[lug] New toy: Opteron Scyld GigE Cluster

Zan Lynx zlynx at acm.org
Tue Oct 23 16:52:19 MDT 2007


On Tue, 2007-10-23 at 18:02 -0400, gordongoldin at aim.com wrote:
> I'm getting a new toy: Opteron Scyld GigE Cluster 
> 
> Running Scyld and Torque.
> 
[cut]

> As part of hardening, like the folks above, I get rid of things like
> rcp.  
> 
> And I make sure the net parameters disallow redirects or forwards,
> along with many other things.

> But I'm worried I'll break the "communication" between server and
> compute nodes
> 
> *******************************************************************
> 
> Thoughts?

I had understood that standard practice was to use a separate network to
keep the compute nodes isolated from any machines but the master, and
let them use faster, unencrypted, unauthenticated protocols like rsh,
rcp.

So, if nothing can get to the compute nodes except through the master
node, why bother hardening them?

-- 
Zan Lynx <zlynx at acm.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20071023/5bc7352c/attachment.pgp>


More information about the LUG mailing list