[Beowulf] Security issues
Joe Landman
landman at scalableinformatics.com
Mon Oct 27 07:59:32 PDT 2008
Kilian CAVALOTTI wrote:
> But this can also lead to the kind of security problem Joe described,
> even if here, I don't think one can blame any of the system's component
> being outdated for this intrusion.
It is/was a user issue. We are working to prevent this sort of issue
arising again.
Sadly, I feel as if we are playing "whack-a-mole" with these issues.
No, adding SElinux or other products won't make this any better, they
add layers of complexity, and the benefits may not be worth the costs.
The issue is, in part, we need to
a) prevent sharing of accounts
b) control access to ssh logins
c) prevent execution of dangerous stuff.
"c" is 'easy' (yeah, I know its wrong), but we can disable all suid
programs on the machine that are accessible from users accounts.
"a" is hard. Academics like to share things. We need to find a way to
let them do this. Securely.
"b" is interesting. They were using keys for access. Someone loaned
their keys to a friend, or their keys were hijacked, or whatever.
So we are going to take a different approach.
>
> Cheers,
--
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics LLC,
email: landman at scalableinformatics.com
web : http://www.scalableinformatics.com
http://jackrabbit.scalableinformatics.com
phone: +1 734 786 8423 x121
fax : +1 866 888 3112
cell : +1 734 612 4615
More information about the Beowulf
mailing list