Difference: GlideinWMSCrabSSC6 (5 vs. 6)

Revision 62012/08/30 - Main.JamesLetts

Line: 1 to 1
 
META TOPICPARENT name="GlideinWMSCrab"

PROCEDURES FOR GLIDEINWMS CRAB SERVER DURING THE CMS SECURITY CHALLENGE SSC6

Line: 27 to 27
 condor_hold uscmsxxx
Changed:
<
<
As root, block the local userid in the /etc/passwd file on all submitter nodes by appending something to the userid like uscmsxxxBLOCKED. This will help in cleanup later. Effectively this will block any further submissions by denying the ability of the compromised DN to use gridftp on the server.
>
>
As root, block the local userid in the /etc/passwd file on all submitter nodes by appending something to the userid like uscmsxxxBLOCKED. This will help in cleanup later. Effectively this will block any further submissions by denying the ability of the compromised DN to use gridftp or glexec on the server.
 

Collecting Information

Line: 66 to 66
 ...
Changed:
<
<
Pilot startd names are also available in the EventLog. From this information it should be possible to determine which other jobs ran on the same pilots that may have been compromised, if any.
>
>
Pilot startd names are also available in the EventLog. From this information it should be possible to determine which other jobs ran on the same pilots that may have been compromised, if any. The command condor_userlog -attr can query any attribute avaialble in the EventLog. The ClassAd? names are the same names as in condor_q and condor_history.
  IP address from which jobs were submitted are more difficult to determine. In principle, this info is in two logs in $PRODAGENT_WORKDIR/CommandManager
  • ComponentLog says that there was e.g. a request to submit a new task.
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback