firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity
Files
master
firefrost-operations-manual/docs/tasks/nc1-security-monitoring
History
Claude b38f08189e feat: Add task_number to YAML frontmatter for 26 tasks 
Long-term fix for mobile task index - task numbers now in frontmatter.

Numbers added from BACKLOG.md cross-reference:
#2 rank-system-deployment
#3 fire-frost-holdings-restructuring
#14 vaultwarden-ssh-setup
#22 netdata-deployment
#23 department-structure
#26 modpack-version-checker
#32 terraria-branding-training-arc
#35 pokerole-wikijs-deployment
#36 notebooklm-integration
#40 world-backup-automation
#44 nc1-node-usage-stats
#45 steam-and-state-server
#48 n8n-rebuild
#51 ignis-protocol
#55 discord-invite-setup
#65 claude-infrastructure-access
#67 nc1-security-monitoring
#82 plane-decommissioning
#87 arbiter-2-1-cancellation-flow
#89 staff-portal-consolidation
#90 decap-tasks-collection
#91 server-matrix-node-fix
#92 desktop-mcp
#93 trinity-codex
#94 global-restart-scheduler
#98 discord-channel-automation
#99 claude-projects-architecture

Chronicler #69
2026-04-08 14:32:38 +00:00
..
README.md
feat: Add task_number to YAML frontmatter for 26 tasks
2026-04-08 14:32:38 +00:00

README.md

task_number, status, priority, owner, created
task_number status priority owner created
67 open P3 Michael 2026-03-21

task_number: 67

Task: NC1 Security & Monitoring

Priority: MEDIUM-HIGH

Created: March 21, 2026 (Session 37 - The Chronicler)

task_number: 67

Issue 1: No Firewall on NC1

Current State:

  • NC1 Charlotte (216.239.104.130) has UFW status: inactive
  • Server hosts 7 public Minecraft servers
  • No firewall = all ports exposed

Risk:

  • Attack surface unnecessarily large
  • Port scanning vulnerability
  • Brute force attempts on any service
  • No rate limiting on connections

Required Action: Enable UFW with proper rules for game servers

Game Server Ports (from infrastructure-manifest.md):

  • The Ember Project: 25565
  • Minecolonies: Create and Conquer: 25566
  • All The Mods 10: 25569
  • EMC Subterra Tech: 25571
  • Homestead: 25572
  • Hytale: 5520
  • Mayview: 25567

Minimum Required Firewall Rules:

# Enable UFW
ufw enable

# Allow SSH (critical - don't lock yourself out)
ufw allow 22/tcp comment 'SSH'

# Allow Cockpit
ufw allow 9090/tcp comment 'Cockpit Web Terminal'

# Allow Pterodactyl Wings (SFTP)
ufw allow 2022/tcp comment 'Wings SFTP'

# Allow Minecraft port range
ufw allow 25565:25580/tcp comment 'Minecraft Servers'
ufw allow 25565:25580/udp comment 'Minecraft Servers'

# Allow Hytale
ufw allow 5520:5521/tcp comment 'Hytale'
ufw allow 5520:5521/udp comment 'Hytale'

# Verify rules
ufw status numbered

Deployment Window:

  • Can be done immediately (no downtime)
  • Test from external connection after enabling
  • Have console access ready in case of lockout

task_number: 67

Issue 2: NC1 Temperature Monitoring

Current State:

  • NC1 temperature: 51.6°C
  • TX1 temperature: 30.9°C (for comparison)
  • 20°C difference between identical hardware

Safe Operating Ranges:

  • Normal idle: 30-45°C
  • Normal load: 45-65°C
  • Concerning: 70°C+
  • Critical: 80-85°C+

Current Assessment:

  • Within safe operating range
  • ⚠️ Warmer than expected for similar workload
  • ⚠️ Needs monitoring for upward trends

Monitoring Plan:

Phase 1: Establish Baseline (Week 1)

  • Check temperature daily via Cockpit
  • Document: time of day, active players, system load
  • Record peak temperature over 7 days

Phase 2: Trend Analysis (Week 2)

  • Compare Week 1 baseline to Week 2
  • Look for upward trend
  • Check correlation with player activity

Action Thresholds:

  • 65°C sustained: Contact Breezehost, request cooling check
  • 70°C peak: Immediate investigation required
  • 75°C+: Emergency - reduce server load, contact datacenter

Automated Monitoring (Future): When Netdata is deployed (Task #XX, planned):

  • Set temperature alert at 65°C
  • Discord webhook notification
  • Track historical temperature trends

Possible Causes (if temperature becomes concerning):

  1. Ambient temperature difference (Charlotte vs Dallas datacenter)
  2. Cooling system degradation
  3. Dust buildup in server
  4. Fan failure
  5. Thermal paste degradation
  6. Higher base clock / different CPU stepping

Documentation: Log temperature checks in this file or create docs/monitoring/nc1-temperature-log.md

task_number: 67

Priority Justification

Firewall: MEDIUM-HIGH

  • Security gap on public-facing game servers
  • Easy to fix (15 minutes)
  • No downtime required
  • Should be done within 1 week

Temperature: MEDIUM

  • Currently within safe range
  • Not urgent, but needs tracking
  • Could become urgent if trend continues
  • Monitor weekly for 1 month

task_number: 67

Related Tasks

  • Netdata deployment (planned)
  • Uptime Kuma monitoring expansion

Blocks

  • None (can be done immediately)

Blocked By

  • None

task_number: 67

Status: DOCUMENTED, READY TO EXECUTE
Next Action: Enable UFW on NC1 with game server port rules
Owner: Michael + The Chronicler

Reference in New Issue View Git Blame Copy Permalink