/rbash, /bin/su
+*sda sdb sdc sde sdg sdh
+*/dev/md2
+*Software RAID 10
+*/storage xfs
-## Users
+==Networking==
-Cmnd_Alias USERS = /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/userhelper, /usr/sbin/usermod, /usr/sbin/usernetctl
-Defaults    requiretty
+===eth2===
+*Intel Corporation 82541PI Gigabit Ethernet Controller
+*HWADDR=00:1B:21:28:C8:48
+*IPADDR=128.153.145.19
-Defaults    env_reset,tty_tickets,lecture=always,logfile=/var/log/sudo.log
+===eth1===
-Defaults    env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
+*Intel Corporation 82566DM-2 Gigabit Network Connection
-                        LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
+*HWADDR=00:30:48:9A:DB:26
-                        LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
+*IPADDR=10.0.1.36
-                        LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
-                        LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
-                        _XKB_CHARSET XAUTHORITY"
-## Allow root to run any commands anywhere
+===eth3===
-root    ALL=(ALL)       ALL
+*Intel Corporation 82573L Gigabit Ethernet Controller
-%wheel  ALL=(ALL)       ALL
+*HWADDR=00:30:48:9A:DB:27
-</pre></code>
+*IPADDR=10.0.0.14
-===Configured Networks===
+==Set Up SSH Login Banner==
-*Configured hostname in <code>/etc/sysconfig/network</code>
+/etc/issue.net
-<code><pre>
-NETWORKING=yes
-NETWORKING_IPV6=no
-HOSTNAME=mirror
-GATEWAY=128.153.145.1
-</pre></code>
-*Verified eth0 configuration for Clarkson Network in <code>/etc/sysconfig/network-scripts/ifcfg-eth0</code>
-<code><pre>
-# Intel Corporation 82541PI Gigabit Ethernet Controller
-DEVICE=eth0
-BOOTPROTO=static
-BROADCAST=128.153.145.255
-HWADDR=00:1B:21:28:C8:48
-IPADDR=128.153.145.19
-NETMASK=255.255.255.0
-NETWORK=128.153.145.0
-ONBOOT=yes
-</pre></code>
-*Verified eth1 configuration for the Server Room Network in <code>/etc/sysconfig/network-scripts/ifcfg-eth1</code>
-<code><pre>
-# Intel Corporation 82566DM-2 Gigabit Network Connection
-DEVICE=eth1
-BOOTPROTO=static
-BROADCAST=10.0.1.255
-HWADDR=00:30:48:9A:DB:26
-IPADDR=10.0.1.36
-NETMASK=255.255.255.0
-NETWORK=10.0.1.0
-ONBOOT=yes
-</pre></code>
-*Verified eth2 configuration for the Internal Network in <code>/etc/sysconfig/network-scripts/ifcfg-eth2</code>
-<code><pre>
-# Intel Corporation 82573L Gigabit Ethernet Controller
-DEVICE=eth2
-BOOTPROTO=static
-BROADCAST=10.0.0.255
-HWADDR=00:30:48:9A:DB:27
-IPADDR=10.0.0.14
-NETMASK=255.255.255.0
-NETWORK=10.0.0.0
-ONBOOT=yes
-</pre></code>
-====Configured Hosts====
-*Edited <code>/etc/hosts</code>
-<code><pre>
-.0.0.1       localhost.localdomain localhost
-::1             localhost6.localdomain6 localhost6
-.153.145.19  mirror.clarkson.edu mirror.cslabs.clarkson.edu mirror.cslabs mirror
-.0.1.36       mirror.sr.cslabs.clarkson.edu mirror.sr.cslabs mirror.sr
-.0.0.14       mirror.int.cslabs.clarkson.edu mirror.int.cslabs mirror.int
-</pre></code>
-*Edited <code>/etc/hosts.allow</code>
-<code><pre>
-For security purposes, this information has been intentionally left off.
-</pre></code>
-*Edited <code>/etc/hosts.deny</code>
-<code><pre>
-ALL: ALL
-</pre></code>
-====Configured DNS Servers====
-*Edited <code>/etc/resolv.conf</code>
-<code><pre>
-search cslabs.clarkson.edu clarkson.edu
-nameserver 128.153.0.254
-nameserver 128.153.5.254
-</pre></code>
-====Disabled IP v6====
-*Appended the following to <code>/etc/modprobe.conf</code>
-<code><pre>
-install ipv6 /bin/true
-</pre></code>
-*Disabled IP v6 firewall
-**<code>/sbin/chkconfig ip6tables off</code>
-===Configured IPtables===
-<code><pre>
-Due to the sensitivity of this material, this config file has been left off; however, the following rules are needed.
