This document is for system administrators, webmasters and users of GNU and FSF machines in France.
--- The Detailed Node Listing ---
No information on the philosophical and political goals of the FSF Europe in general and the FSFE France in particular can be found in this document.
The machines donated to the FSF Europe and hosted in France are part of the set of machines available to the GNU project. As such they follow the same rules and the same policy.
Reference documents describing the GNU environment are http://savannah.gnu.org/projects/sysadmin for system administration information and the Savannah admin guide for usage of the project hosting facility.
The essential URLs related to this document are:
This list accurately describes the purpose of each piece of harware dedicated to the GNU project in France. It must not describe the interconnection between them. If something is running on these machines that do not match the intented purpose described here, it can be uninstalled without notice.
Web hosting (www.fsfeurope.org, france.fsfeurope.org); Secondary DNS for GNU (ns2.gnu.org); GNU Friends hosting.
PIII500, 512Mb RAM, 5x9Gb SCSI
Savannah mirror; Audio/Video gatekeeper (gnomemeeting relay);
Dual PIII 550 1 GB RAM Asus P2B-D 2 serial ports 1 parallel port 2 ethernet 3c905C-TX 2 20 GB IDE disks 1 SCSI Adaptec 7892A (rev 02) Double power
Serial console server.
PII 350 256 MB RAM Asus P2B-D 2 serial ports 1 parallel port 1 ethernet 3c905C-TX 2 20 GB IDE disks Double power
Serial console server.
Bi PIII 750 512 MB RAM 2 serial ports 1 parallel port 1 ethernet eepro100 2 18 GB SCSI disks Adaptec aic7896/97 Ultra2 SCSI adapter
switch> enable Password: switch# show configuration (show kind of a diff with the defaults) switch# configure terminal switch(config)# exit switch# write memory switch# exit
It is only possible to get access to the switch from the serial line.
The SNMP server was configured and is available with the GnuRms community.
Documents : Product manual
Contact : Loic Dachary
Documents : Product manual
Contact : Loic Dachary
Not available on the Internet. Dedicated to office needs of FSFE France.
Dual PIII 500 512Mb RAM 4G SCSI 8G IDE CD PLEXTOR 32X CD TEAC CD-R55S ATI Mach64 Voodoo 2 AWE 64 gold IIyama 17"
Not available on the Internet. Dedicated to Frederic Couchet for permanent activism.
Inspiron 3500 128Mb RAM 6G Disk
Each hardware is mentionned by its name in the See Hardware List. Each location is mentionned by its name in the See Hosting facilities. The sole purpose of this chapter is to describe the precise location of the corresponding hardware and its physical connections with other hardware.
ttyS0 = snail.gnu.org:/dev/ttyS0 -> Cisco Catalyst 3500 XL:console : 9600 8N1, cisco specific cable (flat blue rj45 + db9 adaptator ref 74-0495-01 written on it) ttyS1 = frog.gnu.org:/dev/ttyS1 -> snail.gnu.org:/dev/ttyS1 (getty) : 9600 8N1, null modem db9 power cable is controled by BlackBox Pow-R-Boot 5 + ethernet cable is connected to Cisco Catalyst 3500 XL
ttyS0 = frog.gnu.org:/dev/ttyS0 -> BlackBox Pow-R-Boot 5 +:console : 9600 8N1, null modem db9 ttyS1 = frog.gnu.org:/dev/ttyS1 -> snail.gnu.org:/dev/ttyS1 (getty) : 9600 8N1, null modem db9 power cable is controled by BlackBox Pow-R-Boot 5 + ethernet cable is connected to Cisco Catalyst 3500 XL
power cable is controled by BlackBox Pow-R-Boot 5 + (port 3) ethernet cable is connected to Cisco Catalyst 3500 XL (port 5)
snail.gnu.org:/dev/ttyS0 -> Cisco Catalyst 3500 XL:console : 9600 8N1, cisco specific cable (flat blue rj45 + db9 adaptator ref 74-0495-01 written on it)
frog.gnu.org:/dev/ttyS0 -> powerboot:console : 9600 8N1, null modem db9
fr.fsf.org power cable is connected to a UPS
Each section in this chapter describe a location where GNU machines are hosted in France.
If the people and contacts listed here are for some reason unable to fix an urgent problem, one can look into the sysadmin.texi document (entry Nevrax, Free.fr) in the private project http://savannah.gnu.org/projects/sysadmin/. This document list additional information that cannot be published to preserve the privacy of the people.
Free is one of the largest Internet provider in France. There is little chance that we are able to spot a connectivity problem which they overlook.
The range of IP addresses that is granted to us is:
18.104.22.168 - 22.214.171.124
The reverse is managed by Free and Antoine Levavasseur is the one to ask for a reverse change. The current setup is
126.96.36.199 snail.gnu.org 188.8.131.52 snail-ssh.gnu.org 184.108.40.206 frog.gnu.org 220.127.116.11 yoda.gnu.org(yoda.ipsyn.net)
Linx 124 bd de Verdun 92400 Courbevoie +33 8 04 55 44 11
Nevrax 104 rue du Fg St Antoine 75011 Paris +33 1 44 74 83 85
The leased line that connects Nevrax to the Internet is provided by
COLT Telecommunication 60 rue de Wattignies - Bat. B 75012 PARIS Email : email@example.com and firstname.lastname@example.org Phone : +33 1 44 29 58 99 Fax : +33 1 44 29 57 97
Here is a complete list of the mail threads related to solving problems when something goes wrong with the Internet connection.
