<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7638.1">
<TITLE>RE: [Beowulf] Security issues</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<BR>
<BR>
<P><FONT SIZE=2>Kubuntu-derived? Would Debian not be a better way to go, as in not installing any graphical stuff unless the user needs it?<BR>
<BR>
As for testing, if you have a workstation with 1-2 Gigs of RAM, perhaps you could consider a "virtual cluster".<BR>
<BR>
Cheers,<BR>
-Alan<BR>
<BR>
<BR>
<BR>
-----Original Message-----<BR>
From: beowulf-bounces@beowulf.org on behalf of Jon Aquilina<BR>
Sent: Fri 10/24/2008 11:23 AM<BR>
To: Kilian CAVALOTTI<BR>
Cc: Nifty niftyompi Mitch; beowulf<BR>
Subject: Re: [Beowulf] Security issues<BR>
<BR>
now i see why the sudo approach adopted by debian and the kubuntu line is a<BR>
good way to go. this is providing me with real motivation to start the<BR>
development of my own kubuntu derived cluster distro. thing is i would need<BR>
someone to give lists of pkgs that is used in a cluster and also testers and<BR>
programmers to help me out seeing as i dont have a cluster.<BR>
<BR>
On Fri, Oct 24, 2008 at 10:55 AM, Kilian CAVALOTTI <<BR>
kilian.cavalotti.work@gmail.com> wrote:<BR>
<BR>
> Jon Aquilina wrote:<BR>
><BR>
>> did this person use the ssh exploit that red hat found a few months ago?<BR>
>><BR>
><BR>
> Apparently not. From what Joe wrote, "the entry point was via a shared user<BR>
> account". This account has been compromised, either with brute-force ssh<BR>
> login attempts, or was socially engineered, it's not clear.<BR>
><BR>
> Nothing seems to indicate (as far as I can tell) that the entry point was<BR>
> due to some weakness in one of the Rocks components. I second Mitch in<BR>
> saying that this break-in isn't Rocks specific, but rather the result of<BR>
> poor (lack of?) administration practices (especially from what I could read<BR>
> here: <A HREF="http://scalability.org/?p=905">http://scalability.org/?p=905</A>, and assuming it's about the same<BR>
> customer).<BR>
><BR>
> On the other hand, it's true that Rocks' philosophy (which I'm not a big<BR>
> proponent of) doesn't make updates easy, nor encourage keeping systems<BR>
> up-to-date. It tends to focus on the Windowsian "reinstall the whole<BR>
> machine" approach in case of problem. Which makes perfect sense in specific<BR>
> contexts, where no dedicated administration resources are available, or<BR>
> where compute time is critical and understanding the root cause of technical<BR>
> problems not so important.<BR>
><BR>
> But this can also lead to the kind of security problem Joe described, even<BR>
> if here, I don't think one can blame any of the system's component being<BR>
> outdated for this intrusion.<BR>
><BR>
> Cheers,<BR>
> --<BR>
> Kilian<BR>
><BR>
<BR>
<BR>
<BR>
--<BR>
Jonathan Aquilina<BR>
<BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>