Suppose I have a cluster of machines, running an application. The application opens up TCP connections to other machines, without any form of authentication.
If nothing else is running on these machines, it is possible to use iptables, perhaps in combination with IPsec, to prevent misuse of these services.
If there are other services running the cluster nodes which are supposed to have different privileges, what are my options to preserve this distinction in privileges? If those other services can connect to the TCP port used by the clustered application, it's possible that the (supposedly unprivileged) service takes over the cluster. Would iptables owner match work here? Is there some way to pass on user information with IPsec?
On Wed, 16 Apr 2014, Florian Weimer wrote:
Suppose I have a cluster of machines, running an application. The application opens up TCP connections to other machines, without any form of authentication. [...] Would iptables owner match work here?
You can use it to restrict outgoing connections to addresses and ports where the application is listening. But it would be rather fragile because the restriction would have be enforced at every individual node able to connect to the app.
Is there some way to pass on user information with IPsec?
SELinux can do it with security contexts: http://selinuxproject.org/page/NB_Networking#Labeled_IPSec
On 04/16/2014 11:33 AM, Pavel Kankovsky wrote:
Is there some way to pass on user information with IPsec?
SELinux can do it with security contexts: http://selinuxproject.org/page/NB_Networking#Labeled_IPSec
Ah, okay, this is an option at least. Thanks.
security@lists.fedoraproject.org
-
Florian Weimer -
Pavel Kankovsky