On Wed, Apr 29, 2009 at 11:53 AM, Adrian Sevcenco
<[log in to unmask]> wrote:
> Steve Traylen wrote:
>> On Wed, Apr 29, 2009 at 7:17 AM, Adrian Sevcenco
>> <[log in to unmask]> wrote:
>>> Steve Traylen wrote:
>>>> On Wed, Apr 29, 2009 at 12:29 AM, Adrian Sevcenco
>>>> <[log in to unmask]> wrote:
>>>>> Hi,
>>>>> Has anyone any idea why there are the hostcert and hostkey in
>>>>> /home/glite/.certs ?
>>>>> One question that would arise would be about security (an normal user
>>>>> that has a shell and keeps the certificate of the machine ...)
>>>> Hi Adrian,
>>> Hi,
>>>
>>>> Who is "glite". Do they run a service or something. Which node type is this.
>>> sorry for not being more clear ..
>>> The node type is : CE+MON+BDII_site+UI
>>> the glite is running glite-lb-interlogd with the command
>>> /opt/glite/bin/glite-lb-interlogd -c /home/glite/.certs/hostcert.pem -k
>>> /home/glite/.certs/hostkey.pem
>>>
>>> and i have no idea what is glite-lb-interlogd ..
>>
>> The only item to be fixed here is just to change the default the home
>> directory to something more local, something like /var/lib/glite.
>>
>> Can you submit a bug request please.
> Sure, i just did :)
> The underlying question would be if i can consider this a security
> breach .. i don't remember that those certs to be there some time ago ..
> and now are there + yesterday we had a strange situation when we had
> load as high as 100 on a 4 core machine (CE+MON+BDII_site+UI) with all 4
> GB of memory exhausted which i found to be strange ... the situation
> survived 2 reboots but not to a third reboot.
The fact the certs are there is clear consequence of yaim being executed
and is normal and to be expected.
>
> another strange thing i saw is that we have some services in init.d
> namely : rgma-gin (Gets LDIF information and publishes it to RGMA),
> rgma-glue-archiver (An R-GMA Archiver Service) and rgma-servicetool
> (Periodically publishes existance and status of services using R-GMA)
> which were not enabled to be started at boot and at this time of writing
> rgma-gin and rgma-servicetool are stopped even if were enabled.
The fact that rgma- is stopped is probably fine... These will eventually vanish
some not to far away I would say.
>
> Is this ok?
>
> Thanks for support and info,
> Adrian
>
>
>> Steve
>>
>>
>>> Thanks,
>>> Adrian
>>>
>>>
>
--
Steve Traylen
|