Steve Traylen wrote:
> On Wed, Apr 29, 2009 at 7:17 AM, Adrian Sevcenco
> <[log in to unmask]> wrote:
>> Steve Traylen wrote:
>>> On Wed, Apr 29, 2009 at 12:29 AM, Adrian Sevcenco
>>> <[log in to unmask]> wrote:
>>>> Hi,
>>>> Has anyone any idea why there are the hostcert and hostkey in
>>>> /home/glite/.certs ?
>>>> One question that would arise would be about security (an normal user
>>>> that has a shell and keeps the certificate of the machine ...)
>>> Hi Adrian,
>> Hi,
>>
>>> Who is "glite". Do they run a service or something. Which node type is this.
>> sorry for not being more clear ..
>> The node type is : CE+MON+BDII_site+UI
>> the glite is running glite-lb-interlogd with the command
>> /opt/glite/bin/glite-lb-interlogd -c /home/glite/.certs/hostcert.pem -k
>> /home/glite/.certs/hostkey.pem
>>
>> and i have no idea what is glite-lb-interlogd ..
>
> The only item to be fixed here is just to change the default the home
> directory to something more local, something like /var/lib/glite.
>
> Can you submit a bug request please.
Sure, i just did :)
The underlying question would be if i can consider this a security
breach .. i don't remember that those certs to be there some time ago ..
and now are there + yesterday we had a strange situation when we had
load as high as 100 on a 4 core machine (CE+MON+BDII_site+UI) with all 4
GB of memory exhausted which i found to be strange ... the situation
survived 2 reboots but not to a third reboot.
another strange thing i saw is that we have some services in init.d
namely : rgma-gin (Gets LDIF information and publishes it to RGMA),
rgma-glue-archiver (An R-GMA Archiver Service) and rgma-servicetool
(Periodically publishes existance and status of services using R-GMA)
which were not enabled to be started at boot and at this time of writing
rgma-gin and rgma-servicetool are stopped even if were enabled.
Is this ok?
Thanks for support and info,
Adrian
> Steve
>
>
>> Thanks,
>> Adrian
>>
>>
|