Hello,
First, Lyon is now at 1-1-1 (last config problems are now corrected).
Second, all our LCG passwd will be changed very soon.
Last, an other security problem to check :
LCFGng server exports (via HTTP) the XML configurations
for the nodes. And it is possible to find some crypted passwords
in these configuration files.
So anyone should check that the port 80 is only reachable by the
LCG nodes, and no other computers (in particular public-access
computer).
Because in this case, the problem is exactly the same than with the
CVS : someone can obtain the crypted passwords and try a brute-force
cracking.
This is now done at Lyon, using 'iptables'.
Regards,
--
Yannick Perret
|