ERIS Standard Linux Server Build - CentOS 8

Users should have a basic understanding of Linux and Unix-like operating systems to get the most out of their VM.

Builds are managed using puppet.  If you need to change any of the following puppet managed services, contact ERIS at rcc@partners.org and we can make a variance for your VM. Tampering with, removing or disabling the puppet management tools may compromise the security of your VM.    If stopping puppet services to troubleshoot, please restart them when troubleshooting is competed, they will also restart nightly.

System Access: 
Access to VMs is granted via SSH from inside the Mass General Brigham firewall using your username and password.  If you need access from outside, either use your VPN connection or request an SSH relay server account from rcc@partners.org.  If your group has a PAS group assigned, you can request that your VM be set up to use that group for admin or user access. 
Accounts requested as administrators have sudo access, use sudo to execute commands with root privileges.  To add additional users or administrators, simply add their Mass General Brigham username to the local “users” group for login access and “admins” for sudo access.  Admins need to be members of both groups to log in and use sudo. 
Our standard build is based on a basic server install of CentOS 8.  The following changes are made and enforced via Puppet.  If you need to make changes to any of the following defaults, contact rcc@partners.org and request the change.  

Root password: 

The root password is assigned via puppet and should not be changed by users or admins.  If you need to execute commands with root privileges, use sudo instead.  SSH login as root is not permitted. 

Security: 

SELinux is set to enforcing.
Firewall is configured via Puppet, additional ports can be requested to be open.  Outbound traffic on all ports is allowed. 

Monitoring: 

Nagios is used to monitor hosts for issues.  Copies of common log files are sent to our central syslog server. 

Software updates:

Updates are automatically run by yum-cron on a weekly basis. 

Software Repositories: 

Software repositories are configured by Puppet.  By default CentOS Base, extras and EPEL are enabled.  Admins can install software using yum. ‘sudo yum install <packagename>’ 

Postfix: 

Postfix is configured as the default MTA on these servers and outgoing mail will be sent via phsmgout.partners.org 

NTP: 

NTP is configured to use the Mass General Brigham time servers as well as several internet sources as backup. 

Authentication: 

SSSD is used to authenticate users against the Active Directory services. 
Go to KB0028007 in the IS Service Desk