Maintainance of s15.fluid.tuwien.ac.at

The operation of s15 can be remotely controlled by its management interface, ms15.fluid.tuwien.ac.at.

The credentials for the management interface, and also for the root and oswat accounts on s15 are known to Iris Fula, Rudolf Ladner, Thomas Loimer, and Christiane Lechner. The user account oswat on s15 is used for administrative purposes. Although customizations can only be done by root, any modified files, e.g., in /etc/, should be owned by oswat, chown oswat:oswat /etc/config-file. That way, it is easy to find changes from the stock debian system, find /etc -user oswat -o group oswat.

The operating system on s15 is debian. Type lsb_release -a to get information on the current release, and type uname -a to get the version of the running kernel.

To keep the operating system up to date, from time to time the commands

apt-get update
apt-get upgrade
apt-get dist-upgrade

should be issued, as root.

Firewall

There is a local firewall installed on s15, implemented by iptable commands. The reason to install a firewall was to stop the frequent dictionary attacks. These manifest themselves by frequent log-in attempts with common username - password combinations, which can be observed in /var/log/auth.log. The iptable-rules count the number of log-in attempts from a ip-number, and block that number if more than 6 attempts are tried. Another rule, in pam-stack, removes that ip-number from the blocked addresses, if a succesful login is recorded. See /etc/network/iptables.up.rules, the line with pam_exec.so in /etc/pam.d/sshd which, on succesful login, calls the unblock script /etc/network/unblock.