|
Written by Todd Green
|
|
Thursday, 11 June 2009 11:51 |
=======
Summary:
=======
Our web servers were aging, getting hacked, and needed both hardware and
software updates. If you are simply serving html files, nothing has
changed that requires your intervention. If you are using cgi, php,
etc. Please the scripting section below.
=============================
Hardware and Software Updates:
=============================
The servers are now running dual-core Athlons with 8GB of memory each.
They are on Ubuntu-9.04 running the x86_64 server version (in order to
match shell.cs's architecture.) We are now on NFSv3 with Apache 2.2.
This means we can finally serve files > 2GB.
=======
Scripts:
=======
PHP:
Due to the ever-increasing number of attacks on our systems, we have
moved to suphp. This operates much like suexec does for cgi's. All php
scripts will now be run as you in your public_html. (Technically as the
owner of the file.) All directories in the path must be owned by you
and files and dirs cannot be world writable. Please look at the error
messages (/uusoc/sys/logs/www) if you are having issues with your php
files. More details on suphp can be found here:
http://www.suphp.org/
Any files that were in your public_html directories that were owned by
the web server have been changed to be owned by you.
Perl:
In order to try to be able to do quicker updates we are now using the
Ubuntu packages where possible. Please use /usr/bin/perl for any CGI's
and/or perl scripts on the web servers. We will not be compiling a
/uusoc/opt tree for them.
=========
SSL/HTTPS:
=========
As mentioned in a previous email, new certificates have been generated
for the new servers. Please add them to your exception list if you are
using a browser such as FireFox. If you've already added the
University's Root Cert as a trusted cert for browsers like IE, you
shouldn't need to do anything. Details on installing the cert can be
found here:
http://support.cs.utah.edu/index.php?option=com_content&view=article&id=55&Itemid=2
====
Misc:
====
The old uid of the www server was conflicting with system ids which are
shipped with modern OSes. It has been moved to a new uid (998) and a
new group www-data (gid 998) has been created to match. Anyone who was
in the old www group has been migrated to the www-data group.
- Support Group
|
|
|
Written by Scott Ostrander
|
|
Monday, 02 February 2009 09:47 |
This morning we were notified by our monitoring system that one of our shell.cs machines, "Memphis", had reached critical load. After several attempts, we were finally able to log on to the system and determined that a single process had run amok, and was utilizing almost all of the system's CPU cycles. Attempts to kill the process or shutdown the system softly, failed. The decision was finally made to perform a hard reset. The system came up cleanly and is now running in normal condition.
We apologize for any disruption this temporary loss of service has caused.
|
|
|
Written by Scott Ostrander
|
|
Sunday, 28 December 2008 17:05 |
The ELMS software center is upgrading the MSDNAA website software on Monday, December 29th at 06:00 hours MST. The downtime is scheduled for one hour. During this period, the MSDNAA site will be completely offline and no software downloads will be available.
|
|
|
|
|
|
|
Page 2 of 16 |