perfSONAR User Q&A and Other Discussion

[Andreas Haupt <>]

Hi Andrew,

the updated package is unsigned and therefore not installed:

[root@perfson1
 ~]# yum update
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package cassandra20.noarch 0:2.0.7-1 will be updated
---> Package cassandra20.noarch 0:2.0.14-1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=========================================================================================================================================
 Package                            Arch                          Version     
                    Repository                        Size
=========================================================================================================================================
Updating:
 cassandra20                        noarch                        2.0.14-1    
                    Internet2                         17 M

Transaction Summary
=========================================================================================================================================
Upgrade       1 Package(s)

Total size: 17 M
Is this ok [y/N]: y
Downloading Packages:


Package cassandra20-2.0.14-1.noarch.rpm is not signed
[root@perfson1
 ~]# 

Cheers,
Andreas

Am Mittwoch, den 01.04.2015, 21:00 -0400 schrieb Andrew Lake:
> Hi all,
> 
> 
> There was a CVE released today for cassandra, which is used by the
> perfSONAR measurement archive software, esmond. You can find more
> information here: http://seclists.org/bugtraq/2015/Apr/0. If you are
> using the perfSONAR Toolkit distribution NO further action is required
> to protect your host. The summary of the issue is that by default
> cassandra listens on ports for JMX connections which allows remote
> execution of java code. Since inclusion of cassandra on the Toolkit
> last year, the Toolkit has a script that automatically turns these
> ports off in the cassandra configuration. Furthermore, the default
> iptables that the Toolkit installs block these ports had anything been
> listening on them.
> 
> 
> If you are running a standalone esmond instance you need to update and
> restart cassandra. A few users have installed esmond separately from a
> Toolkit host as a central measurement archive or similar. If you are
> one of these users you need to run the following:
> 
> 
> yum update cassandra20
> /sbin/service cassandra restart
> 
> 
> Note the restart of cassandra, so auto-updates alone aren't enough.
> Please let us know if you have any questions. 
> 
> 
> Thank you,
> The perfSONAR Development Team

-- 
| Andreas Haupt            | E-Mail: 

|  DESY Zeuthen            | WWW:    http://www-zeuthen.desy.de/~ahaupt
|  Platanenallee 6         | Phone:  +49/33762/7-7359
|  D-15738 Zeuthen         | Fax:    +49/33762/7-7216