-</pre></code>
-*Restarted iptables
-**<code>/etc/init.d/iptables restart</code>
-===Configured SSH===
-*Edited <code>/etc/ssh/sshd_config</code>
-<code><pre>
-Due to the sensitivity of this material, this config file has been left off.
-</pre></code>
-*Restarted sshd
-**<code>/etc/init.d/sshd restart</code>
-====Set Up SSH Login Banner====
-*Edited <code>/etc/issue.net</code>
 <code><pre>
           _
@@ Line 407: / Line 45: @@
 </pre></code>
+==SSHD config==
+uncomment
+ Banner /etc/issue.net
-===Configured Password Requirements===
+==Installed nginx==
-*Edited <code>/etc/login.defs</code>
+  apt-get install install nginx
-<code><pre>
-MAIL_DIR        /var/spool/mail
-PASS_MAX_DAYS   360
-PASS_MIN_DAYS   0
-PASS_MIN_LEN    8
-PASS_WARN_AGE   60
-UID_MIN                   500
-UID_MAX                 60000
-GID_MIN                   500
-GID_MAX                 60000
-CREATE_HOME     yes
-UMASK           077
-USERGROUPS_ENAB yes
-MD5_CRYPT_ENAB yes
-ENCRYPT_METHOD MD5
-</pre></code>
-===Added Custom PATH Variables===
-*Added the following to <code>/etc/profile</code>
-<code><pre>
-PATH=$PATH:/usr/sbin:/sbin
-export PATH
-</pre></code>
-===Modified Root's Crontab===
-*<code>crontab -e</code>
-<code><pre>
-# Used to update locate database
-* * * * /usr/bin/updatedb
-</pre></code>
-===Set Up & Configured NTP===
-*Installed NTP
-**<code>yum install ntp</code>
-*Edited <code>/etc/ntp.conf</code>
-<code><pre>
-restrict default kod nomodify notrap nopeer noquery
-restrict -6 default kod nomodify notrap nopeer noquery
-restrict 127.0.0.1
-restrict -6 ::1
-restrict tick.clarkson.edu mask 255.255.255.255 nomodify notrap noquery
-restrict tock.clarkson.edu mask 255.255.255.255 nomodify notrap noquery
-server tick.clarkson.edu
-server tock.clarkson.edu
-server  127.127.1.0     # local clock
-fudge   127.127.1.0 stratum 10
-driftfile /var/lib/ntp/drift
-keys /etc/ntp/keys
-</pre></code>
-*Edited <code>/etc/ntp/step-tickers</code>
-<code><pre>
-tick.clarkson.edu
-tock.clarkson.edu
-</pre></code>
-*Configured ntpd to start on boot
-**<code>/sbin/chkconfig --levels 2345 ntpd on</code>
-*Started ntpd
-**<code>/etc/init.d/ntpd start</code>
-====Configured ntpd to Sync Hardware Clock====
-*Edited <code>/etc/sysconfig/ntpd</code>
-<code><pre>
-# Drop root to id 'ntp:ntp' by default.
-OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"
-# Set to 'yes' to sync hw clock after successful ntpdate
-SYNC_HWCLOCK=yes
-# Additional options for ntpdate
-NTPDATE_OPTIONS=""
-</pre></code>
-===Installed and Configured [http://www.apcupsd.org/ APCUPSD]===
-This package is used to monitor the UPS which [[Mirror]] is plugged into and is used to shutdown the system in the event of a power failure.
-====Configured to Power On when Power is Restored====
-*Edited the BIOS to have <code>Restore on AC/Power Loss</code> set to <code>Power On</code>.
-====Installed and configured <code>apcupsd</code>====
-*Installed <code>apcupsd</code>
-**<code>yum install apcupsd</code>
-*Edited <code>/etc/apcupsd/apcupsd.conf</code>
-<code><pre>
-## apcupsd.conf v1.1 ##
-UPSNAME ups3
-UPSCABLE ether
-UPSTYPE net
-DEVICE 128.153.145.215:3551
-LOCKFILE /var/lock
-SCRIPTDIR /etc/apcupsd
-PWRFAILDIR /etc/apcupsd
-NOLOGINDIR /etc
-ONBATTERYDELAY 6
-BATTERYLEVEL 10
-MINUTES 15
-TIMEOUT 0
-ANNOY 300
-ANNOYDELAY 60
-NOLOGON disable
-KILLDELAY 0
-NETSERVER on
-NISIP 127.0.0.1
-NISPORT 3551
-EVENTSFILE /var/log/apcupsd.events
-EVENTSFILEMAX 10
-UPSCLASS standalone
-UPSMODE disable
-STATTIME 0
-STATFILE /var/log/apcupsd.status
-LOGSTATS off
-DATATIME 0
-SELFTEST 336
-</pre></code>
-*Configured <code>apcupsd</code> to start on boot
-**<code>/sbin/chkconfig --levels 2345 apcupsd on</code>
-*Started <code>apcupsd</code>
-**<code>/etc/init.d/apcupsd start</code>
-===Configured Aliases===
-*Edited <code>/etc/aliases</code>
-<code><pre>
-#
-#  Aliases in this file will NOT be expanded in the header from
-#  Mail, but WILL be visible over networks or from /bin/mail.
