蟲ー逕ー讒倥蟾昜コ墓ァ�<div>蜷�ス�</div><div><br></div><div>縺贋ク冶ゥア縺ォ縺ェ縺」縺ヲ縺翫j縺セ縺吶�ォ伜悄@IVP縺ァ縺吶�</div><div><br></div><div><br></div><div>繧「繝峨ヰ繧、繧ケ繝サ隱ソ譟サ縺ォ諢溯ャ晁�縺励∪縺吶�</div><div><br></div><div>縺溘□莉外S繧ッ繝ェ繝シ繝ウ縺九i蜀榊コヲ繧�j逶エ縺励※縺ソ縺セ縺励◆縲�</div><div><br></div><div><div><span style="color: rgb(0, 0, 0); font-family: 'MS Mincho'; orphans: 2; text-align: -webkit-auto; widows: 2; font-size: medium;"># cloud-setup-management</span></div></div><div><span style="color: rgb(0, 0, 0); font-family: 'MS Mincho'; orphans: 2; text-align: -webkit-auto; widows: 2; font-size: medium;">縺薙�繧ウ繝槭Φ繝峨r螳溯。後☆繧九∪縺ァ</span></div><div><div><span style="color: rgb(0, 0, 0); font-family: 'MS Mincho'; orphans: 2; text-align: -webkit-auto; widows: 2; font-size: medium;"><br></span></div><div><span style="color: rgb(0, 0, 0); font-family: 'MS Mincho'; orphans: 2; text-align: -webkit-auto; widows: 2; font-size: medium;">/var/log/cloud/management/catalina.out</span></div></div><div>縺薙■繧峨�繝ュ繧ー縺ッ逕滓�縺輔l縺セ縺帙s縺ァ縺励◆縺ョ縺ァ縲�</div><div><br></div><div><div><span style="color: rgb(0, 0, 0); font-family: 'MS Mincho'; orphans: 2; text-align: -webkit-auto; widows: 2; font-size: medium;"># cloud-setup-management</span></div></div><div><div><span style="color: rgb(0, 0, 0); font-family: 'MS Mincho'; orphans: 2; text-align: -webkit-auto; widows: 2; font-size: medium;"># chmod 666 /var/log/cloud/management/catalina.out</span></div></div><div><span style="color: rgb(0, 0, 0); font-family: 'MS Mincho'; font-size: medium; orphans: 2; text-align: -webkit-auto; widows: 2;"># cloud-setup-management</span><br></div><div><div># netstat -nap|grep 8080</div><div>tcp 0 0 :::8080 :::* LISTEN 3403/java</div></div><div><br></div><div>豕・閾ュ縺�〒縺吶′縲∝叙繧頑・縺惹ク願ィ俶焔鬆�〒蝗樣∩縺悟庄閭ス縺ァ縺励◆縲�</div><div>繝ヲ繝シ繧カ繝シ/繧ー繝ォ繝シ繝励↑縺ゥ繧�"cloud"縺ォ螟画峩縺励※繧0K縺九→諤昴>縺セ縺吶�</div><div><br></div><div>莉・荳翫∝叙繧頑・縺主セ。遉シ縺ィ縺泌�ア蜻顔筏縺嶺ク翫£縺セ縺吶�</div><div><br></div><div><br>2013蟷エ6譛�3譌・譛域屆譌・ 18譎�48蛻�03遘� UTC+9 Hiroaki KAWAI:<blockquote class="gmail_quote" style="margin: 0;margin-left: 0.8ex;border-left: 1px #ccc solid;padding-left: 1ex;">蟾昜コ輔〒縺吶�
