Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Veritas-bu] bpgp ? OT

2006-08-15 09:11:11
Subject: [Veritas-bu] bpgp ? OT
From: ssesar at mitre.org (Steven L. Sesar)
Date: Tue, 15 Aug 2006 09:11:11 -0400 
I find it amazing that an enterprise product has no secure means of 
remotely installing client software/updates. Yes, one can pretty easily 
hack the install scripts to use scp, but why on Earth should we have to? 
it's a really easy hack for us, who knows why Symantec/Veritas has never 
done it. It really is low-hanging fruit. Last September when I spoke 
with the lead developer for the team that maintains this portion of the 
application, he became red-faced and thought that it would be included 
in 6.1. We'll see........

ida3248b at post.cybercity.dk wrote:
> Hello Dave
>
> There was howto on replacing rsh with ssh on this list at some point, if 
> that's any help.
>
> regards
> Michael
>
> On Tue, 15 Aug 2006 13:00:02 +0100, Clooney, David wrote
>   
>> Thanks for that Ed
>>
>> Pushing out from the master would be ideal, however remote shell is a
>> def no no in this environment.
>> I certainly don't have logins to all the servers for Ftp_to client
>> either.
>>
>> In a fix I'm afraid, like you idea of a template though.
>>
>> Regards
>>
>> Dave
>> -----Original Message-----
>> From: Ed Wilts [mailto:ewilts at ewilts.org] 
>> Sent: 15 August 2006 12:52
>> To: Clooney, David
>> Cc: List Veritas List
>> Subject: Re: [Veritas-bu] bpgp ?
>>
>> On Tue, Aug 15, 2006 at 12:35:03PM +0100, Clooney, David wrote:
>>     
>>> Trying to rollout an upgrade of  x number of solaris clients , the 
>>> problem I have is the SA'a want to simply remove the package and then 
>>> add the new, which will detroy any exclude_lists out there in the 
>>> environment.
>>>       
>> Teach your admins that removing the exclude_lists will be bad for their
>> health :-).  Not only is removing those files bad, but they could wiping
>> out files like NET_BUFFER_SZ, etc.
>>
>>     
>>> I use bpgp quite a bit in secured environments and find very useful 
>>> indeed, albeit I have seen technotes in the past it cause issues I 
>>> have yet to have a prob in the last 4 years.
>>>  
>>> Problem is that you have to know the specific file you are after on 
>>> the client, has anyone incorpated wildcards in some sort of way or 
>>> fashion to bring down say,
>>> exclude* ??
>>>       
>> You could do a restore to each of the new clients...  A restore can use
>> wildcards.  Alternatively, do a bpdir before they upgrade to get the
>> list (including the special files), bpgp to pull the files, and then
>> bpgp after the upgrade to put them back.
>>
>> Personally, I like the restore approach - build up a template which
>> includes all of the special files in your environment plus the 
>> pattern for the exlude files, and as soon as the upgrade is done,
>>  run the restore.
>>
>> I do have to ask though, why don't you just push out the upgrade from
>> the master?   Push outs work very well to Unix boxes...  No work
>> required at all from the admins (so they can't screw it up).
>>
>>         .../Ed
>>
>> --
>> Ed Wilts, Mounds View, MN, USA
>> mailto:ewilts at ewilts.org
>>
>> Notice to recipient:
>> The information in this internet e-mail and any attachments is 
>> confidential and may be privileged. It is intended solely for the 
>> addressee. If you are not the intended addressee please notify the 
>> sender immediately by telephone. If you are not the intended 
>> recipient, any disclosure, copying, distribution or any action taken 
>> or omitted to be taken in reliance on it, is prohibited and may be unlawful.
>>
>> When addressed to external clients any opinions or advice contained 
>> in this internet e-mail are subject to the terms and conditions 
>> expressed in any applicable governing terms of business or client 
>> engagement letter issued by the pertinent Bank of America group entity.
>>
>> If this email originates from the U.K. please note that Bank of 
>> America, N.A., London Branch and Banc of America Securities Limited 
>> are authorised and regulated by the Financial Services Authority.
>>
>> _______________________________________________
>> Veritas-bu maillist  -  Veritas-bu at mailman.eng.auburn.edu
>> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
>>     
>
>
> --
> Cybercity Webhosting (http://www.cybercity.dk)
>
> _______________________________________________
> Veritas-bu maillist  -  Veritas-bu at mailman.eng.auburn.edu
> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
>   


-- 
===================================

   Steven L. Sesar
   Lead Operating Systems Programmer/Analyst
   UNIX Application Services R101
   The MITRE Corporation
   202 Burlington Road - MS K101
   Bedford, MA 01730
   tel: (781) 271-7702
   fax: (781) 271-2600
   mobile: (617) 519-8933
   email: ssesar at mitre.org

=================================== 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
http://mailman.eng.auburn.edu/pipermail/veritas-bu/attachments/20060815/989d6afc/attachment.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Veritas-bu] Is there a similar email forum forLegatoNetworker....I know this is sacra religious, Ciolek, Ken
Next by Date:  [Veritas-bu] Is there a similar email forum for LegatoNetworker....I know this is sacra religious, Jeff Lightner
Previous by Thread:  [Veritas-bu] bpgp ?, ida3248b AT post.cybercity DOT dk
Next by Thread:  [Veritas-bu] bpgp ?, James Pattinson
Indexes:  [Date] [Thread] [Top] [All Lists]