-#
-#       >>>>>>>>>>      The program "newaliases" must be run after
-#       >> NOTE >>      this file is updated for any changes to
-#       >>>>>>>>>>      show through to sendmail.
-#
-# Basic system aliases -- these MUST be present.
-mailer-daemon:  postmaster
-postmaster:     logwatch@cslabs.clarkson.edu
-# General redirections for pseudo accounts.
-bin:            logwatch@cslabs.clarkson.edu
-daemon:         logwatch@cslabs.clarkson.edu
-adm:            logwatch@cslabs.clarkson.edu
-lp:             logwatch@cslabs.clarkson.edu
-sync:           logwatch@cslabs.clarkson.edu
-shutdown:       logwatch@cslabs.clarkson.edu
-halt:           logwatch@cslabs.clarkson.edu
-mail:           logwatch@cslabs.clarkson.edu
-news:           logwatch@cslabs.clarkson.edu
-uucp:           logwatch@cslabs.clarkson.edu
-operator:       logwatch@cslabs.clarkson.edu
-games:          logwatch@cslabs.clarkson.edu
-gopher:         logwatch@cslabs.clarkson.edu
-ftp:            logwatch@cslabs.clarkson.edu
-nobody:         logwatch@cslabs.clarkson.edu
-radiusd:        logwatch@cslabs.clarkson.edu
-nut:            logwatch@cslabs.clarkson.edu
-dbus:           logwatch@cslabs.clarkson.edu
-vcsa:           logwatch@cslabs.clarkson.edu
-canna:          logwatch@cslabs.clarkson.edu
-wnn:            logwatch@cslabs.clarkson.edu
-rpm:            logwatch@cslabs.clarkson.edu
-nscd:           logwatch@cslabs.clarkson.edu
-pcap:           logwatch@cslabs.clarkson.edu
-apache:         logwatch@cslabs.clarkson.edu
-webalizer:      logwatch@cslabs.clarkson.edu
-dovecot:        logwatch@cslabs.clarkson.edu
-fax:            logwatch@cslabs.clarkson.edu
-quagga:         logwatch@cslabs.clarkson.edu
-radvd:          logwatch@cslabs.clarkson.edu
-pvm:            logwatch@cslabs.clarkson.edu
-amanda:         logwatch@cslabs.clarkson.edu
-privoxy:        logwatch@cslabs.clarkson.edu
-ident:          logwatch@cslabs.clarkson.edu
-named:          logwatch@cslabs.clarkson.edu
-xfs:            logwatch@cslabs.clarkson.edu
-gdm:            logwatch@cslabs.clarkson.edu
-mailnull:       logwatch@cslabs.clarkson.edu
-postgres:       logwatch@cslabs.clarkson.edu
-sshd:           logwatch@cslabs.clarkson.edu
-smmsp:          logwatch@cslabs.clarkson.edu
-postfix:        logwatch@cslabs.clarkson.edu
-netdump:        logwatch@cslabs.clarkson.edu
-ldap:           logwatch@cslabs.clarkson.edu
-squid:          logwatch@cslabs.clarkson.edu
-ntp:            logwatch@cslabs.clarkson.edu
-mysql:          logwatch@cslabs.clarkson.edu
-desktop:        logwatch@cslabs.clarkson.edu
-rpcuser:        logwatch@cslabs.clarkson.edu
-rpc:            logwatch@cslabs.clarkson.edu
-nfsnobody:      logwatch@cslabs.clarkson.edu
-ingres:         logwatch@cslabs.clarkson.edu
-system:         logwatch@cslabs.clarkson.edu
-toor:           logwatch@cslabs.clarkson.edu
-manager:        logwatch@cslabs.clarkson.edu
-dumper:         logwatch@cslabs.clarkson.edu
-abuse:          logwatch@cslabs.clarkson.edu
-newsadm:        news
-newsadmin:      news
-usenet:         news
-ftpadm:         ftp
-ftpadmin:       ftp
-ftp-adm:        ftp
-ftp-admin:      ftp
-www:            webmaster
-webmaster:      logwatch@cslabs.clarkson.edu
-noc:            logwatch@cslabs.clarkson.edu
-security:       logwatch@cslabs.clarkson.edu
-hostmaster:     logwatch@cslabs.clarkson.edu
-info:           postmaster
-marketing:      postmaster
-sales:          postmaster
-support:        postmaster
-# trap decode to catch security attacks
-decode:         logwatch@cslabs.clarkson.edu
-# Person who should get roots's mail
-root:           logwatch@cslabs.clarkson.edu
-</pre></code>
-*Updated aliases
-**<code>/usr/bin/newaliases</code>
