The slurmctld daemon silently discards invalid RPCs. The slurmd and slurmdbd daemon sends a response RPC that indicates an invalid RPC was received and this is intended to let the main Slurm control daemon (slurmctld) know that something is wrong rather than the daemon just appearing to be dead. I just added a sleep in that logic to help prevent brute force attacks.
In any case, assuming that you have AuthType=auth/munge configured (the default) then unless someone sends a message with the proper munge credential, it's not going to do any harm. The response does include a mung credential, so that is why you see a "munge" in the message. Quoting Greg Wilson <[email protected]>: > Hi! I could not help but notice that while munge seems to be active on > SlurmdPort, there is no similar response on SlurmctldPort: > > $ nc slurmnode0 6818 > I type: crazy command > Response: ... auth/munge .. MUNGE: > > $ nc slurmctrl0 6817 > I type: crazy command > No response > > Running these machines on EC2 with the ports globally exposed, should I > consider SlurmctrldPort less protected than SlurmdPort, and perhaps at > least maintain hosts.deny/allow files? Any best practice for network > security with slurm on internet connected servers? > > Best regards Greg >
