Government of Newfoundland and Labrador

Office of the Chief Information Officer

Solution Delivery Branch

SERVER BUILD BOOK

Purpose: The Server Build Book documentation is intended to provide Operations with an accurate account of
all configurations modifications to get the server to its production state including any configuration modifications
made as a result of vulnerability assessments and other security hardening efforts. Related relevant information
pertaining to applications and databases hosted on these environments can be found in the companion
Application Build Book.
Server Name
Server Environment

Production

Staging

Test

Development

Server Location

<< Indicate current location (build, transition or other), final location

determined by Data Centre staff >>

Server Purpose

<< Indicate the server purpose and environment, example: Database,

Production >>

Project Name
Project Number

<< DTC Number >>

Application Number

<< Application Number >>

Project Description

<< Provide a short description of the project. >>

IMPORTANT NOTES FOR COMPLETING THIS DOCUMENT

Each section of the Server Build Book must be completed in full. If a particular section is not applicable to this
project, then you must write Not Applicable and provide a reason.
Important Note: No sections are to be deleted from this document.
Text contained within << >> provides information on how to complete or more detailed description of what
needs to be captured in that section and can be deleted once the section has been completed.

Server Build Book <Server name>

Template Version Operations 3, 2013-03-13

Page 1 of 7
High Sensitivity

Government of Newfoundland and Labrador

Office of the Chief Information Officer

TABLE OF CONTENTS
Network Architecture Diagram........................................................................................................................ 3
SERVER SPECIFICATIONS...................................................................................................................................... 3
Server Model and Serial Number.................................................................................................................... 3
OPERATING SYSTEM INSTALLATION....................................................................................................................... 3
NETWORK SETTINGS............................................................................................................................................ 3
FIREWALL CONFIGURATION (LOCAL SERVER)........................................................................................................ 4
SOFTWARE INSTALLED.......................................................................................................................................... 4
SECURITY HARDENING......................................................................................................................................... 4
SSL CERTIFICATES.............................................................................................................................................. 5
ACCESS............................................................................................................................................................... 5
Administrator Account Information.................................................................................................................. 5
User / Service Accounts.................................................................................................................................. 5
Sudoers Configuration.................................................................................................................................... 5
File System..................................................................................................................................................... 5
SCHEDULED TASKS.............................................................................................................................................. 6
SERVER MONITORING........................................................................................................................................... 6
SYDI REPORT FOR WINDOWS............................................................................................................................. 6
CFG2HTML

FOR

AIX/UNIX/LINUX.................................................................................................................... 6

IMPORTANT NOTES............................................................................................................................................... 6
PREPARED BY...................................................................................................................................................... 6
REVIEWED BY...................................................................................................................................................... 7
APPROVED BY..................................................................................................................................................... 7

Server Build Book <Server name>

Template Version Operations 3.1, 2013-11-13

Page 2 of 7
High Sensitivity

Government of Newfoundland and Labrador

Office of the Chief Information Officer

NETWORK ARCHITECTURE DIAGRAM

Description

<< Provide a detailed description of the technical architecture (infrastructure)

including how each piece fits in to the overall solution. >>
Technical Architecture Diagram

<< insert diagram(s) >>

<< An annotated Network Architecture Diagram is required to show the relationship between servers. At a
minimum, the network diagram shall include:
-

Server Names;

IP Addresses;

Firewall intersections; and

The communications between Servers and Clients.

A more comprehensive diagram can be included describing the additional components such as the direction
and type of communication with other systems, type of Operating System, and the ports used. >>

SERVER SPECIFICATIONS
SERVER MODEL

AND

SERIAL NUMBER

Server Name

Model Number

Type

Serial Number

OPERATING SYSTEM INSTALLATION

If this Server is not part of
the Active Directory domain,
attach Ops approval e-mail.