-===Disabled <code>CTRL-ALT-DELETE</code>===
-*Removed trap entry to prevent accidental reboots
-<code><pre>
-sed -i 's/ca::ctrlaltdel:/#ca::ctrlaltdel:/g' /etc/inittab
-</pre></code>
-*Made Changes Active
-<code><pre>
-init q
-</pre></code>
-===Disabled Various Kernel Modules===
-*Added the following to <code>/etc/modprobe.conf</code>
-<code><pre>
-install pppox /bin/true
-install bluetooth /bin/true
-install sctp /bin/true
-</pre></code>
-===Installed & Configured SNMP===
-*Installed needed packages
-<code><pre>
-yum install net-snmp ntp
-</pre></code>
-*Configured SNMP Daemon <code>/etc/snmp/snmpd.conf</code>
-<code><pre>
-rocommunity     <passphrase>  127.0.0.1
-rocommunity     <passphrase>  <ipsallowed>
-syslocation Clarkson University Applied CS Labs
-syscontact Matt McCarrell <mccarrms@gmail.com>
-disk /
-disk /var
-disk /boot
-disk /mnt/raid
-disk /mnt/lvg_storage
-disk /mnt/storage1
-disk /mnt/storage2
-exec timeskew /usr/local/sbin/ntp_check
-exec uptime /usr/bin/uptime
-</pre></code>
-*Deployed <code>ntp_check</code> script
-**Copied over <code>/usr/local/sbin/ntp_check</code> from [[Isengard]] to /usr/local/sbin/
-**<code>chown root.root /usr/local/sbin/ntp_check</code>
-*Configured SNMP to start at specific run levels
-<code><pre>
-/sbin/chkconfig --levels 2345 snmpd on
-</pre></code>
-*Started daemon
-<code><pre>
-/etc/init.d/snmpd start
-</pre></code>
-===Increased Detail of Logwatch Reports===
-*Set detail level to be high
-<code><pre>
-echo "Detail = High" >> /etc/logwatch/conf/logwatch.conf
-</pre></code>
-===Modified <code>/etc/fstab</code> to increase performance===
-*Configured to not update inode access times
-<code><pre>
-/dev/root_lvg/root_lv   /                       ext3    defaults        1 1
-/dev/md2                /mnt/raid               ext3    defaults,noatime        1 2
-/dev/storage_lvg/storage_lv /mnt/lvg_storage        ext3    defaults,noatime        1 2
-/dev/md0                /boot                   ext3    defaults        1 2
-/dev/root_lvg/var_lv    /var                    ext3    defaults        1 2
-LABEL=/mnt/storage1     /mnt/storage1           ext3    defaults,noatime        1 2
-LABEL=/mnt/storage2     /mnt/storage2           ext3    defaults,noatime        1 2
-tmpfs                   /dev/shm                tmpfs   defaults        0 0
-devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
-sysfs                   /sys                    sysfs   defaults        0 0
-proc                    /proc                   proc    defaults        0 0
-/dev/root_lvg/swap_lv   swap                    swap    defaults        0 0
-</pre></code>
-==Installed Apache==
-*Installed <code>httpd</code>
-**<code>yum install httpd</code>
-*Modified <code>/etc/httpd/conf/httpd.conf</code>
-<code><pre>
-ServerTokens Prod
-ServerRoot "/etc/httpd"
-PidFile run/httpd.pid
-Timeout 120
-KeepAlive On
-MaxKeepAliveRequests 100
-KeepAliveTimeout 2
-TraceEnable Off
-<IfModule prefork.c>
-StartServers       32
-MinSpareServers    20
-MaxSpareServers    80
-ServerLimit        768
-MaxClients         768
-MaxRequestsPerChild  1000
-</IfModule>
-<IfModule worker.c>
-StartServers         8
-MaxClients           600
-MinSpareThreads      100
-MaxSpareThreads      300
-ThreadsPerChild      100
-MaxRequestsPerChild  0
-</IfModule>
-Listen 80
-LoadModule auth_basic_module modules/mod_auth_basic.so
-LoadModule auth_digest_module modules/mod_auth_digest.so
-LoadModule authn_file_module modules/mod_authn_file.so
-LoadModule authn_alias_module modules/mod_authn_alias.so
-LoadModule authn_anon_module modules/mod_authn_anon.so
-LoadModule authn_dbm_module modules/mod_authn_dbm.so