<br>
<br>CLOUDSTACK-2758 縺ォ髢「縺励※縺ッ縲∬ф蠑ア諤ァ縺ィ縺励※蝣ア蜻翫&繧後◆
<br>CVE 2013-1976 蟇セ遲悶′ OS 縺ォ蜿肴丐縺輔l縲…loudstack 蛛エ縺�
<br>譛溷セ�@縺ヲ縺�◆繝代�繝溘ャ繧キ繝ァ繝ウ縺ィ逡ー縺ェ繧九h縺�↓縺ェ縺」縺溘�
<br>縺ィ縺�≧縺薙→縺ョ繧医≧縺ァ縺吶�
<br>
<br>
<br>
<br>(2013/06/03 10:55), Kenichi Mineta wrote:
<br>> 鬮伜悄縺輔s
<br>>
<br>> 縺薙s縺ォ縺。縺ッ縲ょウー逕ー縺ィ逕ウ縺励∪縺吶�
<br>> 竊薙�繝舌げ縺ォ蠖薙◆縺」縺ヲ縺�k縺九b縺励l縺セ縺帙s縲�
<br>> <a href="https://issues.apache.org/jira/browse/CLOUDSTACK-2758" target="_blank">https://issues.apache.org/<wbr>jira/browse/CLOUDSTACK-2758</a>
<br>>
<br>> 縺薙%譛霑代�繝舌�繧ク繝ァ繝ウ縺ョ譁ー隕上う繝ウ繧ケ繝医�繝ォ縺ァ�医↑縺懊°��<wbr>catalina.out縺ョ繝代�繝溘ャ繧キ繝ァ繝ウ
<br>> 縺�
<br>> 螟峨↓縺ェ縺」縺ヲ縺�k繧医≧縺ェ縺ョ縺ァ縲�
<br>>
<br>> chmod 777 /usr/share/cloud/management/<wbr>logs/catalina.out
<br>> 縺吶l縺ー蜍輔¥繧医≧縺ァ縺吶�
<br>>
<br>> 蜿り�シ�
<br>> <a href="http://markmail.org/message/lj6eewvb4pcfphke" target="_blank">http://markmail.org/message/<wbr>lj6eewvb4pcfphke</a>
<br>>
<br>>
<br>> 蟲ー逕ー
<br>>
<br>>
<br>> On 2013/06/01 14:58, "闕剃コ募コキ螳�" <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="r4cWhNhDpPUJ">y-a...@cloud.or.jp</a>> wrote:
<br>>
<br>>> 鬮伜悄縺輔∪
<br>>>
<br>>> 縺薙s縺ォ縺。縺ッ縲�CUPA闕剃コ輔〒縺吶�
<br>>> 閾ェ蛻�b Apache CloudStack 4.0.2 縺ッ縺セ縺�隧ヲ縺励※縺ェ縺��縺ァ縺吶′縲�
<br>>> 謇矩��噪縺ォ縺ッ髢馴&縺」縺ヲ縺ェ縺�→諤昴>縺セ縺吶�
<br>>>
<br>>> 蛻�j蛻�¢縺ョ縺溘a縲`anagment Server縺ォ縺ヲ莉・荳九r螳滓命縺励※縺ソ繧九→
<br>>> 濶ッ縺�°縺ィ諤昴>縺セ縺励◆縲�
<br>>>
<br>>> # tail -f /var/log/cloud/management/<wbr>management-server.log
<br>>>
<br>>> 蛻・繧ソ繝シ繝溘リ繝ォ縺ァ莉・荳九r螳溯。�
<br>>> # service cloud-management status
<br>>> # netstat -anp |grep :8080
<br>>> # service cloud-management start
<br>>> # service cloud-management status
