On Mon, Nov 28, 2005 at 12:02:03PM +0100, Daniele Cesini wrote:
> Is this true also for PPS sites. Should we switch off R-GMA??
> Cheers,
> Daniele.
> From: Ian Neilson <[log in to unmask]>
> Subject: Grid Security Advisory: R-GMA used to bypass site firewall controls
> Date: Mon, 28 Nov 2005 11:48:07 +0100
> To: [log in to unmask]
>
> Following recent public disclosure by Kostas Georgiou of Imperial College
> of previously unpublished exploits which could lead to the bypassing of
> site firewall controls, the Grid Operations Team and Security Officer
> recommend that sites switch off R-GMA until such time as an appropriate
> fix can be put in place.
>
> To do this you should log on to your MON box or the node running the
> R-GMA servlets and run the following command.
>
> /sbin/service tomcat5 stop
>
> | Ian Neilson
> | Grid Deployment Group, CERN
> | Tel: +41(0)2276 74929 [Fax: 69294]
We suggest that you edit the web.xml file to comment out or remove the
pong servlet in two places. This is true for PPS and the LCG
production service. Detailed instructions will follow shortly but
anybody famliar with XML shoudl be able to do this easily. Then restart tomcat.
With this change, the offending servlet will not be running.
Steve
|