Hello Owen,
I understand your concern, and maybe you are right. My concern is that in time we will move Yaim back to something like LCFGng, or force Quattor onto everyone.
In principle the site security with respect to basic services like ssh is the sites own responsibility.
Nevertheless since the maui/torque installation contains some changes to the ssh config already, these new fixes might probably as well be put in there.
Furthermore once setup sites will probably never use yaim to configure maui and torque again, because they will loose all site customisations. I have stopped using the maui/torque configuration by yaim for this same reason.
Still I did not like the changes it had made to the ssh configuration!! It had opened up connections which were not needed on our site because we can use cp operations on a shared home filesystem.
I would also think that these changes should be clearly described in the installation manual. Site admins should know how the site is being setup with respect to these things, and be able to make their own decisions. Now they may not even be aware that the changes have been made.
Best wishes,
Fokke
--------
Fokke Dijkstra
High Performance Computing
SARA - Reken- en Netwerkdiensten http://www.sara.nl
Tel. +31 20 592 8004 Fax. +31 20 668 3167
-----Original Message-----
From: LHC Computer Grid - Rollout on behalf of owen maroney
Sent: Fri 6/17/2005 13:18
To: [log in to unmask]
Subject: Re: [LCG-ROLLOUT] The 'How to blacklist a user" discussion and others.
Hi Fokke,
I have to disagree and suggest that these fixes are included in yaim.
The yaim installation should at least aspire to be Secure By Default.
That is, if I follow the yaim instructions to the letter, when
installing a grid site, including the yaim torque installation, I should
be able to expect that this installation does not contain known and
fixable security vulnerabilities.
As I understand it, yaim gives a default installation for a 'typical'
site. This installation is acheived by simple, uncomplicated bash
scripts which can be easily understood by site admins. If a site has a
reason to move away from the default installation, it is assumed they
have the expertise to understand the yaim installation and what they
must do to change it to match their local conditions. Included in this
must be to understand for themselves the security implications of their
changes. If the site admin wants to review the security of the yaim
installation and improve (or relax) this according to their own
policies, then good, but the default installation itself should be secure.
Yaim provides a default torque installation, which can be separated from
the CE installation. This torque installation includes configuring
torque to use password free ssh between WN and CE's - so yaim is already
doing the setup of ssh on the site in this case.
regards,
Owen.
Fokke Dijkstra wrote:
> Hello all,
>
> As Steve mentioned on the wiki page, some of the fixes may break MPI
> support. I would not like such fixes to be the default in yaim.
> Currently for MPI support ssh access between the workernodes is
> necessary.
>
> As far as I understood yaim was only meant to perform the setup of
> the LCG middleware. Sites using yaim will have to do the rest of the
> configuration, like the setup of ssh and tcp wrappers, themselves. I
> would like it to stay this way, because otherwise it is very hard to
> be able to make use of yaim functionality when using cluster
> management software.
>
> Hints about the setup on a wiki are of course very welcome.
>
> Kind regards,
>
> Fokke
--
=======================================================
Dr O J E Maroney # London Tier 2 Technical Co-ordinator
Tel. (+44)20 759 47802
Imperial College London
High Energy Physics Department
The Blackett Laboratory
Prince Consort Road, London, SW7 2BW
====================================
|