Re: disk image creation & restauration

From: Peter T. Breuer (ptb_at_oboe.it.uc3m.es)
Date: 08/06/03 

Date: Wed, 6 Aug 2003 20:50:10 +0200

In comp.os.linux.setup Nico Kadel-Garcia <nkadel@verizon.net> wrote:
> Peter T. Breuer wrote:
>> In comp.os.linux.setup Nico Kadel-Garcia <nkadel@verizon.net> wrote:

>>>Experience. If you leave machines up and running 24x7 with no flushing
>>>of the OS, people *do* leave little love packages. And because
>>
>>
>> They can't. As to what they do in /tmp or their home directory (nfs
>> mount), that's their business.

> Not on a cluster or shared machine. Installing it in "/tmp" counts as
> installing it, and running an inappropriate or unauthorized service

It doesn't. It's just "there", not installed ...

> after you've logged out (which such love packages can easily do) is a
> potentially serious problem.

That I agree with. So firewall off the high ports.

> Shared workstations should not be used by
> people not logged into them unless that's local policy to permit it, and

Uh .... no http servers? No ftp servers .. well, I suppose it depends
what you mean by logged in. Authenticated and authorised, shall we say?

>> They don't install. They can put whatever they like in /tmp. There's no
>> harm at all in that.

> Horse pucks. If I leave a pirate FTP or FSP server running out of /tmp,

That's different. Putting stuff in /tmp is fine. Running a service is
different.

>> It's trivial, and stopped by closing access for ports above 1024.

> Horse pucks. Getting the firewall configuration just right to restrict
> incoming access for ports above 1024 is often a nightmare. And you can't
> entirely restrict it, since TCP does a fascinating bit of handing off of
> ports to allow the services on remote machines to actually respond back
> on a non-privileged port.

I've never had any trouble - you can simply close them all off to nonlocal
IPs, which should do nicely and never mind the niceties.

>> They always have the right to run such things. If they didn't, then
>> would only have a finite number of programs they could run and therefore
>> they would not be using a general purpose computing machine, but an
>> appliance.

> While they're logged in, sure. After they log off and leave the cluster?

You can reap old processes, but I for one certainly don't object to
people runningf jobswhile they're not logged in!

> Or leave it running more than 24 hours tying up public or shared
> machines? Nuh-uh.

Well, I would frown on that, but it's not a disaster. Too much of that
and I might warn them.

>>>on the machine so no one else can use it until you unlock it or the
>>
>> Anyone can break a screen lock with ctl-alt-bkspace.

> Nonsense. I can vlock all the terminal sessions and turn off the X server.

Hit the reboot button.

>>>Also, the "flush me every day completely" is a good way to make sure the
>>>machines get *all* the upgrades and are in a configuration known to the
>>
>>
>> I simply check the md5sums of every file every day. There are no
>> problems with what people put in tmp. Mind you, if somebody did invent a
>> fake login screen I'd give him extra marks ...

> This requires your kernel/glibc not to be screwed with. There are some

That's OK. It'd be caught next reboot.

> *nasty* hacks going around that actually trick the md5sum into
> misreporting the checksums, including some loadable kernel module hacks.

Don't worry about it. I know about them. One can see the module load
via anomalous behaviour, inclusing a miscount of processes and entries
under /proc.

> And you just entirely gave up on monitoring /tmp contents, which are
> therefore dangerous.

I don't monitor /tmp contents, just as I don't monitor the contents of
peoples $HOME. They can put what they like there.

Peter

Loading