gluttony: system review
-
To: trent@mailhost.cs.pdx.edu
-
Subject: gluttony: system review
-
From: pdxgate!breniser@mailhost.cs.pdx.edu
-
Date: Sat, 2 Jul 94 15:33:06 PDT
-
Cc: breniser@mailhost.cs.pdx.edu, huynhl@ohsu.edu, julia@mailhost.cs.pdx.edu, yayoi@mailhost.cs.pdx.edu
Here is the system review for gluttony.
We split it into four pieces and everyone
completed 1/4 of it, then we put them together.
Here is the result:
System Name:
> Gluttony
Statement of the system's intended use:
> light system Administration research for cs410sm class @ PSU.
HARDWARE
--------
CPU(s):
> VGA
RAM:
> 3968 KB --> about 4 MB
Non-disk peripherals and cards:
> None.
Disk configuration (type, size, controllers -- if possible, find out
the average seek time and transfer rates of each):
> type : hd
> size : 149591 1024-block size
> controllers : one /* I think */
>
Serial lines (list total & speed; Are they wired and configured for
modem control? Are they incoming, outgoing, or bidirectional?):
> Have no idea.
Modems (same information):
> no modems connected to Gluttony.
Graphics (list screens, colors, resolution, mice, keyboards, etc.):
> one screen (Console), not color, don't know how many resolution,
> no mice, and one keyboard.
PHYSICAL ENVIRONMENT
--------------------
Is the temperature controlled?
Dust and/or dirt? If not, how often is hardware cleaned?
> NA.
Are there filters which need to be cleaned out? How often?
> NA.
Is the hardware out of harm's way (vibration, kicking, vandalism,
liquid & solid spills)?
> don't know.
Is the hardware locked to prevent theft?
> No.
Noise -- Is the hardware obnoxious to work around? Is there other
noise in the room which will bother users of this system?
> No.
Ergonomics -- Is the console comfortably usable? Is there enough
space for papers or manuals one might wish to use at the console?
> Console is Usable. There is not enough space for manuals.
Who has access to the system console? I.e., who might be able to
get a single-user (root) shell?
> Login name: julia In real life: Majid Awad
> Login name: breniser In real life: Larry Breniser
> Login name: yayoi In real life: yayoi uemura
> Login name: huynhl In real life: Linh Buu Huynh
> Login name: trent In real life: Trent A. Fisher
SYSTEM USAGE
------------
Total number of users:
> five.
Typical maximum number of active users:
> 0-1.
Type of usage:
programming (light -- academic, or heavy -- research, large programs)?
> light
text formatting, typesetting (light or heavy)?
> light.
compute-bound, long-running jobs?
> No.
reading news & mail?
> No news, light mail.
graphics/windowing users?
> None.
other?
> learning on the system ( Lynix ).
DISK USAGE
----------
Amounts each of (estimate if necessary):
total user space:
> 85928 KB
> active user space (<= 3 months old):
total system (non-source) space:
> 30246 KB
total system sources (incl. local additions):
> 30256 KB
space for proprietary options (languages, dbms', etc.):
> 21863 KB
data collection space:
> 8362 KB
swap space (interleaved over how many disks & controllers):
> 1?
List the partitions & what they're mounted as (Is disk activity
interleaved across disks/controllers?):
> Filesystem 1024-blocks Used Available Capacity Mounted on
> /dev/hda1 12327 3349 8362 29% /
> /dev/hda3 51336 26907 21863 55% /usr
> /dev/hda4 85928 2859 78773 4% /home
> No.
How long does it take to do a full file-system check at boot time?
> Unknown.
NFS: What partitions are shared among clients & servers in the system?
Are partitions explicitly exported (not "world" exported)?
> None.
Cleanup & space monitoring issues:
Log files rotated (news, uucp, syslog, messages, acct, lastlog,
wtmp, sulog, others)?
> /usr/adm/syslog
> /usr/adm/lastlog
> /usr/adm/wtmp
> /usr/adm/messages
Spool areas (news expires, enough space for mailboxes, uucp queues
expired, mail queues)?
> /var/spool
> atjobs/ cron/ locks@ lpd/ smail/ uucp/
> atspool/ ftpd/ lp1/ mail/ tmp/
Likely overflow areas -- identify them, and discuss what will be
the impact when they fill up (e.g. /usr/tmp, /usr/spool/mail,
news spool, uucp spool, etc.)?