-LoadModule authn_default_module modules/mod_authn_default.so
-LoadModule authz_host_module modules/mod_authz_host.so
-LoadModule authz_user_module modules/mod_authz_user.so
-LoadModule authz_owner_module modules/mod_authz_owner.so
-LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
-LoadModule authz_dbm_module modules/mod_authz_dbm.so
-LoadModule authz_default_module modules/mod_authz_default.so
-LoadModule ldap_module modules/mod_ldap.so
-LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
-LoadModule include_module modules/mod_include.so
-LoadModule log_config_module modules/mod_log_config.so
-LoadModule logio_module modules/mod_logio.so
-LoadModule env_module modules/mod_env.so
-LoadModule ext_filter_module modules/mod_ext_filter.so
-LoadModule mime_magic_module modules/mod_mime_magic.so
-LoadModule expires_module modules/mod_expires.so
-LoadModule deflate_module modules/mod_deflate.so
-LoadModule headers_module modules/mod_headers.so
-LoadModule usertrack_module modules/mod_usertrack.so
-LoadModule setenvif_module modules/mod_setenvif.so
-LoadModule mime_module modules/mod_mime.so
-LoadModule dav_module modules/mod_dav.so
-LoadModule status_module modules/mod_status.so
-LoadModule autoindex_module modules/mod_autoindex.so
-LoadModule info_module modules/mod_info.so
-LoadModule dav_fs_module modules/mod_dav_fs.so
-LoadModule vhost_alias_module modules/mod_vhost_alias.so
-LoadModule negotiation_module modules/mod_negotiation.so
-LoadModule dir_module modules/mod_dir.so
-LoadModule actions_module modules/mod_actions.so
-LoadModule speling_module modules/mod_speling.so
-LoadModule userdir_module modules/mod_userdir.so
-LoadModule alias_module modules/mod_alias.so
-LoadModule rewrite_module modules/mod_rewrite.so
-#LoadModule proxy_module modules/mod_proxy.so
-#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
-#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
-#LoadModule proxy_http_module modules/mod_proxy_http.so
-#LoadModule proxy_connect_module modules/mod_proxy_connect.so
-LoadModule cache_module modules/mod_cache.so
-LoadModule suexec_module modules/mod_suexec.so
-LoadModule disk_cache_module modules/mod_disk_cache.so
-LoadModule file_cache_module modules/mod_file_cache.so
-LoadModule mem_cache_module modules/mod_mem_cache.so
-LoadModule cgi_module modules/mod_cgi.so
-LoadModule version_module modules/mod_version.so
-Include conf.d/*.conf
-User apache
-Group apache
-ServerAdmin mirror-admin@cslabs.clarkson.edu
-UseCanonicalName Off
-DocumentRoot "/var/www/html"
-<Directory />
-    Options FollowSymLinks
-    AllowOverride None
-</Directory>
-<Directory "/var/www/html">
-    Options Indexes FollowSymLinks Includes
-    AllowOverride FileInfo Indexes Limit
-    Order allow,deny
-    Allow from all
-</Directory>
-<IfModule mod_userdir.c>
-    UserDir disable
-</IfModule>
-DirectoryIndex index.html index.html.var
-AccessFileName .htaccess
-XBitHack On
-<Files ~ "^\.ht">
-    Order allow,deny
-    Deny from all
-</Files>
-TypesConfig /etc/mime.types
-DefaultType text/plain
-<IfModule mod_mime_magic.c>
-#   MIMEMagicFile /usr/share/magic.mime
-    MIMEMagicFile conf/magic
-</IfModule>
-HostnameLookups Off
-ErrorLog logs/error_log
-LogLevel warn
-LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-LogFormat "%h %l %u %t \"%r\" %>s %b" common
-LogFormat "%{Referer}i -> %U" referer
-LogFormat "%{User-agent}i" agent
-CustomLog logs/access_log combined
-ServerSignature Off
-Alias /icons/ "/var/www/icons/"
-<Directory "/var/www/icons">
-    Options Indexes MultiViews
-    AllowOverride None
-    Order allow,deny
-    Allow from all
-</Directory>
-<IfModule mod_dav_fs.c>
-    # Location of the WebDAV lock database.
