Linux cluster security: False alarms and real threats

How can you tell a real server security threat from a false alarm? SearchOpenSource.com's Linux servers and clusters expert Don Becker, co-founder of the original Beowulf project, describes how to determine whether your

    Requires Free Membership to View

server has been compromised or not.

In this tip, Becker explains the process of configuring your Linux distribution for clusters and offers a helpful hint for using the top or ps programs to determine the process identification on a server.

How do you go about installing and configuring Linux for clusters?

Don Becker: Most Linux distributions are not set up to be cluster operating systems. However, you can use them as the basis for "classic Beowulf" clusters, where a full distribution is loaded onto each machine. You'll need to add and configure management utilities and, perhaps, communications libraries. It is challenging to convert a workstation-oriented or stand-alone server distribution into a cluster because the management tools must match the specific distribution.

Most add-on cluster toolkits handle automated installation, usually by leveraging the functionality provided by the distribution. For example, they write a "kickstart" file for RPM-based distributions, like Red Hat for example. Then, they use ad hoc utilities to finish configuring each subsystem on the freshly installed distribution. These tools may need to be updated each time a new version of the underlying distribution comes out or changes.

Should users be concerned about references to Beowulf popping up in the /var/log/messages.0 file?

Becker: There are many different implementations of Beowulf software out there, and you may be seeing one of them. But it's more likely that you are seeing the kernel message from one of the device drivers I wrote when I was working on the Beowulf Project at NASA. Usage information for some of those drivers was published on the Beowulf.org website, and the drivers had URLs with "beowulf.org."

How should users handle a server whose security may have been compromised?

The safest solution is to save your applications and data, and start with a freshly installed Linux distribution on a new machine.

In the meantime, you can get an idea of what is running and where the program is located by looking at the /proc entry for one of the processes. For example, say you've found a process running on your server called "brute." Use the "top" or "ps" programs to find the process ID (PID)of a "brute." Then, look in /proc//maps to find where the executable is located.

root# ps ax | grep brute | head -10
26235 ?        Ss     0:00 /tmp/.../.brute
root# cat /proc/26235/maps
00b31000-00b4a000 r-xp 00000000 03:0a 612182     /lib/ld-2.4.so
00b4a000-00b4b000 r-xp 00018000 03:0a 612182     /lib/ld-2.4.so
00b4b000-00b4c000 rwxp 00019000 03:0a 612182     /lib/ld-2.4.so
00b4e000-00c7b000 r-xp 00000000 03:0a 612183     /lib/libc-2.4.so
08047000-08052000 r-xp 00000000 03:0a 614274     /tmp/.../.brute
08052000-08053000 rw-p 0000b000 03:0a 614274     /tmp/.../.brute

This was first published in August 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.