OS Service Configuration
- 18 Mar 2024
-
DarkLight
-
PDF
OS Service Configuration
- Updated on 18 Mar 2024
-
DarkLight
-
PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Use the information below to configure OS Services for IAP.
-
Configure the following services to start on boot.
- NTPD - Provides synchronization of time across all the systems. This is important to keep consistency in audit trails and logging.
- NSCD - This service is a name server caching daemon. Best practice dictates that frequently accessed hosts should be configured in the
/etc/hosts
file (example: MongoDB server). The name server caching daemon helps improve operational performance of the platform by caching DNS lookups for a configurable period, as opposed to performing a separate DNS lookup request for each transaction the system needs to perform. This should be used in environments where hosts file configuration is not feasible or allowed.
-
Configure host firewall protection services, e.g. IP Tables, to protect incoming traffic wherever feasible.
-
The following list of open ports may be different for your environment. These ports are required. Please see your system administrator or network security officer.
- Allow established connections.
- Allow all packets on the loopback
interfaceAllow
SSH, TCP port 22, from the management network. - Allow DNS, UDP port 53, from configured DNS servers.
- Allow NTP, UDP port 123, from configured NTP servers.
- Allow MongoDB, TCP port 27017, from IAP servers.
- Allow IAP HTTPS, default is TCP port 3443, from the northbound network.
Was this article helpful?