[Ganglia-developers] Gmond and default configuration directory bug?
I have fresh system (Ubuntu 12.04 x64) and I've just installed gmond. I was using this guidehttp://sourceforge.net/apps/trac/ganglia/wiki/Ganglia%203.1.x%20Installation%20and%20Configuration#getting_support. Just simple configure-make-make install, without gmetad, because I'd like to use gmetad-python. Why default gmond's installation configures it to look for configuration files in /usr/local/etc/gmond.conf? Everywhere in documentation I see /etc/ganglia/gmond.conf. /etc/ganglia/gmetad-python.conf and when gmetad-python looks for confgiuration in proper directory (/etc/ganglia/gmetad-python.conf), gmond looks in wrong one. Cheers, -- *Simon,* -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Ganglia-developers mailing list Ganglia-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-developers
Re: [Ganglia-developers] [Ganglia-general] [SECURITY] [IMPORTANT] Security issue in Ganglia Web
I think we need to be clear about the support lifecycle for older versions - I remember 3.0.x was being supported for a while when 3.1.x was in use - I'm not sure if anyone has taken on 3.1.x support? Debian 6.0 (squeeze) is carrying the 3.1.7 package. http://packages.debian.org/search?keywords=ganglia-webfrontend The Debian security team will accept a patch on that (e.g. a 3.1.8 release) - they won't accept other changes. For example, they won't push out a 3.5.1 package to Debian 6.0 users. Even when Debian 7.0 (wheezy) is released later this year, Debian 6.0 is still supported by security updates for 1 year. How do people feel about a 3.1.8 release? Is there anything else particularly urgent that should be cherry-picked for such a release? Do other distros need 3.1.8 too? Although 3.3.5 is listed on the page above, I'm going to push for 3.5.x to be included in Debian 7.0 - that means it will be around for 3 years from now. I think it is a good idea to have a branch for 3.5.x minor updates so that security fixes for Debian and other distros can be cherry-picked for such releases. On 13/07/12 21:54, Vladimir Vuksan wrote: There is a security issue in Ganglia Web going back to at least 3.1.7 which can lead to arbitrary script being executed with web user privileges possibly leading to a machine compromise. Issue has been fixed in the latest version of Ganglia Web which can be downloaded from https://sourceforge.net/projects/ganglia/files/ganglia-web/3.5.1/ If you are running Ganglia Web open on the internet you are advised to upgrade ASAP or at a minimum password protect access to Ganglia Web. We'll have a write up about details of the vulnerability in few days. Sincerely, Vladimir -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Ganglia-general mailing list ganglia-gene...@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-general -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Ganglia-developers mailing list Ganglia-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-developers
Re: [Ganglia-developers] [Ganglia-general] [SECURITY] [IMPORTANT] Security issue in Ganglia Web
Hi Daniel: On Sun, Jul 15, 2012 at 10:26 AM, Daniel Pocock dan...@pocock.com.au wrote: I think we need to be clear about the support lifecycle for older versions - I remember 3.0.x was being supported for a while when 3.1.x was in use - I'm not sure if anyone has taken on 3.1.x support? I saw Kostas on IRC and talked to him briefly about the security vulnerability and he mentioned that he will take a look at backporting fixes to 3.1.7 since that is the latest version available on EPEL. I don't think he has volunteered to take over support for the entire branch, but will at least work on releasing updated RPMs for EPEL users. Hopefully he could chime in on this ;-) Thanks, Bernard -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Ganglia-developers mailing list Ganglia-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-developers
Re: [Ganglia-developers] Gmond and default configuration directory bug?
Hi Simon: On Sun, Jul 15, 2012 at 3:45 AM, Simon G. semy...@gmail.com wrote: Why default gmond's installation configures it to look for configuration files in /usr/local/etc/gmond.conf? /usr/local is the default prefix when you build from source. Everywhere in documentation I see /etc/ganglia/gmond.conf. /etc/ganglia/gmetad-python.conf and when gmetad-python looks for confgiuration in proper directory (/etc/ganglia/gmetad-python.conf), gmond looks in wrong one. The documentation in the wiki assumes you're using binary packages (RPM or deb) which most people do. Perhaps we could improve the documentation by making this clearer. I haven't been following the Debian/Ubuntu package situation, but don't they have readily available package for gmetad-python? Cheers, Bernard -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Ganglia-developers mailing list Ganglia-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-developers
Re: [Ganglia-developers] [Ganglia-general] [SECURITY] [IMPORTANT] Security issue in Ganglia Web
On 15/07/12 20:27, Bernard Li wrote: Hi Daniel: On Sun, Jul 15, 2012 at 10:26 AM, Daniel Pocock dan...@pocock.com.au wrote: I think we need to be clear about the support lifecycle for older versions - I remember 3.0.x was being supported for a while when 3.1.x was in use - I'm not sure if anyone has taken on 3.1.x support? I saw Kostas on IRC and talked to him briefly about the security vulnerability and he mentioned that he will take a look at backporting fixes to 3.1.7 since that is the latest version available on EPEL. I don't think he has volunteered to take over support for the entire branch, but will at least work on releasing updated RPMs for EPEL users. Hopefully he could chime in on this ;-) I don't think there is any obligation on anyone to do this - but perhaps it would be useful to track supported versions (and related distros) on a wiki page so we don't duplicate any effort e.g: 3.1.x:Distros: Debian 6, EPELUpdates: Kostas?Note: security fixes only 3.2.x:Note: unsupported, go to 3.5.x? 3.3.x:Note: unsupported, go to 3.5.x? 3.4.x:Note: unsupported, go to 3.5.x? 3.5.x:Distros: Debian 7? Updates: ? Note: we aim to make this the next long-term-support version for Debian 7, EPEL In this example, I've marked 3.[234].x as unsupported because I don't know if any stable distro is carrying any of them - feel free to correct me -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Ganglia-developers mailing list Ganglia-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-developers
[Ganglia-developers] web/Makefile and DESTDIR
I discovered that the ganglia-web Makefile has a DESTDIR variable However, the way it is used and the default value were not consistent with the normal use of DESTDIR http://www.gnu.org/prep/standards/html_node/DESTDIR.html Given that DESTDIR is widely used for package building, I've amended the Makefile, the old DESTDIR is now GDESTDIR Therefore, packaging scripts can set DESTDIR in the way they would for any other Makefile This was only fixed after the 3.5.1 release, so it will only work this way from 3.5.2 onwards -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Ganglia-developers mailing list Ganglia-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-developers
Re: [Ganglia-developers] [Ganglia-general] [SECURITY] [IMPORTANT] Security issue in Ganglia Web
On Sun, Jul 15, 2012 at 2:48 PM, Bernard Li bern...@vanhpc.org wrote: Hi Daniel: If you want to start a wiki page for that, that's fine. But in my experience these pages get stale pretty quickly ;-) While true, stale != inaccurate or even useless. I've written information on (internal) wiki pages that is 5 years old, with nary a change. The information is still accurate and useful to this day. -- Jesse Becker -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Ganglia-developers mailing list Ganglia-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-developers