[Gluster-infra] Putting the netbsd builders in the ansible pool ?

[Michael Scherer]

Hi,

so nbslave70 was used yesterday (7 June) in a reflection attack since
the rpcbind server is listening to the network ( see
http://blog.level3.com/security/a-new-ddos-reflection-attack-portmapper-an-early-warning-to-the-industry/ ). 

I connected to it from rackspace and stopped rpcbind in a hurry after
being paged, but I would like to make sure that the netbsd builders are
a bit more hardened (even if they are already well hardened from what I
did see, even if there is no firewall), as it seems most of them are
also running rpcbind (and sockstat show they are not listening only on
localhost).

Emmanuel, would you be ok if we start to manage them with ansible like
we do for the Centos ones ? 

(I am also in Paris, so I can also come for a meeting if that can be
easier to discuss or me to show what we for the linux builders)

-- 
Michael Scherer
Sysadmin, Community Infrastructure and Platform, OSAS


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://www.gluster.org/pipermail/gluster-infra/attachments/20160608/b65609f1/attachment.sig>