Current revision updated by ar207 on
Originally created by ar207 on

Basic Info
Service Status:
Production
Domain:
https://support.cc.gatech.edu/
Application:
Drupal
Non-TSO Owner:
TSO
IT App Responsible:
Aimee Rydarowski
Host:
sox
OS:
RHEL 7
PHP Version:
8.2.18
Last Patched:

Details

Note to SysAdmins: Despite the temptation, don't force the name of the machine away from support.cc (like, changing hostname in the OS). It will break stuff.

  • Files at /var/www/html/prod-support.cc.gatech.edu/.
  • Database = support_prod on sarge.
  • Git Repository (using master branch for file updates to production site): https://github.gatech.edu/CC-TSO-WebDev/supportcc_d10.
  • CoC Password Reset form has special custom code (in a drupal module named coc_pw_reset) and server-specific LDAP dependencies. This form's use is limited in the apache configuration file (/etc/httpd/conf.d/ssl.conf) to specific IP ranges and subnets. To use on a different server/VM, Brian will have to setup an account on new VM that is allowed to log in to nevah and run a specific script there that resets the password. Openldap is used on this site.

Libraries and versions (to track separately from Drupal)

  • CKEditor 5 (via CDN)
  • phpCAS 1.3.8 (todo check on current version)

     

Historical updates

  • 2024-04-18: Migrated Support site to new VM on Drupal 10.1.8
  • 2023-06-15: Updated Google Analytics to the current version (7.x-2.6 to 7.x-2.8) to support Google Analytics 4 introduced in 7.x-2.7 (https://www.drupal.org/project/google_analytics/releases/7.x-2.7).
  • 2023-05-03: Updated Drupal Core to the current version (7.95 to 7.97) because of a critical security vulnerability (https://www.drupal.org/sa-core-2023-005).
  • 2023-03-28: Updated Drupal Core to the current version (7.91 to 7.95) because of a critical security vulnerability (https://www.drupal.org/sa-core-2023-004).
  • 2022-07-28: Updated Drupal Core to the current version (7.90 to 7.91) because of a critical security vulnerability (https://www.drupal.org/sa-core-2022-012); updated the Redirect module (7.x-1.0-rc3 to 7.x-1.0-rc4).
  • 2022-06-02: Updated Drupal Core to the current version (7.88 to 7.90) because of a critical security vulnerability (https://www.drupal.org/sa-contrib-2022-034); updated the Captcha module (7.x-1.5 to 7.x-1.7) and the CTools module (7.x-1.15 to 7.x-1.20).
  • 2022-03-03: Updated Drupal Core to the current version (7.87 to 7.88) because of a critical security vulnerability (https://www.drupal.org/sa-core-2022-003); updated the Admin Views module (7.x-1.7 to 7.x-1.8), Date module (7.x-2.10 to 7.x-2.12), Entity API module (7.x-1.9 to 7.x-1.10), Honeypot module (7.x-1.25 to 7.x-1.26), and Token module (7.x-1.7 to 7.x-1.9).
  • 2022-01-27: Updated Drupal Core to the current version (7.82 to 7.87) because of a critical security vulnerability (https://www.drupal.org/sa-core-2022-001).
  • 2022-01-26: The SSL cert for support.cc.gatech.edu on stretch has been renewed until 1/26/2023.
  • 2021-08-20: added CSS to allow tables to scroll right on mobile.
  • 2021-07-29: Updated Drupal Core to the current version (7.80 to 7.82) because of a critical security vulnerability (https://www.drupal.org/project/drupal/releases/7.82).
  • 2021-05-11: add tcushman3 to tso role, per helpdesk request
  • 2021-04-27: Updated Drupal Core to the current version (7.78 to 7.80) because of a critical security vulnerability (https://www.drupal.org/project/drupal/releases/7.80).
  • 2021-02-11: Updated Drupal Core to the current version (7.77 to 7.78) because of a critical security vulnerability (https://www.drupal.org/project/drupal/releases/7.78).
  • 2020-12-28: Updated Drupal Core to the current version (7.74 to 7.77) because of a critical security vulnerability (https://www.drupal.org/project/drupal/releases/7.77).
  • 2020-11-24: Updated Drupal Core (7.73 to 7.74) because of a critical security vulnerability (https://www.drupal.org/project/drupal/releases/7.74).
  • 2020-09-24: Updated Drupal Core (7.72 to 7.73) because of a critical security vulnerability (https://www.drupal.org/project/drupal/releases/7.73).
  • 2020-09-24: Removed former and FTEs from TSO role (per Andrew's request).
