#language en

= Maintainance of s15.fluid.tuwien.ac.at =

The operation of s15 can be remotely controlled by its management interface, ms15.fluid.tuwien.ac.at.

The credentials for the management interface, and also for the `root` and `oswat` accounts
on s15 are known to Iris Fula, Rudolf Ladner, Thomas Loimer, and Christiane Lechner.
The user account `oswat` on s15 is used for administrative purposes. Although customizations
can only be done by root, any modified files, e.g., in /etc/, should be owned by oswat,
`chown oswat:oswat /etc/config-file`. That way, it is easy to find changes from the stock
debian system, `find /etc -user oswat -o group oswat`.

The operating system on s15 is debian. Type `lsb_release -a` to get information on the current
release, and type `uname -a` to get the version of the running kernel.

To keep the operating system up to date, from time to time the commands
{{{
apt-get update
apt-get upgrade
apt-get dist-upgrade
}}}
should be issued, as root.

== Firewall ==

There is a local firewall installed on s15, implemented by iptable commands.
The reason to install a firewall was to stop the frequent dictionary attacks. These manifest themselves
by frequent log-in attempts with common username - password combinations, which can be observed in `/var/log/auth.log`.
The iptable-rules count the number of log-in attempts from a ip-number, and block that number if more than 6 attempts
are tried. Another rule, in pam-stack, removes that ip-number from the blocked addresses,
if a succesful login is recorded.
See `/etc/network/iptables.up.rules`, the line with pam_exec.so in `/etc/pam.d/sshd` which, on succesful login, calls
the unblock script `/etc/network/unblock`.