-    DAVLockDB /var/lib/dav/lockdb
-</IfModule>
-ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
-<Directory "/var/www/cgi-bin">
-    AllowOverride None
-    Options None
-    Order allow,deny
-    Allow from all
-</Directory>
-IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
-AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
-AddIconByType (TXT,/icons/text.gif) text/*
-AddIconByType (IMG,/icons/image2.gif) image/*
-AddIconByType (SND,/icons/sound2.gif) audio/*
-AddIconByType (VID,/icons/movie.gif) video/*
-AddIcon /icons/binary.gif .bin .exe
-AddIcon /icons/binhex.gif .hqx
-AddIcon /icons/tar.gif .tar
-AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
-AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
-AddIcon /icons/a.gif .ps .ai .eps
-AddIcon /icons/layout.gif .html .shtml .htm .pdf
-AddIcon /icons/text.gif .txt
-AddIcon /icons/c.gif .c
-AddIcon /icons/p.gif .pl .py
-AddIcon /icons/f.gif .for
-AddIcon /icons/dvi.gif .dvi
-AddIcon /icons/uuencoded.gif .uu
-AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
-AddIcon /icons/tex.gif .tex
-AddIcon /icons/bomb.gif core
-AddIcon /icons/back.gif ..
-AddIcon /icons/hand.right.gif README
-AddIcon /icons/folder.gif ^^DIRECTORY^^
-AddIcon /icons/blank.gif ^^BLANKICON^^
-DefaultIcon /icons/unknown.gif
-ReadmeName README.html
-HeaderName HEADER.html
-IndexIgnore .??* *~ *#
-AddLanguage ca .ca
-AddLanguage cs .cz .cs
-AddLanguage da .dk
-AddLanguage de .de
-AddLanguage el .el
-AddLanguage en .en
-AddLanguage eo .eo
-AddLanguage es .es
-AddLanguage et .et
-AddLanguage fr .fr
-AddLanguage he .he
-AddLanguage hr .hr
-AddLanguage it .it
-AddLanguage ja .ja
-AddLanguage ko .ko
-AddLanguage ltz .ltz
-AddLanguage nl .nl
-AddLanguage nn .nn
-AddLanguage no .no
-AddLanguage pl .po
-AddLanguage pt .pt
-AddLanguage pt-BR .pt-br
-AddLanguage ru .ru
-AddLanguage sv .sv
-AddLanguage zh-CN .zh-cn
-AddLanguage zh-TW .zh-tw
-LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
-ForceLanguagePriority Prefer Fallback
-AddDefaultCharset UTF-8
-AddType application/x-compress .Z
-AddType application/x-gzip .gz .tgz
-AddHandler type-map var
-AddType text/html .shtml
-AddOutputFilter INCLUDES .shtml
-AddType application/octet-stream .iso
-AddType application/octet-stream .rpm
-Alias /error/ "/var/www/error/"
-<IfModule mod_negotiation.c>
-<IfModule mod_include.c>
-    <Directory "/var/www/error">
-        AllowOverride None
-        Options IncludesNoExec
-        AddOutputFilter Includes html
-        AddHandler type-map var
-        Order allow,deny
-        Allow from all
-        LanguagePriority en es de fr
-        ForceLanguagePriority Prefer Fallback
-    </Directory>
-</IfModule>
-</IfModule>
-<LocationMatch "\.(xml|xml\.gz|xml\.asc|sqlite)">
-        Header set Cache-Control "must-revalidate"
-        ExpiresActive On
-        ExpiresDefault "now"
-</LocationMatch>
-AddType application/pgp-signature .sig
-# make sure .sig files are _not_ sent with "Content-Encoding: gzip".
