[Beowulf] Security issues

Marian Marinov mm at yuhu.biz
Sat Oct 25 20:17:27 PDT 2008


On Friday 24 October 2008 20:15:10 Leif Nixon wrote:
> "B. Vincent Diepeveen" <diep at xs4all.nl> writes:
> > Now you post here a big story on how your Rocks got hacked. Do i
> > conclude it correctly the
> > problem is that you ran a default Rocks kernel?
>
> The basic problem seems to be bad account hygiene.
>
> That's a hard problem. Users will forever be borrowing each other's
> accounts, making it difficult to contain security breaches.

But if you build a good infrastructure jailing the users within one directory 
with access to files that do not affect the underlaing OS you will have 
better chance of leaving such attacks out of your systems.

A scheme like that is when all of your users are chrooted to their home 
folders with the OS for each user mounted from a read-only image. This way it 
becomes harder for attackers to penetrate the OS security.

Also a good security addition will be adding SELinux, RSBAC or GRSecurity to 
the kernel and actually using any of these.

Regards
Marian Marinov
Head of System Operations at Siteground.com



More information about the Beowulf mailing list