- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- ServiceGuard, rcp and vulnerability scans
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-19-2009 08:39 AM
11-19-2009 08:39 AM
Has HP addressed moving away from rcp and over to scp for ServiceGuard? I guess I could technically turn off the r services and only turn them on when I plan on making cluster configuration changes that require the transfer of the config file to the other nodes, but I would rather not have to add another element to the cluster administration.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-19-2009 08:49 AM
11-19-2009 08:49 AM
SolutionServiceguard 11.16 and above has an improved security model and can be used without rcp. It does not use openssh, but you can shut down the vulnerable r-type services and still use ServiceGuard.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-19-2009 08:52 AM
11-19-2009 08:52 AM
Re: ServiceGuard, rcp and vulnerability scans
Most customers I deal with these days use scp and ssh for the manual procedures.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-19-2009 09:04 AM
11-19-2009 09:04 AM
Re: ServiceGuard, rcp and vulnerability scans
Thanks very much for your help.
John
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-19-2009 09:07 AM
11-19-2009 09:07 AM
Re: ServiceGuard, rcp and vulnerability scans
And by manual procedures I assume you mean transferring cluster.confs, cmclnodelist, package configuration files and whatnot. That is, everything except the cmclconfig.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-19-2009 09:18 AM
11-19-2009 09:18 AM
Re: ServiceGuard, rcp and vulnerability scans
ServiceGuard uses the below ports
-----------------------------------
clvm-cfg 1476/tcp HA LVM Configuration
hacl-qs 1238/tcp HA Quorum Server
hacl-hb 5300/tcp High Availability (HA) Cluster heartbeat
hacl-hb 5300/udp High Availability (HA) Cluster heartbeat
hacl-gs 5301/tcp HA Cluster General Services
hacl-cfg 5302/tcp HA Cluster TCP configuration
hacl-cfg 5302/udp HA Cluster UDP configuration
hacl-probe 5303/tcp HA Cluster TCP probe
hacl-probe 5303/udp HA Cluster UDP probe
hacl-local 5304/tcp HA Cluster commands
hacl-test 5305/tcp HA Cluster test
hacl-dlm 5408/tcp HA Cluster distributed lock manager
Aneesh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-19-2009 09:21 AM
11-19-2009 09:21 AM
Re: ServiceGuard, rcp and vulnerability scans
The default cmquerycl method of setting up an 11.16 cluster, uses the cmnodelist security model, improving the previous security model.
As far as file transfer, scp can be used, but SG does not require password free file transfer to operate. SG communications and heartbeat do not use r-services.
I do not know what port it uses, but a look at netstat -an, will help. You can also use tcpdump to figure out what ports are in use. Probably someone will just tell you, but finding stuff out this way is fun and cool.
SG does run a daemon or two in /etc/inetd.conf but that is done with reasonable security.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-19-2009 06:10 PM
11-19-2009 06:10 PM
Re: ServiceGuard, rcp and vulnerability scans
Old versions of Serviceguard (long before 11.16) did used to use .rhosts / hosts.equiv as an authentication method, but it has never actually used the r services themselves. These have always been able to be disabled. They were simply used as a conveniet method by admins to copy files such as the package files between nodes.
On Linux SG clusters I do not even have the r commands installed.