> /tmp /usr/tmp /usr/adm/* /var/spool/mail /var/spool/lp1
> Since they all share one partition the solution is the same of each.
> Trim log files in /usr/adm, cleant up in /tmp and /usr/tmp, look for
> core files in /
Are junk files cleaned up (core, editor backup, mh deletes, a.out's)?
> No.
Is space usage monitored? (manually? automatically?)
> No.
How intrusive is the cleanup? I.e. do "find" operations cross NFS links?
> There are none.
CRASH RECOVERY
--------------
Alternate boot device(s) (disk, tape, network)? If there's space,
is there an extra copy of the boot file(s)?
> Unknown.
If there's only one boot device (root disk), how hard is it to restore
the system after that device crashes? Write down the procedure.
> Unknown.
List partitions which are backed up (or not backed up), how often they
are backed up, and in what form (dump, tar, cpio, other; local or
remote device):
> No backups.
When was something last retrieved from backup (i.e. how often are
the backups tested)?
> N/A
Are the backup media clearly labelled? Where are they stored?
> N/A
Is the hardware on maintenance contract? How much does it cost?
You may wish to discuss how much it would cost to replace or
repair the equipment if it is not on contract.
> Unknown.
What spare hardware is there in case of a failure? Discuss what
procedures are in place for providing service to replace that lost
when something fails for short and/or long periods of time.
> Unknown.
SECURITY
--------
Are checks for setuid files made periodically?
> No.
PATH for users & root "safe" ("." last or not present)?
> No.
All directories in PATH protected against world writability?
Group permissions "sensible"?
> Yes, except "."
> (/usr/TeX/bin /usr/openwin/bin do not exist)
Is there a list somewhere of what the permissions should be on all
(non-user) directories on the system? How about an automated check
and report of changes? Is that list stored offline?
> No.
> No.
> N/A
User mailbox directory and files protected against loss or invasion
of privacy?
> Yes.
Who knows the root password? Who has sudo access? Do all of these
people REALLY NEED this type of access?
> Our group and trent.
> Yes.
When was the root password last changed? When was YOUR password last
changed? Are these passwords easy to guess or decrypt?
> Unknown.
> N/A
> No.
Is the password file (and directory) protected? How about the root
directory and filesystem? Is there a "shadow" password file on
the system? Are the include files protected? Home directories?
> Yes.
> Yes.
> No.
> Yes.
> Yes.
Are there any daemons which are run as root when they don't need to be?
> Unknown.
Ttys -- Some systems can disallow root logins. Is this set up?
Is modem control enabled (i.e. if CD or DTR drops, does the
session die)?
> No.
> N/A
Do you read the security mailing list? Do you (try to) understand it?
> No.
> I used to
Is tftp locked up to provide only limited file access?
> Unknown.
Do any of your users have stupid passwords? Do you check regularly?
(blank passwords, blank lines, guessable passwds)
> Unknown.
Do you seeme installed to disable users?
> No.
Is the default umask set properly?
> Unknown.
Do you have the distribution media archived (copied, then stored)?
> Unknown.
Do you have a healthy Backup schedule? (daily)
> No.
Do you have Backup media purchased and on hand?
> No.
Is your Backup media labeled and stored safely?
Where? Is there an off site copy?
> N/A
PRINTING
--------
What types of printing are possible from the system?
Local line printer?
Remote line printer?
Laser printer?
Typesetter previewing?
Are the printers cleaned and maintained (paper, etc.)?
* N/A
>> I refered the file named /etc/printcap. It has only comments.
MAIL SYSTEM
-----------
System-wide aliases maintained? Do the departmental aliases point
to a central alias db?
* No?
>> I found two files named "aliases".
One is under /usr/lib, and the other is under /usr/lib/smail/samples/
bigsite/bargw.
Is there a "postmaster" alias? root alias? Do you read them?
* No?
>> There is a "postmaster" and "root" aliases in the above second file.
But I don't think it is reasonable.
Does it handle UUCP ("!") and domain ("@") addresses?
* ?
>> I don't know how to find out.
Does it forward mail to a smart gateway if necessary?
* ?
>> I don't understand the question.
If a gateway, can it forward between UUCP, Internet, and local
destinations?