Here is a list of people who know some about the machine and its connectivity and who actually did something in the past to improve or fix it.
If you need the password of system users such as root or www on any GNU machines located in France you should ask to the following people:
The user accounts on
managed with Savannah. If someone
need a shell account on
has to get an account on Savannah
first. Then she should send a mail to one of the project
administrators of the
fsffr project. The
project administrator adds her as a member of the
fsffr project. Within
24 hours a cron job on
fetch the new user from Savannah and create the corresponding account.
Once the account is created, access to the machines is available using
ssh and a public key. The Savannah password will not work on
snail.gnu.org. When logged on
Savannah it is possible
to register one or more public key at
Edit SSH Keys.
Once a day the ssh public keys of every account on
snail.gnu.org are updated from the information fetched on
Savannah. If the authorized_keys file of a user is manually
updated, it will be overwritten.
When a user is not listed anymore in the
fsffr, its account is
snail.gnu.org. The home
directory is not deleted and if the user is added again at a later
time, she will retrieve his former home directory.
Every account created automatically as described above is also granted
an access to the
www user on
fr.fsf..org (and not on
www owns the directory in which all the
document roots of the apache server are : /home/www.
This is simply done by appending the public keys of all the users to the
authorized_keys file of the
The /usr/local/bin/savannahusers script does the user account
updates. It is run from the /etc/cron.d/savannahusers cron file
and spits log information in /var/log/savannahusers.log. The
log file is rotated according to the
/etc/logrotate.d/savannahusers specification. This holds for
Savannah does not provide account information to non identified
snail.gnu.org machines are
explicitly allowed to retrieve the relevant information. For more
information check the
Account Management chapter of the Savannah documentation.
The savannahusers script sources can be found in the
www project source tree.
It was checked out in /usr/local/src/www directory (on
snail.gnu.org), together with other GNU
specific maintainance scripts.
When there is a suspicion that a machine was compromised a mail should be sent to FSF France private mailing list and the following people can be contacted.
fr.fsf.orgonly (emergency requiring physical access).
yoda.gnu.orgonly (emergency requiring physical access).
The intrusion related mails are kept in a private mail archive for future reference and are listed here.
A shell script applies filtering rules, it's located in fr.fsf.org:/etc/init.d/firewall. This script is compatible with kernel 2.2 and 2.4 and detects the kernel version using uname. ipchains is used with 2.2 and iptables with 2.4.
Warning : only the ipchains (2.2) section is well configured.
The policy applied is to close all TCP/UDP port by default and open only the ones we need.
frog.gnu.org there is no
firewall. Instead, only services needed to provide the services
that match the intended purpose of the machine are launched.
All other daemons are de-activated.
yoda.gnu.org there is a firewall. rules are in file yoda.gnu.org:/etc/iptables.rules which are read from script yoda.gnu.org:/etc/init.d/packetfilter. Tese rules are written for netfilter (iptables).
Netsaint was installed on
The configuration (/etc/netsaint/*) was created by hand.
Neat was installed and can be used to fine tune the configuration.
This Netsaint instance is only supposed to watch over GNU machines.
Host groups were created for each hosting facilities so that different group of people can be sollicited if a problem occurs.
Contact : Cyril Bouthors
mrtg and addons have been installed with apt-get, two packages :
Some more scripts are used, they are located in /usr/local/bin, they are coming from http://mrtg.xidus.net/
Output dir is /var/www/mrtg/
make -C /etc/mrtg mrtg-switch.cfgand should be regenerated in the same way whenever the switch usage changes.
Output dir is /var/www/mrtg/
make -C /etc/mrtg mrtg-storage.cfgand should be regenerated in the same way.
Output dir is /var/www/mrtg/storage/
The /var/www/mrtg/index.html file was generated with:
make -C /etc/mrtg /var/www/mrtg/index.html
The /var/www/mrtg/storage/<host>.html files were generated with:
make -C /etc/mrtg /var/www/mrtg/storage/<host>.html
Contact : Cyril Bouthors, Rodolphe Quiédeville
Output dir is /var/www/fr.fsf.org/mrtg/
Contact : Rodolphe Quiédeville
When logged in as root on
one can connect to a shared screen(1) session via
-x. These screen sessions contain terminals connected to the switch,
the powerboot, the serial console. They are created at boot time by
/etc/init.d/screen according to the content of
~root/.screenrc and use small shell scripts in
/usr/local/bin to establish the connections. All sessions are
logged permanently in /var/log/screen.
Although it is possible to talk to the switch or the powerboot without using the screen session, this is strongly discouraged because no log of the commands will be archived.
On all screen sessions, the escape character is C-\ instead of the default C-a so that editing stuff with emacs is not a nightmare.
A list of active windows is displayed permanently at the bottom of the screen session.
Most commonly used screen commands:
snail.gnu.org crashes for some reason, do the following:
powerbootterminal and toggle the snail powerswitch.
snailconsole terminal and wait for the grub screen to show.