<br>>> # netstat -anp |grep :8080
<br>>>
<br>>> strace 繧貞ョ溯。後@縺ェ縺後i start 縺輔○繧九→縺代▲縺薙≧譛画э鄒ゥ縺ェ諠��ア縺悟叙繧後∪縺吶�
<br>>> # strace -f service cloud-management start
<br>>>
<br>>> 繝�ヵ繧ゥ繝ォ繝医�迥カ諷九〒縺ッ諱舌i縺丞撫鬘後↑縺�→諤昴>縺セ縺吶′
<br>>> ulimit 縺ョ險ュ螳壼、繧ら「コ隱阪@縺ヲ縺翫¥縺ィ濶ッ縺�°繧ゅ〒縺吶�
<br>>> # ulimit -a
<br>>>
<br>>> 縺泌盾閠�↓縺ェ繧後�蟷ク縺�〒縺吶�
<br>>>
<br>>> 2013蟷エ6譛�1譌・ 13:24 takado <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="r4cWhNhDpPUJ">tak...@ivp.co.jp</a>>:
<br>>>> 逧�ァ�
<br>>>>
<br>>>> 鬮伜悄縺ィ逕ウ縺励∪縺吶�
<br>>>> 縺贋ク冶ゥア縺ォ縺ェ縺」縺ヲ縺翫j縺セ縺吶�
<br>>>>
<br>>>> 繝舌�繧ク繝ァ繝ウ4.0.<wbr>2縺ョ繧、繝ウ繧ケ繝医�繝ォ譁ケ豕輔↓縺、縺�※縺疲蕗謗医♀鬘倥>縺�◆縺励∪縺吶�
<br>>>>
<br>>>>
<br>>>> 縲占ウェ蝠丞�螳ケ縲�
<br>>>> 4.0.1縺ァ縺ッ豁」蟶ク縺ォ繧、繝ウ繧ケ繝医�繝ォ縺ァ縺阪※縺�◆WebUI縺�4.<wbr>0.2縺ァ縺ッ襍キ蜍輔@縺セ縺帙s縲�
<br>>>>
<br>>>>
<br>>>> 縲占ゥウ邏ー縲�
<br>>>> 迴セ蝨ィ繝槭ロ繝シ繧ク繝。繝ウ繝医し繝シ繝舌r讒狗ッ峨@縺ヲ縺�※縲�<wbr>繝昴�繝�8080縺碁幕縺九↑縺�憾豕√〒縺吶�
<br>>>> 繝槭ロ繝シ繧ク繝。繝ウ繝医し繝シ繝舌→MySQL繧オ繝シ繝舌�蜷御ク縺ョ繝弱�繝峨〒縺吶�
<br>>>>
<br>>>> 莉・荳九↓繧、繝ウ繧ケ繝医�繝ォ譁ケ豕輔r險倩シ峨>縺溘@縺セ縺吶�
<br>>>>
<br>>>> 笆�OS縺ョ繧、繝ウ繧ケ繝医�繝ォ
<br>>>> CentOS6.3/6.4 64bit縺ォ縺ヲ繝医Λ繧、縲�
<br>>>> 繝代ャ繧ア繝シ繧ク縺ッminimal縺ァ縺励※縺翫j縺セ縺吶�
<br>>>>
<br>>>> 笆�繧、繝ウ繧ケ繝医�繝ォ螳御コ�セ後�蜃ヲ逅�
<br>>>> SELinux繧壇isabled縺ォ螟画峩縲�
<br>>>>
<br>>>> 繝帙せ繝亥錐縺熊QDN縺ァ蠑輔¢繧九h縺�↓螟画峩縲�
<br>>>> # hostname
<br>>>> <a href="http://cs-mgt.co.jp" target="_blank">cs-mgt.co.jp</a>
<br>>>> # hostname -f
<br>>>> <a href="http://cs-mgt.co.jp" target="_blank">cs-mgt.co.jp</a>
<br>>>>
<br>>>> 繝阪ャ繝医Ρ繝シ繧ッ繝槭ロ繝シ繧ク繝」繝シ繧丹FF縺ォ螟画峩縲�
<br>>>>
<br>>>> 笆�繧、繝ウ繧ケ繝医�繝ォ謇矩��
<br>>>> mysql-server.x86_64縺ョ繧、繝ウ繧ケ繝医�繝ォ
<br>>>> my.cnf縺ョ[mysqld]縺ォ荳玖ィ倥r霑ス險�
<br>>>> innodb_rollback_on_timeout=1
<br>>>> innodb_lock_wait_timeout=600
<br>>>> max_connections=350
<br>>>> log-bin=mysql-bin
<br>>>> binlog-format = 'ROW'
<br>>>> bind-address = 0.0.0.0
<br>>>>
<br>>>> 縺昴�蠕稽ysqld繧偵せ繧ソ繝シ繝医@mysql_secure_<wbr>installation縺ァ繝代せ繝ッ繝シ繝峨↑縺ゥ縺ョ險ュ螳壹r縺励∪縺吶�
<br>>>> mysqld縺ョ閾ェ蜍戊オキ蜍輔r險ュ螳壹�
<br>>>>
