Hello all,
Background: We are using Ganglia in an environment that should pass
certain security audits. A common check item in such audits is that
services should not trust connections only based on source IP
addresses. Their rationale is that an attacker who gains
non-privileged access to a server may be able to access such services
without any additional credentials. If services require credentials,
and if credentials are stored away from non-privileged users, the
attacker should gain root/admin access and locate credentials, thus
making an attack more difficult.
One may argue that this is being too paranoid (I personally feel so,
too), but there is not much we can do to avoid this test.
So we started implementing a simple and optional "auth_token" feature
to be used in both TCP and UDP communications.
We are considering an "auth_token" parameter in the global gmond
config, or in the udp/tcp send/recv channel config, and in the gmetad
config.
Please make suggestions to implement this feature in an acceptable
way, as we are hoping to submit the changes for upstream code.
Thanks in advance!
Anuradha
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Ganglia-developers mailing list
Ganglia-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-developers
