User Tools
misc:2015revew
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
misc:2015revew [2015/01/27 14:41] tschulz [Offsite Backups] |
misc:2015revew [2015/01/27 15:21] (current) tschulz [Responsible for troubleshooting hardware/software problems/Devise and administer security on the administrative network. (Managed Java Plugin Updates)] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== 2015 Review ====== | ====== 2015 Review ====== | ||
| + | |||
| + | ====== Goals going Well ====== | ||
| ===== Operates/manages the District- wide area network. (Disaster Recovery)===== | ===== Operates/manages the District- wide area network. (Disaster Recovery)===== | ||
| Line 341: | Line 343: | ||
| ==== Offsite Backups ==== | ==== Offsite Backups ==== | ||
| * I have plans of storing weekly backups on google drive. Due the extreme size of the data set I need to figure out a schedule so that the upload doesn't affect internet speed for the Freshwater cluster. | * I have plans of storing weekly backups on google drive. Due the extreme size of the data set I need to figure out a schedule so that the upload doesn't affect internet speed for the Freshwater cluster. | ||
| + | |||
| + | ===== Devise and administer security on the administrative network (Intrusion Protection) ===== | ||
| + | * This fall we had numerous attacks on our Wordpress site and the attackers were able to exploit an unpatched vulnerability in Wordpress to that allowed them to modify files. Before the vulnerability was patched I devised a permission structure that prevented further intrusions. I also added intrusions detection measures to the school firewall that now detects and blocks access at the firewall to any internet address that is trying to break into one of our web servers<file bash secure_perms.sh> | ||
| + | #!/bin/sh | ||
| + | |||
| + | chmod -R 555 . | ||
| + | FILES="`find . -type f | sed \"s\ \+\g\"`" | ||
| + | for i in $FILES | ||
| + | do | ||
| + | #chmod 644 $i | ||
| + | NEWPATH="`echo $i | sed \"s\+\ \g\"`" | ||
| + | ##echo $NEWPATH | ||
| + | chmod 444 "$NEWPATH" | ||
| + | chown www-data:www-data "$NEWPATH" | ||
| + | done | ||
| + | |||
| + | chmod -R 755 ./wp-content/blogs.dir | ||
| + | chown -R www-data:www-data ./wp-content/blogs.dir | ||
| + | FILES="`find ./wp-content/blogs.dir -type f | sed \"s\ \+\g\"`" | ||
| + | for i in $FILES | ||
| + | do | ||
| + | #chmod 644 $i | ||
| + | NEWPATH="`echo $i | sed \"s\+\ \g\"`" | ||
| + | ##echo $NEWPATH | ||
| + | chmod 644 "$NEWPATH" | ||
| + | chown www-data:www-data "$NEWPATH" | ||
| + | done | ||
| + | </file><file>pass in on {$ext_if1, $ext_if2} proto {tcp,udp} from any to $WEBSERVER port $WEBPORTS flags S/SA keep state (max-src-conn 100, max-src-conn-rate 30/5, overload <abusive_hosts> flush)</file> | ||
| + | ====== Goals Inprogress ====== | ||
| + | |||
| ===== Responsible for troubleshooting hardware/software problems/Devise and administer security on the administrative network. (Managed Java Plugin Updates) ===== | ===== Responsible for troubleshooting hardware/software problems/Devise and administer security on the administrative network. (Managed Java Plugin Updates) ===== | ||
| - | * Currently there is no established way to keep the Java Plugin software updated. Since this plugin is required for the Infinite Campus gradebook, Infinite Campus food service, Pearson Online testing. It is critical that this software kept up to date. I had to create server and client software to push out the updates. I am currently rolling the client software to faculty computer. We should have fully transparent and managed java updates before the end of Winter. | + | * Currently there is no established way to keep the Java Plugin software updated. Since this plugin is required for the Infinite Campus gradebook, Infinite Campus food service, Pearson Online testing. It is critical that this software kept up to date. I had to create server and client software to push out the updates. I am currently rolling the client software to faculty computer. We should have fully transparent and managed java updates before the end of Winter. As the update system stands right now it is able to push put automatic updates as long as there is no web browsers preventing the updates to the plugin software. I plan to implement a notification that all web browsers need to be terminated. This will close all browsers unless the user cancels the update. |
| + | |||
| + | ===== Operates/manages the District- wide area network. ===== | ||
| + | * I would like to implement some sort of cable management in the school's server room. The biggest problem by far are the many analog video cables that will need to be rerouted and probably reterminated. The ethernet cable could be address by putting in a 48 port patch panel so that the cable runs are a lot cleaner and clearly labeled. This is not anything terribly difficult, but it would require the nearly everything to be powered down at some point while the cables are rerouted. | ||
misc/2015revew.1422391264.txt.gz · Last modified: 2015/01/27 14:41 by tschulz
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
