> Did someone on this list really say they didn't know about
> this vulnerability?
I think the comment was refering to the testing rather than the
vulnerability being tested for.
Martin.
--
Martin Bly
RAL Tier1 Fabric Team
> -----Original Message-----
> From: Testbed Support for GridPP member institutes
> [mailto:[log in to unmask]] On Behalf Of Gordon, John
> (STFC,RAL,ESC)
> Sent: 25 September 2009 15:43
> To: [log in to unmask]
> Subject: Re: recent EGEE policy wrt kernel patching
>
> I raised this at the GDB on behalf Romain. He was concerned
> at the low fraction of sites who had patched. If this hadn't
> improved in recent weeks and he was in Barcelona with EGEE
> top brass I can see why it got escalated.
>
> Did someone on this list really say they didn't know about
> this vulnerability? If so I think it is we who should be
> worrying about comms.
>
> John
>
> -----Original Message-----
> From: "Peter Gronbech" <[log in to unmask]>
> To: "[log in to unmask]" <[log in to unmask]>
> Sent: 25/09/09 13:36
> Subject: Re: recent EGEE policy wrt kernel patching
>
> This security testing has been talked about for some time and
> was run by
> Romain Wartels group.
> It basically ran a grid job at your site which did a rpm -qa and then
> compared that with what was expected for a system running that OS.
> http://indico.cern.ch/contributionDisplay.py?contribId=107&ses
> sionId=137
> &confId=55893
> Shows an abstract and a Poster they presented about it at EGEE09 this
> week.
>
> I must admit I was surprised that they sent the email from
> the EGEE PMB
> saying sites that did not act would be de certified, but I
> think I'm in
> favour generally.
>
> I have no doubt that the data stored is being held in a
> responsible way.
>
> Cheers Pete
>
> --
> ----------------------------------------------------------------------
> Peter Gronbech Senior Systems Manager and Tel No. : 01865 273389
> SouthGrid Technical Co-ordinator Fax No. : 01865 273418
>
> Department of Particle Physics,
> University of Oxford,
> Keble Road, Oxford OX1 3RH, UK E-mail : [log in to unmask]
> ----------------------------------------------------------------------
>
> -----Original Message-----
> From: Testbed Support for GridPP member institutes
> [mailto:[log in to unmask]] On Behalf Of Sansum, Andrew
> (STFC,RAL,ESC)
> Sent: 25 September 2009 11:47
> To: [log in to unmask]
> Subject: recent EGEE policy wrt kernel patching
>
> Does anyone else have a view on the recent change in EGEE policy wrt
> security patching? I was suprised (to say the least) to find
> that there
> was a pakiti server somewhere out in EGEE land that was accumalating
> host level information about heaven only knows what but at a
> minimum our
> kernel versions across our farm. This presumably to be used to make
> operational decisions about which sites should be cut off
> from the Grid.
>
> The inevitable outcome has been a dialogue along the lines of "please
> account for why you are running kernel xxx on host yyy". Am I the only
> one who finds this very annoying, both in principle (that
> sites will be
> expected to justify their host level configuration to third
> parties) and
> also how it has been implemented in practice _ ie I've just disovered
> that there is a server somewhere out there holding a lot of sensitive
> information about our patching status.
>
> i don't have any problem in principle with some aspects of this work,
> but its a question of how it is done.
>
> What do others think - I plan to mail the GRIDPP PMB today about this
> but would like to know if I am in a grumpy minority of 1 or if the
> feeling is more widespread.
>
> I don't have access to the dteam list but understand this hasn't yet
> been discussed there. Mingchao's email is attached below - I
> should say
> that I'm not trying to shoot the messanger here - my issue is the way
> this has emerged from EGEE.
>
> Regards
> Andrew
> ==============================================================
> ==========
> =============
> Dear Security Contacts (in Bcc) and Tier2 Coordinators,
>
> Yesterday (23 September 2009) EGEE PMB (Project Management Board) had
> made
> following decision:
>
> Any EGEE site that did not FULLY apply the security patches
> (CVE-2009-2692
> and CVE-2009-2698) by 30 September 2009 will be DISCONNECTED from EGEE
> infrastructure.
>
> In order to assist GridPP PMB to make an informed decision to comply
> EGEE
> PMB's requirement, could ALL GridPP sites please report me
> your current
> patching status of ALL your Grid systems? If your site has not been
> FULLY
> patched, please provide me following information:
>
> - Full list of un-patched systems;
> - Reason of not being patched;
> - Any alternative way to patch your system (e.g. to compile your own
> kernel/driver);
> - The consequence if these up-patched systems were turned off;
> - Risk if these up-patched systems were up and running;
>
> ALL sites (including those who have reported me last week) MUST send
> your
> report to me (copy it to your T2 coordinators please) by the end of
> today
> (24 September 2009).
>
> Thanks,
>
> Mingchao
> --
> Scanned by iCritical.
> --
> Scanned by iCritical.
>
--
Scanned by iCritical.
|