smparkin - important.md

Sysadmin Important Things

Servers

  • sulu: 10.13.37.1
    • sulu functions at the lab's routing server and is the device that handles the firewall and DHCP for all devices in the lab (it should function correctly after a reboot)
    • Important files/folders:
      • /etc/dnsmasq.conf
        • config file for dns, includes MAC address to IP assignments and all the fun rerouting things that I'm doing with the .wh tld
      • /var/lib/misc/dnsmasq.leases
        • pretty self-explanatory, but contains the list of devices that currently have a lease (not necessiarily every device currently on the network)
      • /proc/sys/net/ipv4/conf/enp0s25/forwarding
        • this file MUST have a 1 in it for the networking in the lab to function
      • /home/smparkin/iptables*
        • all the different iptables things we were trying, i believe the current set is iptables-working
  • scotty: 10.13.37.166
    • scotty functions as the lab's PXE server and runs a tool called Clonedeploy, allowing it to distribute OS images to the lab machines or VMs if people bridge their networking correctly (it should function correctly after a reboot)
  • spock: 10.13.37.167
    • spock is our VM server and currently is running UNRAID, the only thing we've used this for in the past year is for hosting the CTF workshop stuff
  • kirk: (not currently on SecLab network)
    • nicks server, its connected to the wall so we arent managing it, i assume when hes gone next fall we will use it for something, maybe it can be a storage server if we get a SAS backplane for it (might i recommend bones for the name)

Other/General Stuff

  • you know how spotbot works, if it ever fails more than you can fix, i would recommend rebuilding librespot by going into the librespot folder and running cargo clean && cargo build --release
  • seclab-bot should like probably be fine, if you ever want to add another status, look at the commits for seclab-bot and seclab-listener, i never documented that very well, and even the second time when i added fire i went off my prevoius commits for coffee
  • as with pretty much anything, feel free to ask me about anything else i didn't include in this terribly formatted, very short, and very quickly thrown together doc
 1# Generated by iptables-save v1.6.1 on Tue May 29 02:27:29 2018
 2*filter
 3:INPUT DROP [1109:59018]
 4:FORWARD ACCEPT [2643:1409995]
 5:OUTPUT ACCEPT [285:23018]
 6-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 7-A INPUT -i lo -j ACCEPT
 8-A INPUT -i enp0s25 -p udp --dport 67:68 --sport 67:68 -j ACCEPT
 9-A INPUT -i enp1s0 -p tcp -m multiport --dports 22,80 -j ACCEPT
10-A INPUT -i enp1s0 -p udp -m multiport --dports 53,67,69 -j ACCEPT
11-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
12-A FORWARD -s 127.0.0.0/8 -j DROP
13-A FORWARD -d 127.0.0.0/8 -j DROP
14-A FORWARD -s 10.0.0.0/8 -i enp0s25 -j DROP
15-A FORWARD -s 129.65.0.0/16 -i enp1s0 -j DROP
16-A FORWARD -d 10.0.0.0/8 -i enp0s25 -j DROP
17-A FORWARD -s 10.13.37.0/24 -d 10.13.37.0/24 -j DROP
18
19COMMIT
20# Completed on Tue May 29 02:27:29 2018
21# Generated by iptables-save v1.6.1 on Tue May 29 02:27:29 2018
22*nat
23:PREROUTING ACCEPT [515:37557]
24:INPUT ACCEPT [269:21503]
25:OUTPUT ACCEPT [268:18260]
26:POSTROUTING ACCEPT [192:12419]
27-A POSTROUTING -o enp0s25 -j MASQUERADE
28COMMIT