-<Files *.gz.sig>
-  RemoveEncoding .gz
-</Files>
-BrowserMatch "Mozilla/2" nokeepalive
-BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
-BrowserMatch "RealPlayer 4\.0" force-response-1.0
-BrowserMatch "Java/1\.0" force-response-1.0
-BrowserMatch "JDK/1\.0" force-response-1.0
-BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
-BrowserMatch "MS FrontPage" redirect-carefully
-BrowserMatch "^WebDrive" redirect-carefully
-BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
-BrowserMatch "^gnome-vfs/1.0" redirect-carefully
-BrowserMatch "^XML Spy" redirect-carefully
-BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
-NameVirtualHost *:80
-<VirtualHost *:80>
-    ServerName mirror.clarkson.edu
-    ServerAdmin mirror-admin@cslabs.clarkson.edu
-    DocumentRoot "/var/www/html/"
-    ErrorLog logs/error_log
-    CustomLog logs/access_log combined
-    ServerAlias mirror
-</VirtualHost>
-<VirtualHost *:80>
-    ServerName mirror.cslabs.clarkson.edu
-    ServerAdmin mirror-admin@cslabs.clarkson.edu
-    DocumentRoot "/var/www/html/"
-    ErrorLog logs/error_log
-    CustomLog logs/access_log combined
-    ServerAlias mirror.cslabs*
-    Redirect permanent / http://mirror.clarkson.edu/
-</VirtualHost>
-<VirtualHost 128.153.145.18>
-    ServerName kernelmirror.clarkson.edu
-    ServerAdmin mirror-admin@cslabs.clarkson.edu
-    DocumentRoot "/var/www/html/"
-    ErrorLog logs/error_log
-    CustomLog logs/access_log combined
-    ServerAlias kernelmirror*
-    Redirect permanent / http://mirror.clarkson.edu/
-</VirtualHost>
-<VirtualHost 128.153.145.44>
-    ServerName mirror.dev.cslabs.clarkson.edu
-    ServerAdmin mirror-admin@cslabs.clarkson.edu
-    DocumentRoot "/var/www/html/"
-    ErrorLog logs/error_log
-    CustomLog logs/access_log combined
-    ServerAlias mirror.dev*
-    Redirect permanent / http://mirror.clarkson.edu/
-</VirtualHost>
-</pre></code>
-*Removed unneeded files
-**<code>rm /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/proxy_ajp.conf</code>
-*Configured Apache to start on boot
-**<code>/sbin/chkconfig --levels 345 httpd on</code>
-*Started Apache
-**<code>/etc/init.d/httpd start</code>
-====AWStats====
-*Mirror is configured to be monitored by AWStats on [[Netstat]].  The basic process for doing this is on the [[Configure a Remote Red Hat Based Linux Server for AWStats]] how-to.
 ==Configure rsync to run as a daemon==
 *Installed <code>xinetd</code>
-**<code>yum install xinetd</code>
+ apt-get install rsync
-*Enabled rsync <code>/etc/xinetd.d/rsync</code>
+*Configured rsync /etc/rsyncd.conf
-<code><pre>
-# default: off
-# description: The rsync server is a good addition to an ftp server, as it #   allows crc checksumming etc.
-service rsync
-{
-    disable = no
-    socket_type     = stream
-    wait            = no
-    user            = root
-    server          = /usr/bin/rsync
-    server_args     = --daemon
-    log_on_failure  += USERID
-}
-</pre></code>
-*Created configuration and shares for rsync daemon <code>/etc/rsyncd.conf</code>
 <code><pre>
 uid = nobody
-gid = nobody
+gid = nogroup
 use chroot = yes
 max connections = 20
@@ Line 1,143: / Line 68: @@
 log format = %t %a %m %f %b
 syslog facility = local3
-timeout = 300
+timeout = 900
 dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
 refuse options = checksum
-[archlinux]
+[name]
-   comment = Arch Linux
+   comment = Name of Repository
-   path = /mnt/storage1/archlinux
+   path = /storage/repository
    exclude = lost+found/
    read only = true
-   ignore nonreadable = yes
+   ignore nonreadable = yes</pre></code>
-[centos]
+*Created rsync motd /etc/rsyncd.motd
-  comment = CentOS - Including DVDs
-  path = /mnt/raid/centos
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[dag]
-  comment = RPMforge Repository
-  path = /mnt/raid/rpmforge
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[debian-cd]
-  comment = Debian CD
-  path = /mnt/storage2/debian-cd
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[debian]
-  comment = Debian
-  path = /mnt/storage2/debian
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[fedora]
-  comment = Fedora - RedHat community project
-  path = /mnt/lvg_storage/fedora
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[fedora-epel]
-  comment = Extra Packages for Enterprise Linux (EPEL)
-  path = /mnt/raid/epel
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[freebsd]
-  comment = FreeBSD
-  path = /mnt/lvg_storage/freebsd
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[gentoo]
-  comment = Gentoo
-  path = /mnt/storage1/gentoo
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[gentoo-portage]
-  comment = Gentoo Portage
-  path = /mnt/storage1/gentoo-portage
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[gnu]
-  comment = GNU
-  path = /mnt/storage2/gnu
