perfsonar-user - [perfsonar-user] memcached and firewall rules

Subject: perfSONAR User Q&A and Other Discussion

List archive

[perfsonar-user] memcached and firewall rules

From: Hervey Allen <>
To:
Subject: [perfsonar-user] memcached and firewall rules
Date: Thu, 8 Feb 2018 13:53:38 -0800
Ironport-phdr: 9a23:eKeeChDATg6cI4YE2+r1UyQJP3N1i/DPJgcQr6AfoPdwSPT/rsbcNUDSrc9gkEXOFd2Cra4c0qyO6+jJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fcbglUmTaxe69+IAmrpgjNq8cahpdvJLwswRXTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Xymp4aV2Rx/ykCoJKT43/nzQisJzgqxUrh2uqABwzYPPfIGVLeBzcr/Bcd4UR2dMWNtaWSxbAoO7aosCF+gPMvhCr4njuVQPrQa1CBWoBOPr1DBIgGL90Ko60+s/CwHGwhIvHtIVvXTSt9X1LrsdXfqyzKnSwjXOdvVb0irz5ojPdxAuu/CMXbRofMrX0kkvDR/Kgk+XqYz/MDOY0PkGvWuD7+d4S+6iinIrpgN0rzWsycoglpXFi4cLxl3H9ih13IM4KNK9RUN+YtOoDIZfty+fOoZyX8wuX3tntD4kxrAHpZK2fi0HxZcoyhLDd/CKdpaE7g7+WOqNJDp0mndod6yiiBmp6ketz+7xWdeu31lRqydKicfAu3IR2BHW9MeIV/Vw80On1D2SzQ7c8PtELloxlafDK54u3Lowlp0LvETGBCD2mUH2gLWQdkU/4Oin9/7rYrL8pp+TL4N0iwf+PboymsGnH+g1MxQCUmqe9Om/27Dv4VH1TbBUgvA1kaTVrJXXKMseq6O8AAJZzpss6xi6AjqizdsUgWMIIEpAeB2djojpP1/OIOr/Dfe6m1mskClkx+rYPrL/ApTANX7DkKz7fblh8UJczxAzzd9H65JOFr4BOO7zWlP2tNHAFh82LRa0w+j8CNV60IMRQ3iPDraEMKPJr1CI/PkiI+2NZI8OpDb9MOYp6+TvjX8/hV8SY7Op3Z0JZ3CkAPhqOVuWbmfxgoRJLWBfpgckQvftjlSYFCNIamyaXqQg6ys9BZ78S4rPW9ODmruEiQe2BINbdyhvDlSBFz+8d4ieRfodQCSJOMQnlSYLA+vyA7Q93A2j4Vepg4FsKfDZr3UV
Organization: Network Startup Resource Center

Hi All - Our IT Security group contacted us to say that the memcached
process was open on our perfSONAR Testpoint bundle instance we had
installed.

It is...

Question - I have the perfSONAR default firewall rules in place. This is
running on a CentOS 7 box. What specifically needs to talk to this
service? Is this a service that is installed with Postgres? That's what
I think is happening.

Does Esmond need access to memcache from an archive host? Anything else?
Based on the release notes for 4.0rc3:

"Added memcached support to esmond archiver for tracking metadata
objects already created in order to increase archiver performance"

I think this is the case.

I'm trying to figure out proper strategy for recommending what to do
with the open memcached service.

I believe adding a firewall rule to only allow access to memcached on
the perfSONAR Testpoint Bundle node and from wherever we have Esmond is
what makes sense?

Comments or recommendations are most welcome.

Thank you!

- Hervey

Network Startup Resource Center
https://nsrc.org/

[perfsonar-user] memcached and firewall rules, Hervey Allen, 02/08/2018
- Re: [perfsonar-user] memcached and firewall rules, Andrew Lake, 02/09/2018
  - Re: [perfsonar-user] memcached and firewall rules, Hervey Allen, 02/09/2018
  - Re: [perfsonar-user] memcached and firewall rules, Stephen Fromm, 02/09/2018
  - Re: [perfsonar-user] memcached and firewall rules, Hervey Allen, 02/09/2018
    - Re: [perfsonar-user] memcached and firewall rules, Andrew Lake, 02/09/2018
      - Re: [perfsonar-user] memcached and firewall rules, Hans Kuhn, 02/09/2018
        
        Re: [perfsonar-user] memcached and firewall rules, Hervey Allen, 02/09/2018
        
        Re: [perfsonar-user] memcached and firewall rules, Andrew Lake, 02/12/2018
        
        Re: [perfsonar-user] memcached and firewall rules, Hervey Allen, 02/12/2018

List archive

[perfsonar-user] memcached and firewall rules