  • 2020-08-19: made Help Desk triage form live.
  • 2020-07-21: In response to RT ticket #287127, added the updated VPN ranges to the list of IP addresses (in the /etc/httpd/conf.d/ssl.conf file) allowed to access the password reset form and restarted apache.
  • 2020-07-20: install mailsystem and mimemail modules so webform emails can send attached files.
  • 2020-06-25: Updated Drupal Core (7.70 to 7.72) because of a critical security vulnerability (https://www.drupal.org/project/drupal/releases/7.72).
  • 2020-06-17: allowed zip files for "Attachment" fields on Basic Page and How To content types (per Kim's request).
  • 2020-05-28: Updated Drupal Core (7.69 to 7.70) because of a critical security vulnerability (https://www.drupal.org/project/drupal/releases/7.70); Changed the home breadcrumb to "TSO Home".
  • 2020-05-01: restricted contact webform to authenticated users only and added CAS redirection for url path (RT #268228).
  • 2020-04-01: Updated the CKEditor module (7.x-1.18 to 7.x-1.19) and CDN (4.5.4 to 4.14.0) because of a security vulnerability (https://www.drupal.org/sa-contrib-2020-007).
  • 2020-03-26: Added the campus IP ranges to the list of IP addresses (in the /etc/httpd/conf.d/ssl.conf file) allowed to access the password reset form and restarted apache.
  • 2019-12-30: Updated Drupal Core (7.67 to 7.69) because of a critical security vulnerability (https://www.drupal.org/project/drupal/releases/7.69).
    Updated the Admin Views (7.x-1.6 to 7.x-1.7) and Webform (7.x-4.19 to 7.x-4.21) modules because of a security vulnerability.  Updated the phpCAS library (1.3.5 to 1.3.8).
  • 2019-08-02: changed captcha to math instead of image type on Feedback form ~9:30am.
  • 2019-08-01: install and configure honeypot module (7.x-1.25) to combat spam on the Feedback Form (RT#268228).
  • 2019-05-23: update htaccess to disable Track/Trace and hide web.config.
  • 2019-05-14: Updated core (7.66 to 7.67) for security vulnerability (https://www.drupal.org/project/drupal/releases/7.67); changed security updates email to tsowebpatch@cc.gatech.edu.
  • 2019-04-29: added staff to roles - James Tyson for Notices and David Mercer for Tech Fees
  • 2019-04-25: Update Drupal Core (7.65 to 7.66) because of a critical security vulnerability (https://www.drupal.org/SA-CORE-2019-006).
  • 2019-04-10: Updated Drupal Core (7.63 to 7.65) because of a critical security vulnerability (https://www.drupal.org/project/drupal/releases/7.65).
    Updated the Module Filter (7.x-2.1 to 7.x-2.2) and Views (7.x-3.20 to 7.x-3.22) modules because of a security vulnerability.
  • 2019-03-12: added emorain3 as tso user to site.
  • 2019-02-25: updated module notes go here. Migrate site from scouter to stretch.cc VM (RHEL7 with PHP 7.1), and now using sarge instead of leviathan for its database. Update CKEditor profiles and user permissions.
  • 2019-01-24: News and Alerts now both require that you fill in both Effective (i.e. starting) and Expiry (i.e. ending) dates, this is done so that it's easier to show only relevant items on digital signage.
  • 2019-01-23: update Drupal Core (7.60 to 7.63) because of critical security vulnerability (https://www.drupal.org/project/drupal/releases/7.62). Patch custom modules (gt_tools, gt, gt_login) to fix SimpleXMLElement update errors (https://drupal.gatech.edu/troubleshooting/simplexmlelement-errors). Set site to email only about security type updates. 
  • 2018-12-20: created new View (Alerts (Signage) - new) to test a more tailored feed for our digital signage.
  • 2018-10-18: update Drupal Core (7.59 to 7.60) because of critical security vulnerability (https://www.drupal.org/SA-CORE-2018-006).
  • 2018-09-20: added CoC VPN IP ranges to support.conf to allow access to the password reset form from those ranges.
  • 2018-09-11: updated Alert content type to require Description field and to re-arrange field order to be more useful.
  • 2018-08-22: excluded the Password reset form from requiring CAS authentication (as this is double entry for the users).
  • 2018-04-25: update Drupal Core (7.58 to 7.59) because of critical security vulnerability.
  • 2018-04-19: did not upgrade CKEditor library because does not include insecure image2 (enhanced image) add on.

