[Systems] nfs on a.sl.o
dfarning at sugarlabs.org
dfarning at sugarlabs.org
Sun Nov 22 07:08:30 EST 2009
On Sun, Nov 22, 2009 at 3:36 AM, Sascha Silbe <sascha-ml-ui-sugar-systems at silbe.org> wrote:
> On Sat, Nov 21, 2009 at 02:50:40PM -0600, David Farning wrote:
>
>> see /etc/exports and /etc/fstab for details.
>
> So it's NFS3, no encryption or cryptographic authentication. How
> private/secure is the link between sunjammer and aslo-web?
> We should at least use IP addresses in /etc/fstab and maybe even
> /etc/exports (in case we move the DNS content server from sunjammer to
> another host and forget about changing /etc/exports to use IP addresses) to
> guard us against DNS spoofing.
Right now I am using an unpleasant mix of IP addresses and dns names. Long term I agree we should go with IP addresses. Short term I am using DNS name in to help make it clear who is connecting to who.
aslo-web and sunjammer use a public link. I believe that Danny set up a private link but it is not operational yet.
I am currently trying to figure out how to set the hosts/allow and host/deny . I have been making compromises to try to make bernie's and dogies live easier while designing this so that it will be grow to be scalable, highly available, and secure.
Do you have thoughts on how to improve the NFS configuration or otherwise improve the overall security of aslo.
david
>> 2. Tomorrow night, I'll do a final sync of the database and point
>> aslo-proxy at aslo-web.... and we should be live.
>
> Depending on when you have time to make the change, it might make sense to
> take a look at a.sl.o usage statistics to determine which time zone to
> choose for the value of "night".
I have been using using the time in .uy as a basis for the aslo clock. .UY accounts for most of our traffic and they align nicely with my local time. http://sunjammer.sugarlabs.org/munin/sugarlabs.org/sunjammer.sugarlabs.org-apache_accesses.html .
> CU Sascha
>
> --
> http://sascha.silbe.org/
> http://www.infra-silbe.de/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iQEbBAEBAgAGBQJLCQYJAAoJELpz82VMF3DaYAIH+La9CpSUvEsxmv5oQTGNNwNI
> CVBelxrEbvSVneU9dN9i8Y2mF7srNkU8h/o4rYWMRMnYNdE6ELYI96O2psW8Oa5z
> 2G0VhDzeyBQUaY9FyqV6P/T6g8Ws2mljtoDYEvmOdJMDSIV5HP3XgY51BVcj7nnE
> KnqyY1OgEkqeIBHlBdWjsyBdTqI8wfd29WDdSNMCQW4DujsI39XnQV1yO150PTwm
> tI/M7RLEANTvI7v3M1MptnhtaJ1dvpay8umRb8LYTQMfhSav/yrTLWRW0kwnpKqc
> f2Rsz6m+HTr9wyO7Aw7hCaB4kX0AWbrO5ovTNPxrpUmbhEyatl/mSr4cWWRGYg==
> =cSao
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Systems mailing list
> Systems at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/systems
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 271 bytes
Desc: OpenPGP digital signature
Url : http://lists.sugarlabs.org/private/systems/attachments/20091122/5da56a37/attachment.pgp
More information about the Systems
mailing list