[Bio-linux-dev] Bio-Linux 6 Beta 1 release

Tony Travis a.travis at abdn.ac.uk
Thu May 6 07:06:26 EDT 2010


On 06/05/10 11:24, Tim Booth wrote:
> Hi Tony,
>
>> Re: security, I recommend that you install "fail2ban", and "rkhunter".
>
> I'm not touching fail2ban with a ten foot pole.  Mistyped your password?
> Temporary DNS issue?  Banned forever!!  Some servers here at CEH had it
> on and it was nothing but trouble - banning localhost was a favourite
> trick.  I've yet to see it configured in a way that actually does what
> it is supposed to do.

Hello, Tim.

Well, it's very easy to configure 'fail2ban' to allow logins from 
localhost unconditionally, and systems are unbanned after 10mins by 
default. We've used it on the Beowulf and all our NBX's without any 
problem and it is a serious defence against 'brute-force' attacks. It's 
also recommended by DIT (Directorate of Information Technology) at the 
University of Aberdeen for any Internet-facing servers.

> By default, newly created users cannot log in with ssh, so we hope that
> anyone enabling ssh access on their account will set a decent password.
> I do need to check that this restriction is also honoured by NX.
>
> I'll take a look at rkhunter though I believe it is prone to false
> alarms.  I'll definitely put chkrootkit back on - I think it was
> standard on BL5.

I use both, and I think they are both useful.

>> If the system crashes during a dump, I believe it is just as important
>> to be able to redo any pending disk transactions on a backup drive as
>> it is on a working disk.
>
> If the system crashes during a dump then the latest dump file is
> truncated and useless in any case, and if you're writing other files to
> that drive then you're not using it in the "normal" way, but I'll go
> ahead and change it to ext4 as it makes no odds to me, and as you say it
> will save time if fsck is run.

Not true if it's a small, incremental: I think journalling is good!

More seriously, if you continue to use your existing dump script, and 
you have a problem during your weekly level 0 dump then you've lost 
everything except your last level 9. I can't live with that, which is 
why I modified your backup script to use an ETOH dump schedule.

My version does quarterly base-line level 0 dumps, and two separate TOH 
rotations of weekly and daily incremental dumps. It's based on the ETOH 
scheme from: Preston, W.C and Skelly, H. (2002), Backups and recovery, 
USENIX/SAGE, Berkeley. ISBN 1-931971-02-1. pp11-12.

   http://etoh.wopr.net/ex.abstract.html

Bye,

   Tony.
-- 
Dr. A.J.Travis, University of Aberdeen, Rowett Institute of Nutrition
and Health, Greenburn Road, Bucksburn, Aberdeen AB21 9SB, Scotland, UK
tel +44(0)1224 712751, fax +44(0)1224 716687, http://www.rowett.ac.uk
mailto:a.travis at abdn.ac.uk, http://bioinformatics.rri.sari.ac.uk/~ajt
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: backup
URL: <http://www.bioinformatics.org/pipermail/bio-linux-devel/attachments/20100506/4412c6ee/attachment.ksh>


More information about the Bio-linux-devel mailing list