no 'commodity' OS is 'secure' Re: [Beowulf] Which distro for the cluster?

[Chris Samuel]

On Thursday 11 January 2007 01:21, Andrew Piskorski wrote:

> It sounds suspiciously like decision making driven by what the rules and
> paperwork says you're supposed to do

I knew an organisation (not this one) that had the rule that every system had 
to run a full virus scan once a day.

The security folks insisted that this rule applied to their new Linux/AIX 
cluster and so they dutifully paid for a commercial Linux A/V package and set 
up cron to scan the user and project data (mounted from an AIX box) once a 
day.

Only problem was once they had more than a trivial amount of data it took more 
than 24 hours for the scan to run, so the first one was still running when 
the second one was kicked off by cron.  This slowed both of them down, so the 
first one still hadn't finished by the next day, which slowed all 3 of them 
down further, so the next day.. well, you get the picture.

I gave them a hand with this tricky problem and eventually they managed to 
persuade their higher ups that they could get away with running ClamAV on the 
NFS server (as there was no commercial AV for AIX, unsurprisingly) and the 
problems went away.

cheers,
Chris
-- 
 Christopher Samuel - (03)9925 4751 - VPAC Deputy Systems Manager
 Victorian Partnership for Advanced Computing http://www.vpac.org/
 Bldg 91, 110 Victoria Street, Carlton South, VIC 3053, Australia

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.scyld.com/pipermail/beowulf/attachments/20070111/f191fd2d/attachment.bin