perfSONAR User Q&A and Other Discussion

[Andrew Lake <>]

Hi,

Signed version of the RPMs have been committed. It may take a few hours for 
them to propagate, so if you are still getting the unsigned message, please 
be patient.

Thanks,
Andy


On Apr 2, 2015, at 2:41 AM, Andreas Haupt 
<>
 wrote:

> Hi Andrew,
> 
> the updated package is unsigned and therefore not installed:
> 
> [root@perfson1
>  ~]# yum update
> Setting up Update Process
> Resolving Dependencies
> --> Running transaction check
> ---> Package cassandra20.noarch 0:2.0.7-1 will be updated
> ---> Package cassandra20.noarch 0:2.0.14-1 will be an update
> --> Finished Dependency Resolution
> 
> Dependencies Resolved
> 
> =========================================================================================================================================
> Package                            Arch                          Version    
>                      Repository                        Size
> =========================================================================================================================================
> Updating:
> cassandra20                        noarch                        2.0.14-1   
>                      Internet2                         17 M
> 
> Transaction Summary
> =========================================================================================================================================
> Upgrade       1 Package(s)
> 
> Total size: 17 M
> Is this ok [y/N]: y
> Downloading Packages:
> 
> 
> Package cassandra20-2.0.14-1.noarch.rpm is not signed
> [root@perfson1
>  ~]# 
> 
> Cheers,
> Andreas
> 
> Am Mittwoch, den 01.04.2015, 21:00 -0400 schrieb Andrew Lake:
>> Hi all,
>> 
>> 
>> There was a CVE released today for cassandra, which is used by the
>> perfSONAR measurement archive software, esmond. You can find more
>> information here: http://seclists.org/bugtraq/2015/Apr/0. If you are
>> using the perfSONAR Toolkit distribution NO further action is required
>> to protect your host. The summary of the issue is that by default
>> cassandra listens on ports for JMX connections which allows remote
>> execution of java code. Since inclusion of cassandra on the Toolkit
>> last year, the Toolkit has a script that automatically turns these
>> ports off in the cassandra configuration. Furthermore, the default
>> iptables that the Toolkit installs block these ports had anything been
>> listening on them.
>> 
>> 
>> If you are running a standalone esmond instance you need to update and
>> restart cassandra. A few users have installed esmond separately from a
>> Toolkit host as a central measurement archive or similar. If you are
>> one of these users you need to run the following:
>> 
>> 
>> yum update cassandra20
>> /sbin/service cassandra restart
>> 
>> 
>> Note the restart of cassandra, so auto-updates alone aren't enough.
>> Please let us know if you have any questions. 
>> 
>> 
>> Thank you,
>> The perfSONAR Development Team
> 
> -- 
> | Andreas Haupt            | E-Mail: 
> 
> |  DESY Zeuthen            | WWW:    http://www-zeuthen.desy.de/~ahaupt
> |  Platanenallee 6         | Phone:  +49/33762/7-7359
> |  D-15738 Zeuthen         | Fax:    +49/33762/7-7216
> 
>