* Yes?
>> I am not sure. I guessed from files named /etc/protocols and /etc/services.
TCP/IP NETWORKING
-----------------
Host table (/etc/hosts) up to date? Where did it come from?
* I don't know.
Are the net address, subnet mask, and broadcast address set properly?
Write down what they should be:
* I don't know.
>> The net address is set in /etc/hosts.
(127.0.0.1 gluttony.cs.pdx.edu gluttony localhost
131.252.22.95 gluttony.cs.pdx.edu gluttony )
But, what is subnet mask? and broadcast address?
Is the system a gateway (i.e. more than one net interface)?
* I think so.
>> There is a file named /etc/gateways. But I am not sure.
Does the system run a routing protocol? Which one? Does it really
need to be running it?
* I don't think so. ??
>> In /etc/protocols, there is no protocols of text p247.
What is a routing protocol?
Is the default route set properly at boot time?
* ?
>> I have no idea.
Does the system use DNS (Domain Name Service, i.e. nameserver)?
Do all networking programs make use of it? Which do not?
* I think so. I don't know.
>> In the file /etc/services, there is a service named "nameserver".
Are /etc/hosts.equiv and /.rhosts reasonable? I.e. does EVERYTHING
in them NEED to be there? How about your personal .rhosts?
* Yes?
>> /etc/hosts.equiv has all comment.
There is no file named ".rhosts"
Does the system generate useless or obnoxious network traffic?
Bad (wrong) broadcasts?
Act as a gateway when it isn't one (try to forward packets)?
Run rwhod?
Generate routing updates (if not a gateway)?
* ?
>> I have no idea.
Can your system successfully connect with ftp,telnet and other
network programs to remote and distant hosts? Do you check
regularly?
* Yes. We will.
>> I did telnet, ftp and rlogin to rigel. It was OK.
CONTINUOUS MAINTENANCE TASKS
----------------------------
The following are things which may need hourly, daily, or weekly attention.
Some can be automated, some may need to be done manually (mark how and
when they are done on the system (or if they are not done)). As a starting
point, you should look in the crontab to see what gets done automatically.
Follow through the scripts that cron calls, to see exactly which tasks
are performed.
(Note: If you have access to Lynx, take a look at what it does on a
regular basis -- it's pretty thorough, and may give you some better
ideas about what's necessary.)
Mail System:
Enough spool space (queued traffic, log files)?
> Don't know.
Log files and old queued notes get cleaned up?
> Don't know.
Do you know how to add UUCP-only domains which the system forwards
for (if a gateway)?
> Don't know.
Do the UUCP maps get updated as postings come in (if a GW)?
> Don't know.
Do you check for errors in the unpacking of the maps?
> Don't know.
Do you maintain the UUCP map entry for this site (e.g., where
do you send updates)?
> Don't know.
Persistent and/or serious errors checked and corrected?
> No
News System:
Enough spool space (articles and batch files go here)?
> Don't know.
Enough "lib" space (sys, active, history, & log files go here)?
> Don't know.
Old articles being expired?
> Don't know.
Bad (empty) articles & other "droppings" cleaned up?
> Yes
History file rebuilt occasionally (monthly)?
> No
Logs and errlogs trimmed?
> Don't know.
Control messages handled (newgroup, rmgroup, checkgroups)?
> Don't know.
Are there a lot of articles ending up in "junk"? If so, then probably
you need to run the next checkgroups posting which comes in.
> No
Do you scan the news.admin, news.groups, news.software, etc. groups?
> No
Are outgoing and incoming feeds flowing regularly?
> No
UUCP System:
Enough spool space (queued traffic and log files go here)?
> Don't know.
Log files trimmed?
> Yes
Old queued traffic expired (via uuclean)?
> Don't know
Traffic flowing OK?
> Yes
Do all connections have their own login id & password?
> Yes
Do failure messages to those id's get forwarded to postmaster?
> Don't know
List the procedure for adding a new uucp connection:
> Don't know
Log files & miscellaneous cleanup:
Do log files get trimmed (e.g. wtmp, lastlog, acct, sulog, messages,
syslog, logfiles for various daemons, etc.)?
/usr/crash core dumps cleaned up? Causes examined?
/tmp & /usr/tmp cleaned up?
> Don't know
Disk usage monitored (heavy users, old unaccessed files)?
