[Bug 966577] Re: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper
** Changed in: juju Milestone: 0.7 => 0.8 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju in Ubuntu. https://bugs.launchpad.net/bugs/966577 Title: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/966577/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 966577] Re: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper
** Changed in: juju Milestone: 0.6 => 0.7 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju in Ubuntu. https://bugs.launchpad.net/bugs/966577 Title: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/966577/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 966577] Re: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper
** Description changed: This is a tracking bug for a dependency of the juju MIR (bug #912861). + + In summary: The security of the ZooKeeper on node 0 is critical. Even + with full ACLs this pins all of the security of the local host onto one + set of credentials. Users do not need to access ZooKeeper at all. An + iptables rule must be added as a line of defense against privilege + escalation by requiring that only root owned processes be allowed to + access ZooKeeper. ** Changed in: juju (Ubuntu Precise) Milestone: 0.7 => None ** Changed in: juju (Ubuntu Precise) Status: In Progress => Triaged -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju in Ubuntu. https://bugs.launchpad.net/bugs/966577 Title: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/966577/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 966577] Re: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper
** Changed in: juju (Ubuntu Precise) Status: Triaged => In Progress ** Changed in: juju (Ubuntu Precise) Milestone: precise-updates => 0.7 ** Changed in: juju (Ubuntu Precise) Assignee: (unassigned) => Clint Byrum (clint-fewbar) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju in Ubuntu. https://bugs.launchpad.net/bugs/966577 Title: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/966577/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 966577] Re: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper
** Tags removed: rls-p-tracking ** Tags added: security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju in Ubuntu. https://bugs.launchpad.net/bugs/966577 Title: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/966577/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 966577] Re: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper
** Branch linked: lp:~clint-fewbar/juju/add-egress-zookeeper-protection -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju in Ubuntu. https://bugs.launchpad.net/bugs/966577 Title: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/966577/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 966577] Re: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper
** Changed in: juju Status: Triaged => In Progress ** Changed in: juju Assignee: (unassigned) => Clint Byrum (clint-fewbar) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju in Ubuntu. https://bugs.launchpad.net/bugs/966577 Title: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/966577/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 966577] Re: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper
Note that the suggested fix will be less important once bug #821074 is fixed. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju in Ubuntu. https://bugs.launchpad.net/bugs/966577 Title: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/966577/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 966577] Re: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper
** Changed in: juju (Ubuntu Precise) Milestone: ubuntu-12.04.1 => precise-updates -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju in Ubuntu. https://bugs.launchpad.net/bugs/966577 Title: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/966577/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 966577] Re: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper
** Also affects: juju Importance: Undecided Status: New ** Changed in: juju Status: New => Triaged ** Changed in: juju Importance: Undecided => High ** Changed in: juju Milestone: None => honolulu -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju in Ubuntu. https://bugs.launchpad.net/bugs/966577 Title: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/966577/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 966577] Re: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper
** Changed in: juju (Ubuntu Precise) Milestone: ubuntu-12.04 => ubuntu-12.04.1 ** Changed in: juju (Ubuntu) Milestone: ubuntu-12.04 => None -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju in Ubuntu. https://bugs.launchpad.net/bugs/966577 Title: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/966577/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 966577] Re: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper
** Changed in: juju (Ubuntu Precise) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju in Ubuntu. https://bugs.launchpad.net/bugs/966577 Title: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/966577/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 966577] Re: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper
** Also affects: juju (Ubuntu Precise) Importance: Undecided Status: Triaged -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju in Ubuntu. https://bugs.launchpad.net/bugs/966577 Title: add explicit egress 'owner' rule on non-bootstrapping nodes to require root access to zookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/966577/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs