EMI WN Service Reference Card

Daemons running

Depending on the batch system used.

Init scripts and options (start|stop|restart|...)

Depending on the batch system used.

Configuration files location with example or template

  • /etc/profile.d/a1_grid_env.sh
  • /etc/profile.d/grid-env.sh
  • /etc/profile.d/grid-env.csh
  • /etc/glite-wn-info/
  • /etc/vomses/

Logfile locations (and management) and other useful audit information

  • /var/log
  • Batch system specific logfiles (varies)

Open ports

Possible unit test of the service

Where is service state held (and can it be rebuilt)

Cron jobs

  • cleanup-grid-accounts
  • fetch-crl

Security information

Access control Mechanism description (authentication & authorization)

  • Nothing reported

How to block/ban a user

  • There is no way to block/ban a user on a single Worker Node. The access must be handled at the level of the CE, you can see here

Network Usage

  • Worker Nodes should normally be configured to have outbound connectivity only to the world. There is no need for the WN to be reached from the outside.

Firewall configuration

See above "Network Usage". Moreover:
  • SCP access with HostBasedAuthentication must be granted to the Computing Element
  • Ports used by the batch system server must be opened for access on the WN. ie:
    • 15001 - 15004 (TCP/UDP) for Torque

Security recommendations

  • Disable all unneeded services and daemons.
  • Use private IP addresses.
  • Verify that all grid accounts are "cron" and "at" denied.
  • Verify that fetch-crl and cleanup-grid-accounts cron scripts are in place and working.
  • Consider to use some script to periodically check for processes escaping the batch system control (see Processes On Batch Nodes)

Security incompatibilities

Nothing reported

List of externals packages that are not maintained by the supported OS.

Other security relevant comments

-- DoinaCristinaAiftimiei - 25-Apr-2011

Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r3 - 2013-03-03 - DoinaCristinaAiftimiei
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EMI All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback