Thanks Some more information I could get form logs that again re iterates the fact that There is some configuration that needs to be revised.-- - Logs----> "Broker instance is operating as an open recursive DNS resolver. When a DNS server is set up to allow recursive name resolution publicly, it is considered an open recursive DNS resolver. Open recursive DNS resolvers are susceptible to abuse by third parties and may contribute to Denial-of-Service (DoS) activity against *********************** You can prevent your DNS resolver from being abused by third-parties by 1) keeping the DNS server software up to date, 2) verifying the DNS server's settings don't allow public recursive resolving, and 3) making sure only approved people can access the DNS server (for example, by limiting access with your security groups)." Any pointers on correction action for this ? Shabna -----Original Message----- From: N. Harrison Ripps [mailto:hripps redhat com] Sent: Wednesday, February 19, 2014 7:39 PM To: Madathilthattantav, S. Cc: dev lists openshift redhat com Subject: Re: Strange security issue with Origin Install Hey Shabna-- I'm adding the dev list because I know others have encountered security issues when deploying Origin on AWS. Has anyone else run into this? On Feb 18, 2014, at 23:50, <s madathilthattantav accenture com> <s madathilthattantav accenture com> wrote: > I have set up OpenShift Origin V3 Installation in an aws ec2 Instance(Fedora 19) using oo-install. > > Configuration : > Broker +Broker Support services in one instance > Node in another instance > > The installation looks good and I am able to deploy applications and work with it. > > Issue: > Strangely,I am getting security incident on the Broker instance saying that its been operating an open proxy and environment is compromised etc.. > And I had to shut down this instance. > > More Information: > I have created the security groups by referring this blog : http://cloud-mechanic.blogspot.in/2013/05/openshift-on-aws-ec2-part-3-gettin g-in.html > Also some additional steps required for getting installation working was > > 1. Modify iptables to enable udp port > 2. Since EC2 images are configured to only allow root logins with a key ,Node Instance sshd config was modified to PermitRootLogin and PasswordAuthentication as yes. > 3. On Node Host ,had to modify the IP address of Broker and Node to point to the public ip addresses of Broker and Node host. > 4. On Node host ,Modify the MCollective configuration to point to the ip address of the Broker instead of hostname. > 5. Restart the services that were not running > > > All the other steps were more or less done by the oo-install .As I understand some Installation configuration needs to be reviewed or modified - Any pointers will be greatly appreciated. > I am not able to use the Origin installation due to this security issue.
Description: S/MIME cryptographic signature