Community
Ignite-UX

Re: RE: Security with /var/opt/ignite

 
Adam Noble
Super Advisor

‎03-02-2011 02:44 AM

‎03-02-2011 02:44 AM

RE: Security with /var/opt/ignite

Hi all,

A default installation of ignite makes /var/opt/ignite/clients open to all.

I can understand the reasoning for this but are there ways of locking this down but still providing the functionality to build machines etc.

Adam
0 Kudos
Reply
2 REPLIES 2
Tim Nelson
Honored Contributor

‎03-03-2011 11:57 AM

‎03-03-2011 11:57 AM

Re: RE: Security with /var/opt/ignite

are you referring to the configuration of the NFS exports ?

you can modify that security however you wish. man exports or man share depending on your version

/var/opt/ignite/clients with any host restrictions you want. during a rebuild/clone you would need to make sure you make the appropriate modifications before you start the recovery.

0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎03-03-2011 01:20 PM

‎03-03-2011 01:20 PM

Re: RE: Security with /var/opt/ignite

Shalom,

There is no need to lock it down. There is no authentication information or anything that can compromise security.

In the end, the Ignite build process is a root process so you CAN lock it down.

There are some issues with Ignite client configuration directories needing to be bin:bin

I would challenge anyone saying there are security issues with /var/opt/ignite/clients to prove it.

What is really there? Text configuration files, mac addresses and pointers to Ignite archives.

No security issues at all.

Messing around here will likely cause pain. Pain without a good enough payoff to justify the pain

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.