Getting Secured
The purpose of parallel computing is to get faster computation.
Therefore SCore Cluster System Software is designed for providing
high-performance computation on a cluster system. There is a
growing demand for the protection from the cracker attacks. However,
there is a trade-off between the high-performance and the
security. Having the more robust secured system, the lower the
performance.
From the SCore Cluster System Software version 3.1, some level of
security is introduced. SCore Cluster System Software, however, was not
yet designed to be exposed to Internet. As the demand of network
security getting larger and larger, and from the version 5.4, we
implemented new security mechanism described in this page.
It is assumed that the reader of this page is an expert of Linux
(Unix). If you can not undertand what is written in this page, we
strongly recommend not to connect your cluster network with Internet.
The new security feature is based on [x]inetd and the ingress
check. It is assumed that your upper (outer) network must
have the ingress check. If you are not sure on this,
ask network administrator, or do not connect with Internet.
Here is the procedure to secure your SCore
cluster.
- Edit the /etc/score.conf file and add the following
line.
SCORE_SECURE_DAEMONS=yes
- On you server host, copy
/opt/score/score-src/SCore/security/server/* files into
/etc/xinetd.d directory. On you cluster (compute) hosts, copy
/opt/score/score-src/SCore/security/compute/* files into
/etc/xinetd.d directory.
- Edit those copied files, if necessary.
- Enable [x]inetd.
- Reboot server host and cluster (compute) hosts.
Although we are doing our best, connecting with Internet is considered
to be dangerous and do at your own risk.
Cracking Alert
Some programs in SCore Cluster System Software give a warning message
when they detect some illegal situation that might be a
cracking trial. If a cluster administrator or a user finds one of
these messages, stop using the system and consult a system
administrator of your site as soon as possible.
-
SCore-D outputs an alert
message at the initialization stage when it finds an illegal cache
file in the directory /var/scored/scoreboard. Here is the sample of
the message.
SCBD: SECURITY ERROR !!
Cached file (/var/scored/scoreboard/server.02f00200DLs5) is not a regular file.
-
SCore-D outputs an alert
message to
sc_syslog
when it detects an illegal login request. Here is the sample of the
message.
UNAUTHORIZED LOGIN REQUEST: somebody@somehost:1234
-
scrun
outputs
an alert message when it detects an illegal connection request. Here
is the sample of the message.
SCRUN: Unauthorized connection (INET from somehost:2345).
We need you help !
If you find any possible security hole in SCore Cluster System
Software, send e-mail(s) to
score-master@pccluster.org.
$Id: security.html,v 1.8 2003/08/18 07:56:31 hori Exp $