Microsoft's Internet Information Server (IIS) uses a local computer account, IUSR_servername to provide access to the filesystem and other resources for anonymous web users.  We've had some problems getting the permissions correct for this acount.

I'd like to propose the following scheme, based on the recommendations from Microsoft's IIS 6.0 Security Best Practices

As we work to bring the new Nagios system on-line, there's a lot of firewall changes that need to get made.

Comtech has established a range of addresses for all OIT devices meant for monitoring, and the intention is to open this address range (referred to as "OIT-Monitor") for incoming access for monitoring protocols for all datacenter subnets. This will make firewall settings easier and quicker for ComTech, and allow everyone less back and forth in setting up firewall rules for new VLANS.

To communicate over ssl with the WolfTech domain controllers, you will need to import the ITECS root Certificate Authority.

In the near future, WolfTech will be moving to the NCSU CA run by OIT SnC. At that point, the root certificate will change.

A question commonly asked, how does one best edit /etc/sysconfig/iptables during a Web-Kickstart %post?

You could include the entire file in the %post section of your kickstart.  However, what about the default ports added for AFS, or another use file that may wish to slightly alter the host's firewall?

My friends, sed is the answer.  The RHEL or Realm Linux 5 firewalls include a 'RH-Firewall-1-INPUT' chain where the Red Hat customizations live, so lets edit that:

Tomorrow is International Talk like a Pirate day

I have some content filters in place on the ISO blog that I will be testing in honor of this most sacred and special of days.  Please don't page anyone to report problems with our site tomorrow, it's all part of a scheduled, planned test.

Yesterday Kevin and I met with Danny and Harry and discussed how to address the proliferation of OU admins in the WolfTech domain from within OIT.  We now have 11 OIT OUs,  (OIT-AC, OIT-ComTech-CMS, OIT-OCC, ISO_PROV,ISO_SHS,ISO_RnD, TSS_CS, TSS_LSS, TSS-DS, TSS-SC not to mention ITD-DSP), which is causing problems because being an OU admin in WolfTech implies a level of communication with the rest of the admin community that simply isn't present in most cases.

FYI, I've adjusted the software firewall on license02 so that the new Nagii can monitor it properly.

Folks,

I added a drupal module, JTooltips, to the ISO blog.  I'm trying to make our site "richer" without adding a lot of work to content creation.  It shouldn't impact access, just AJAX things up a bit, but if people hate it, it's easy enough to turn off.

John

The wolfech.ad.ncsu.edu is the domain used by all groups on campus,

These documents provide information about how OIT is using WolfTech

In order to reduce duplicate calls for ComTech, improve our security practices, and generally speed up request processing for QIP access, ComTech has created a QIP role named "oit-iso-tech"

This role provides access to QIP objects, and members can easily be added or removed from the role.  The initial membership of this role will be the staff in ISO-PROV and ISO-SHS (those that do production QIP work in ISO)