Attached

Additional Notes

NETWORK SETTINGS
IP Address
Subnet Mask
Default Gateway

Server Build Book <Server name>

Template Version Operations 3.1, 2013-11-13

Page 3 of 7
High Sensitivity

Government of Newfoundland and Labrador

Office of the Chief Information Officer

Primary DNS Server

Secondary DNS Server
DNS Entry

<< Provide DNS Entry and/or any FQDN / Aliases associated with Server >>

FIREWALL CONFIGURATION (LOCAL SERVER)

Local Firewall Configuration
Details

<< List the firewall information to be recorded for this server. Get the detailed
host firewall rules for local firewall, such as Microsoft UAG >>

SOFTWARE INSTALLED (Non-Business Application)

Description

<< This section will include all software installed and configured on this server
that is required to run the business application.
Important Note: This section is NOT for the business application running on
the server. >>

Non-Standard or additional
software
Software Installation /
Configuration

Other 1
Other 2
<< Provide details steps to install software and configuration for each>>

SECURITY HARDENING
User Rights Policy
(Windows)

<< Provide details on non-standard User Rights security hardening

configuration. >>

Security Rights Policy

(Windows)

<< Provide details on non-standard Security Rights security hardening

configuration. >>

Registry Additions/Changes
(Windows)

<< Provide details any non-standard Registry security hardening

configurations made. >>

File System Security

<< Provide details on non-standard File System security hardening. >>

Password / Account Policy

<< Provide details on non-standard Password and Account security

hardening. >>

Event Log Policy (Windows)

<< Provide details on non-standard Event Log security hardening changes.

>>

Additional Security

<< Provide details on additional security hardening configurations made such

examples are DCOM port changes, IP Stack, sysctl.conf (Linux) et cetera >>

Services at Server Start-up

<< Provide a list of services that should be running on start-up. If there is

special integration or reliance of the application on native operating system

Server Build Book <Server name>

Template Version Operations 3.1, 2013-11-13

Page 4 of 7
High Sensitivity

Government of Newfoundland and Labrador

Office of the Chief Information Officer

services (such as IIS or any service altered from the normal setting) they
should be clearly described in this section. >>

SSL CERTIFICATES
Certificate classification,
description or identification

<< Provide details on how the SSL Certificates are used. >>
Web server to application
Application to database

Certificate expiry

<< Provide details on SSL Certificate expiry. >>

ACCESS
ADMINISTRATOR ACCOUNT INFORMATION
Description

<< Identify all administrators created for this server; ensure to include UserID,
Name and Access Level. >>

UserID

Contact name

Access Level

USER / SERVICE ACCOUNTS

Description
UserID

<< Identify all other System Users created for this server; ensure to include
UserID, Name and Access Level. >>
Contact Name

Access Level

SUDOERS CONFIGURATION (Linux and AIX only)

FILE SYSTEM
Description

Share / Folder / File names

<< Identify all changes made to file system permissions for this server;
ensure to include UserID / group, folder / share and permission given. This
need to include permissions given and permissions taken away. >>
UserID / Group

Server Build Book <Server name>

Template Version Operations 3.1, 2013-11-13

Permission

Page 5 of 7
High Sensitivity

Government of Newfoundland and Labrador

Office of the Chief Information Officer

SCHEDULED TASKS
Crontab Entries

<< Provide a list of crontab entries. >>

Windows Scheduled Tasks

<< Provide a list of Windows Scheduled Tasks. >>

SERVER MONITORING
Services to be monitored
beyond normal monitoring
scheme

<< Provide a list of additional or special services to be monitored. Include the

services above the basic OS services required for this servers purpose. For
example a web server would have the service required to ensure the web
server is functioning correctly Apache or IIS. >>

SYDI REPORT FOR WINDOWS

SYDI Report Text

<< Paste the SYDI report text here. Contact Operations if you require help
running the SYDI script. >>

CFG2HTML FOR AIX/UNIX/LINUX

CFG2HTML Report Text

<< Paste the cfg2html report text here. Contact Operations if you require help
running the script. >>

IMPORTANT NOTES
Additional Information

<<Record additional information here, including, but not limited to

configuration information about server services, and specialized hardware
integral to the workings of the service/application, modems, sensors, etc.
Example: information about how IIS is configured to support the web site. >>

PREPARED BY
<< Title >>
(Print name)

(signature)

(date)

(Print name)

(signature)

(date)

REVIEWED BY
<< Title >>

Server Build Book <Server name>

Template Version Operations 3.1, 2013-11-13

Page 6 of 7
High Sensitivity

Government of Newfoundland and Labrador

Office of the Chief Information Officer

APPROVED BY
Manager of Operations
Server / Storage
(Print name)

Server Build Book <Server name>

Template Version Operations 3.1, 2013-11-13

(signature)

(date)

Page 7 of 7
High Sensitivity