Issue Log

  • 2019-10-25: after the CoC Wired internet outage (https://support.cc.gatech.edu/alerts/wired-internet-outage) that affected all VM servers, the Stretch VM was unavailable.  To fix the issue:
    • Kim added a d7_supportuser@stretch.cc.gatech.edu entry to the user table.
    • Brian added this entry in /etc/hosts on sarge:  130.207.7.96 support.cc.gatech.edu support
  • 2019-09-04: after a CoC Networking outage (https://support.cc.gatech.edu/alerts/college-computing-networking-outage), the Stretch VM was unavailable.  To fix the issue:
    • Kim updated the d7_supportuser privileges in the database. 
  • 2019-08-08: after AM patching (https://support.cc.gatech.edu/alerts/linux-systems-patching-4), the site was down and sysadmin did this to fix the problem:
    • did a reload of httpd and rh-php71-php-fpm after:
    • removing a line in /etc/sysconfig/network which was probably forcing the name to be represented differently
  • 2019-05-09: after Linus System patching on 5/8 (https://support.cc.gatech.edu/alerts/linux-systems-patching-3), the Stretch VM was unavailable.  As explained by Brian:
    - the server was rebooted (stretch) and it did a reverse lookup of its IP address to get a name, because it wasn’t hard coded in configuration.  The answer it paid attention to is “support".
    To fix the issue, Brian did the following:
    • put the hardcoded name in configuration, but that won’t fully take effect until next reboot.  
    • In the meantime, ran the hostname command to force a name change to avoid confusion, but any services started before this name change will refer to support.  The only way this becomes a problem is if “support” was to be moved to another host before any of these services were restarted.

 

Subnets allowed to access the password reset form:

               #CoC Subnets
                allow from 130.207.0.0/19
                allow from 130.207.97.0/24
                allow from 130.207.98.0/23
                allow from 130.207.100.0/22
                allow from 130.207.104.0/21
                allow from 130.207.112.0/20
                #GT VPN
                allow from 143.215.16.0/20
                allow from 143.215.32.0/23
                allow from 143.215.34.0/25
                allow from 143.215.34.128/27
                #GT VPN - 3/26/20 - Open the form to campus users
                allow from 10.2.0.0/16
                allow from 10.10.8.0/21
                allow from 10.24.0.0/16
                allow from 10.69.6.0/24
                allow from 10.110.150.0/23
                allow from 10.128.0.0/14
                allow from 10.132.0.0/14
                allow from 10.136.0.0/16
                allow from 10.137.0.0/16
                allow from 10.138.0.0/16
                allow from 10.160.0.0/24
                allow from 100.64.0.0/10
                allow from 128.61.0.0/16
                allow from 130.207.0.0/16
                allow from 143.215.0.0/16
                allow from 169.254.255.24/30
                allow from 172.16.0.0/16
                allow from 172.18.0.0/16
                allow from 172.21.0.0/16
                allow from 172.22.0.0/16
                allow from 172.23.0.0/19
                allow from 172.24.0.0/16
                allow from 172.25.128.0/17
                allow from 172.26.0.0/16
                allow from 172.27.0.0/16
                #GT VPN - 7/21/20 - Added the updated VPN ranges from the network firewall
                allow from 100.80.0.0/16
                allow from 143.215.32.0/22
                allow from 143.215.172.0/26
                allow from 172.16.32.0/20
                allow from 172.16.64.0/19
                allow from 143.215.254.38
                allow from 143.215.254.43
                allow from 143.215.254.44
                #CoC VPN
                allow from 143.215.34.0/27
                allow from 143.215.34.32/27
                allow from 143.215.34.64/27
                allow from 143.215.34.96/27
                allow from 143.215.34.128/27
                #LAWN
                allow from 128.61.16.0/20
                allow from 128.61.32.0/19
                allow from 128.61.112.0/20
                allow from 143.215.48.0/20
                allow from 143.215.96.0/19
                allow from 143.215.112.0/20
                allow from 143.215.132.0/24
                allow from 143.215.204.0/22
                #CAS Servers
                allow from 130.207.165.151
                allow from 130.207.165.181
                allow from 130.207.160.79
                allow from 130.207.160.80