LOG OF CHANGES/UPDATES/IMPROVEMENTS to www.gate.ac.uk ----------------------------------------------------- ---------- 17-19 Oct '00 Installed Oracle client. Required adding CD drive (spare taken from snarl) and using the scratch partition from the new hard disk installed a few weeks ago. The old disk was removed. Oracle configuration basically copied from derwent, with help from photo.net for setting up a client-server relationship. Julian opened a hole between gateway & derwent in the firewall for TCP/IP traffic on port 1521, the port the Oracle listener uses. Both netasst and sqlplus successful in connecting to derwent. ---------- 21 Sep '00 Replaced old external hard disk with newer 9Gb disk partitoned into 3: 2Gb /usr/local and the rest evenly divided between /export/www and /export/scratch. The contents of /usr/local and /export/www on the old disk moved across and remounted on the new disk. The old disk stays online for now just in case. ---------- 02 Mar '00 Compiled and installed perl5.005_03 - used 'doit' to make symlinks to /usr/local (had to install doit too!) to avoid 'static' installs for the future. From now on install all apps this way. ---------- 24 Feb '00 Got syslogd to log authorization messages using the line: auth.debug /var/log/authlog in /etc/syslog.conf with tabs and not spaces between the two parts. This seems to log failed login attempts, which alongside /var/log/inetd.log logging telnet connections, provides a reasonable audit trace. ---------- 23 Feb '00 Changed nsd.tcl (config file) for AOL server to record web hits in a new directory /var/log/www - this is better IMHO than the deep tree they were being recorded in. Unfortunately the UID problem means that only gateadmin (and root) can read the logs at present. Managed to get some logging going. Added the -t flag to inetd which causes it to trace all calls and send them to syslogd. Edited syslogd.conf so that it sends the traces to a file /var/log/inetd.log. It doesn't seem to distinguish between successful and unsuccessful calls though (sigh). ---------- 22 Feb '00 Newly compiled AOL server (as3b61) downloaded from derwent (where it had been compiled for the GATE test server) and untarred. Only necessary then to go into the as3b61/root directory and copy the ./bin ./lib ./include and ./modules sub-directories to replace their as3b5 versions in /usr/local/AOLserver. Checked file and directory permissions were paranoid and all owned by gateadmin. Now needed to restart the AOL server: 1. remove the line in /etc/inittab and kick the init daemon. 2. replace the line in /etc/inittab with (notice change in synatx): w1:23:respawn:/usr/local/AOLserver/bin/nsd82 -i -t /usr/local/AOLserver/nsd.tcl -u webadmin 3. kick the init daemon again. New version does not read user & group information in nsd.tcl file so they need to be set explicitly by -u and -g in the command line. However, currently there is a bug that makes it ignore -g too (runs as GID 0 :-/). Need to keep an eye in www.aolserver.com for a fix to this. ---------- 21 Feb '00 New patchdiag.xref downloaded from www.sunsolve.co.uk. Recommends security patch 108721-01. Downloaded along with the following updated patches: 107180-17 107200-12 107443-11. All patches added. The following line added to /etc/inittab: w1:23:respawn:/usr/local/AOLserver/bin/nsd82 -it /usr/local/AOLserver/nsd.tcl to start the aolserver via initd. Machine rebooted to initialise patches and web server starts ok. Diagnostic problems with sendmail aliasing on startup - need to sort out sendmail soon.