Getting Secured

The purpose of parallel computing is to get faster computation. Therefore SCore Cluster System Software is designed for providing high-performance computation on a cluster system. There is a growing demand for the protection from the cracker attacks. However, there is a trade-off between the high-performance and the security. Having the more robust secured system, the lower the performance.

From the SCore Cluster System Software version 3.1, some level of security is introduced. SCore Cluster System Software, however, is not designed to be exposed to Internet. This software should be used within the intranet protected by a firewall.

It is not recommended to list the known security problems in SCore Cluster System Software, because it gives some clues to the crackers. So some basic rules are listed here for the security in SCore Cluster System Software.

Do not allow users to use SCore Cluster System Software directly from Internet.
Do not run scoreboard(8) and msgbserv(8) daemon processes with the root permissions.
Once a user gets login to a cluster host, scoutd(8) gives the user a way to eliminate user authentication between the hosts in a cluster. If this is the matter in your site, do not run scoutd. scout(1) can run without scoutd.
rsh style security checking is done when a user gets login to SCore-D running in a multi-user mode via scrun. Therefore /etc/hosts.equiv or ~/.rhosts must be set appropriately. See also rsh(1) Unix man page.

Cracking Alert

Some programs in SCore Cluster System Software give a warning message when they detect some illegal situation that might be a cracking trial. If a cluster administrator or a user finds one of these messages, stop using the system and consult a system administrator of your site as soon as possible.

SCore-D outputs an alert message at the initialization stage when it finds an illegal cache file in the directory /var/scored/scoreboard. Here is the sample of the message.
SCBD: SECURITY ERROR !! Cached file (/var/scored/scoreboard/server.02f00200DLs5) is not a regular file.
SCore-D outputs an alert message to sc_syslog when it detects an illegal login request. Here is the sample of the message.
UNAUTHORIZED LOGIN REQUEST: somebody@somehost:1234
scrun outputs an alert message when it detects an illegal connection request. Here is the sample of the message.
SCRUN: Unauthorized connection (INET from somehost:2345).

We need you help !

If you find any possible security hole in SCore Cluster System Software, send e-mail(s) to

score-master@pccluster.org.

PC Cluster Consotium

CREDIT
This document is a part of the SCore cluster system software developed at PC Cluster Consortium, Japan. Copyright (C) 2003 PC Cluster Consortium.