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[jailtime.org]
-  comment = Jailtime Project - Now relaunched as Stacklet
-  path = /mnt/storage2/jailtime.org
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[knoppix]
-  comment = Knoppix
-  path = /mnt/storage1/knoppix
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[knoppix-dvd]
-  comment = Knoppix DVD
-  path = /mnt/storage1/knoppix-dvd
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[linux]
-  comment = Linux Kernel
-  path = /mnt/raid/linux
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[mozilla]
-  comment = Mozilla Project
-  path = /mnt/storage1/mozilla
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[openbsd]
-  comment = OpenBSD
-  path = /mnt/storage1/openbsd
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[openoffice]
-  comment = OpenOffice
-  path = /mnt/storage2/openoffice
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[opensuse]
-  comment = OpenSUSE
-  path = /mnt/storage1/opensuse
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[rpmforge]
-  comment = RPMforge Repository
-  path = /mnt/raid/rpmforge
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[slackware]
-  comment = Slackware
-  path = /mnt/storage1/slackware
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[software]
-  comment = Kernel.org's Software
-  path = /mnt/raid/software
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[stacklet]
-  comment = Stacklet (Formerly the Jailtime Project)
-  path = /mnt/storage1/stacklet
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[ubuntu-releases]
-  comment = Ubuntu Releases
-  path = /mnt/raid/ubuntu-releases
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[ubuntu]
-  comment = Ubuntu
-  path = /mnt/raid/ubuntu
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[videolan]
-  comment = VideoLAN
-  path = /mnt/storage1/videolan
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-[vms]
-  comment = CSLabs VMs
-  path = /mnt/storage2/vms
-  exclude = lost+found/
-  read only = true
-  ignore nonreadable = yes
-</pre></code>
-*Created rsync motd <code>/etc/rsyncd.motd</code>
 <code><pre>
-#########################################################################################
+###############################################################
 The Clarkson University mirror is located in Potsdam, NY, US.
@@ Line 1,346: / Line 88: @@
 http://cosi.clarkson.edu/
-If you have any questions or problems, please email mirror-admin@cslabs.clarkson.edu.
+If you have any questions or problems, please email
+mirror-admin@cslabs.clarkson.edu.
-Recent changes can be found at http://status.cslabs.clarkson.edu/tag/mirror.
+Recent changes can be found at
+http://status.cslabs.clarkson.edu/tag/mirror.
-#########################################################################################
+###############################################################
 </pre></code>
-*Secured rsync
-**<code>chown root.root /etc/rsyncd.*</code>
-**<code>chmod 600 /etc/rsyncd.*</code>
-*Restarted xinetd
-**<code>/etc/init.d/xinetd restart</code>
 ==Set Up Fedora Mirror Manager==
 *Installed mirrormanager
-**<code>yum install mirrormanager-client</code>
+ cd /usr/local/sbin
+ git clone git://git.fedorahosted.org/mirrormanager/
+ ln -s /usr/local/sbin/mirrormanager/client/report_mirror /usr/local/sbin/report_mirror
 *Configured mirrormanager
-**Modified <code>/etc/mirrormanager-client/report_mirror.conf</code>
+**Modified /etc/mirrormanager-client/report_mirror.conf
 <code><pre>
 [global]
@@ Line 1,422: / Line 162: @@
 [Fedora Linux]
 enabled=1
-path=/var/www/html/fedora/linux
+path=/usr/share/nginx/www/fedora/linux
 [Fedora EPEL]
 enabled=1
-path=/var/www/html/epel
+path=/usr/share/nginx/www/epel
 # lesser used categories below
@@ Line 1,432: / Line 172: @@
 [Fedora Web]
 enabled=0
-path=/var/www/html/pub/fedora/web
+path=/usr/share/nginx/www/pub/fedora/web
 [Fedora Secondary Arches]
 enabled=0
-path=/var/www/html/pub/fedora-secondary
+path=/usr/share/nginx/www/pub/fedora-secondary
 [Fedora Other]
 enabled=0
-path=/var/www/html/pub/alt
+path=/usr/share/nginx/www/pub/alt
 # historical content
@@ Line 1,446: / Line 186: @@
 [Fedora Core]
 enabled=0
-path=/var/www/html/pub/fedora/linux/core
+path=/usr/share/nginx/www/pub/fedora/linux/core
 [Fedora Extras]
 enabled=0
-path=/var/www/html/pub/fedora/linux/extras
+path=/usr/share/nginx/www/pub/fedora/linux/extras
 [Fedora Archive]
 enabled=0
-path=/var/www/html/pub/fedora-archive
+path=/usr/share/nginx/www/pub/fedora-archive
 </pre></code>
-[[Category:Server Setup Documentation]]
+*Added cron entries for root
+<code><pre>
+# Dir sizes
+0 * * * /usr/local/bin/dir_sizes.sh
+# backup
+0 * * * /bin/nice -n 19 /usr/bin/ionice -c2 -n7 /usr/local/bin/backup.sh
+0 * * * /usr/local/sbin/report_mirror
+</pre></code>
+[[mirror rsync setup|Setup Rsync Scripts]]