<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Aug 7, 2017 at 2:17 PM, <span dir="ltr"><<a href="mailto:lemonnierk@ulrar.net" target="_blank">lemonnierk@ulrar.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Mon, Aug 07, 2017 at 10:40:08AM +0200, Arman Khalatyan wrote:<br>
> Interesting problem...<br>
> Did you considered an insider job?( comes to mind <a href="http://verelox.com" rel="noreferrer" target="_blank">http://verelox.com</a><br>
</span>> <<a href="https://t.co/dt1c78VRxA" rel="noreferrer" target="_blank">https://t.co/dt1c78VRxA</a>> recent troubles)<br>
<br>
I would be really really surprised, we are only 5 / 6 with access and as<br>
far as I know no one has a problem with the company.<br>
The last person to leave did so last year, and we revoked everything (I<br>
hope). And I can't think of a reason they'd leave the website of a<br>
hungarian company in there, we contacted them and they think it's one<br>
of their ex-employee trying to cause them problems.<br>
I think we were just unlucky, but I'd really love to confirm how they<br>
did it<br>
<div class="HOEnZb"><div class="h5"><br></div></div></blockquote><div><br></div><div>For any filesystem access through GlusterFS, a successful handshake at the server-side is mandatory.<br><br></div><div>You should have the log of the clients connected to these server machines in brick logs (mostly at /var/log/glusterfs/bricks/*.log), check them for any external IP.<br></div><div><br></div><div>Gluster doesn't provide any extra protection right now, other than what is provided by POSIX standard (ie, user access control). So, if user is 'root' in his machine, and there is no_root_squash option, then technically he can delete all the files in the volume, if he can mount the volume. The major 'authentication' control provided are by IP based authentications.<br><br></div><div>At this time, if your volume didn't had more granular control on 'auth.allow' options, then we can check the log and try to understand which client caused this.<br><br></div><div>Regards,<br></div><div>Amar<br></div><div><br><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">
><br>
> On Mon, Aug 7, 2017 at 3:30 AM, W Kern <<a href="mailto:wkmail@bneit.com">wkmail@bneit.com</a>> wrote:<br>
><br>
> ><br>
> ><br>
> > On 8/6/2017 4:57 PM, <a href="mailto:lemonnierk@ulrar.net">lemonnierk@ulrar.net</a> wrote:<br>
> ><br>
> ><br>
> > Gluster already uses a vlan, the problem is that there is no easy way<br>
> > that I know of to tell gluster not to listen on an interface, and I<br>
> > can't not have a public IP on the server. I really wish ther was a<br>
> > simple "listen only on this IP/interface" option for this<br>
> ><br>
> ><br>
> > What about this?<br>
> ><br>
> > transport.socket.bind-address<br>
> ><br>
> > I know the were some BZs on it with earlier Gluster Versions, so I assume its still there now.<br>
> ><br>
> > -bill<br>
> ><br>
> ><br>
> ><br>
> ><br>
> > ______________________________<wbr>_________________<br>
> > Gluster-users mailing list<br>
> > <a href="mailto:Gluster-users@gluster.org">Gluster-users@gluster.org</a><br>
> > <a href="http://lists.gluster.org/mailman/listinfo/gluster-users" rel="noreferrer" target="_blank">http://lists.gluster.org/<wbr>mailman/listinfo/gluster-users</a><br>
> ><br>
<br>
> ______________________________<wbr>_________________<br>
> Gluster-users mailing list<br>
> <a href="mailto:Gluster-users@gluster.org">Gluster-users@gluster.org</a><br>
> <a href="http://lists.gluster.org/mailman/listinfo/gluster-users" rel="noreferrer" target="_blank">http://lists.gluster.org/<wbr>mailman/listinfo/gluster-users</a><br>
<br>
</div></div><br>______________________________<wbr>_________________<br>
Gluster-users mailing list<br>
<a href="mailto:Gluster-users@gluster.org">Gluster-users@gluster.org</a><br>
<a href="http://lists.gluster.org/mailman/listinfo/gluster-users" rel="noreferrer" target="_blank">http://lists.gluster.org/<wbr>mailman/listinfo/gluster-users</a><br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>Amar Tumballi (amarts)<br></div></div></div></div></div>
</div></div>