> Backup on tape for old unaccessed accounts more than 3 months.
Adding accounts, propagating password and group files.
> Used adduser script in /skel/adduser
Keeping host table(s) and/or DNS up to date and in synch.
> Don't know
Keeping termcap files up to date and in synch.
> Don't know
Does the system make regular traffic, resource usage, and error summaries?
> Don't know
Local Additions
---------------
Where do binaries for local applications go?
> Don't know
Where do binaries for local sysadmin tools go?
> Don't know
Where do local man pages go?
> Don't know
Where do local online documents go?
> Don't know
Where do local C libraries go?
> NA
Where do other local libraries go?
> NA
Where do local fonts go?
> NA
Where do local bitmaps go?
> Don't know
Where do local administrative tools go?
> /etc/bin
Where do log files go?
> Don't know
Where do local config files go?
> Don't know
Where are the new user init files and templates?
> Each user will have default .login .logout .profile .bashrc .bash_profile copied from /usr/skel
Is there a system wide login init file?
> No
What environment variables does it set?
> Don't know
Where is it?
> NA
Do the new user dotfiles use it?
> Don't know
What other system wide init files are there?
emacs?
Mail?
X-windows?
MH?
others?
> Don't know
Where are they?
> Don't know
What do they do?
> Don't know
More importantly, do they behave the same on all of our machines?
> Don't know
Baud rates and term type set?
> Don't know
Is there an Initail login script for the first time someone logs in?
> No
Basically go thru /usr/local and list what is installed there.
> NA
Decide if it needs to be there (is it used) and if it needs to be
updated.
> NA
Package Version Origin Version Origin
(local) local most recent remote
source available source
____________________________________________________________________________
(eg)
emacs 18.51 ulysses.cs 18.52 prep.ai.mit.edu
____________________________________________________________________________
Termcap 2.00 /etc/termcap
Hosts
Networks
Services
Gnu emacs
news
nntp
rn
less
patch
perl
X-windows
bind
sendmail
MH
TeX/LaTeX
kermit
rz/sz
RCS
shar/unshar
rolo
sudo
top
lsof/ofiles
lpr
compress
cops
spelling checker
COMPILERS:
C
Fortran
Pascal
Lisp
Prolog
C++
gnuplot
others
________________________________________________________________________
CONFIGURAION
------------
Do your users have healthy dotfiles?(including root)
(.login,.cshrc,.logout,.mailrc,.newsrc,.mh_profile)
Have you reviewed and studied the system configuration files
to see if they are reasonable:
passwd
group
termcap/terminfo
printcap
crontab
fstab
gettytab
ttys
ttytype
rc/rc.local
exports
aliases
resolver or named.conf
hosts
hosts.lpd
syslog.conf
loghost set correctly
inetd.conf
sendmail.cf
hosts.equiv
.rhosts
> No
Paths:
Is the path that whereis uses correct?
> Yes
Is a Man Path supported
> No
Have you recompiled and optimized the kernal?
(buffer sizes, options, devices)
> No
ADMINISTRATION
--------------
Have you set up and do you use regular User communications?
motd
> No
newsgroups(cs.howto,cs.hpux,cs.utek,..)
> No
mail aliases(utekbugs,utekxbugs...)
> No
newsletter
> No
policies:
Do you have clear articulated Policy statements?
> No
Do you have a Use policy for the machine?
> No
Do you have an Account policy and proceedure?
> Yes
How long does it take to get an account?
> 1 week
List the proceedure to get an account:
> Trent asks for them!
Do you have a proceedure to know which accounts to delete?
> no
How do you know when to delete an account?
> no
Do you delete inactive accounts?
> no
What is the procedure to delete an account:
> Do not have one.
Do you have a written Backup policy?
(what gets backed up, how often)
> No
Have you got written and documented proceedures for:
Backup
> No
Recovery
> No
Cleaning
> No
Accounts
> Yes
New programs
> No
Plans
> No
Are changes announced ahead of time? (at least a week)
> No changes yet.
Are system changes marked with name and date and mail address of
the person making the change?
> No changes yet.
Do you have a designated administrator for the system?
> Actually 4 of them
Is there a System book which is in a known place that provides
the focal point for the system and documents the sytem and its
plans?
> No
Are there procedures providing for continuing documentation/support?
> Not yet.