<br>>>> cloud-client.x86_64縺ョ繧、繝ウ繧ケ繝医�繝ォ
<br>>>> 谺。縺ョyum繝ェ繝昴ず繝医Μ繧定ソス蜉�縺励∪縺吶�
<br>>>> <a href="http://cloudstack.apt-get.eu/rhel/4.0/" target="_blank">http://cloudstack.apt-get.eu/<wbr>rhel/4.0/</a>
<br>>>> 縺昴�蠕軽um縺ァcloud-client.x86_<wbr>64繧偵う繝ウ繧ケ繝医�繝ォ縺励∪縺吶�
<br>>>>
<br>>>> 繝��繧ソ繝吶�繧ケ縺ョ繧サ繝�ヨ繧「繝��
<br>>>> 荳玖ィ倥さ繝槭Φ繝峨r螳溯。後@縺セ縺吶�
<br>>>> # cloud-setup-databases
<br>>>> <a href="javascript:" target="_blank" gdf-obfuscated-mailto="r4cWhNhDpPUJ">cloud:p...@192.168.50.101</a> --deploy-as=root:password
<br>>>>
<br>>>> 繝槭ロ繝シ繧ク繝。繝ウ繝医�髢句ァ�
<br>>>> # cloud-setup-management
<br>>>>
<br>>>> 莉・髯康FS縺ョ險ュ螳壹d繧キ繧ケ繝�ΒVM縺ョ險ュ鄂ョ縺ォ遘サ縺」縺ヲ縺�″縺セ縺吶′縲�
<br>>>> 縺薙�谿オ髫弱〒繝昴�繝�8080縺碁幕縺�※縺�↑縺代l縺ー縺翫°縺励>縺ィ隱崎ュ倥@縺ヲ<wbr>縺�∪縺吶�
<br>>>>
<br>>>>
<br>>>>
<br>>>> 4.0.<wbr>1縺ァ縺ッ縺薙�謇矩��〒蝠城。後↑縺上そ繝�ヨ繧「繝��縺ァ縺阪※縺�◆縺ョ縺ァ縺吶′縲�
<br>>>> 4.0.2縺ァ縺ッ菴輔°荳崎カウ縺後≠繧九�縺ァ縺励g縺�°縲�
<br>>>> 4.0.2縺ョ繧ッ繧、繝�け繧、繝ウ繧ケ繝医�繝ォ繧ャ繧、繝峨r蜿ら�縺励※繧ゅ�<wbr>迚ケ縺ォ逵滓眠縺励>縺薙→縺梧嶌縺九l縺ヲ縺�↑縺�h縺�〒縺吶�
<br>>>>
<br>>>> 縺セ縺溘�/var/log/cloud/<wbr>management驟堺ク九↓縺ッ縺セ縺�繝槭ロ繝シ繧ク繝。繝ウ繝医し繝シ繝舌Ο繧ー縺檎函<wbr>謌舌&繧後※縺翫i縺壹�
<br>>>> catalina.<wbr>out縺ィ縺�≧繝輔ぃ繧、繝ォ縺ォ谺。縺ョ繝ュ繧ー縺悟�縺ヲ縺�∪縺励◆縲�
<br>>>> /usr/sbin/tomcat6: line 30:
<br>>>> /usr/share/cloud/management/<wbr>logs/catalina.out:
<br>>>> Permission denied
<br>>>>
<br>>>> /var/log/cloud/<wbr>setupManagement.<wbr>log縺ォ縺ッ谺。縺ョ蜀�ョケ縺ァ繝ュ繧ー縺瑚誠縺。縺ヲ縺�∪縺吶�
<br>>>> DEBUG:root:execute:hostname -f
<br>>>> DEBUG:root:execute:iptables-<wbr>save|grep INPUT|grep -w 8080
<br>>>> DEBUG:root:Failed to execute:
<br>>>> DEBUG:root:execute:iptables -I INPUT -p tcp -m tcp --dport 8080 -j
<br>>>> ACCEPT
<br>>>> DEBUG:root:execute:iptables-<wbr>save|grep INPUT|grep -w 7080
<br>>>> DEBUG:root:Failed to execute:
<br>>>> DEBUG:root:execute:iptables -I INPUT -p tcp -m tcp --dport 7080 -j
<br>>>> ACCEPT
<br>>>> DEBUG:root:execute:iptables-<wbr>save|grep INPUT|grep -w 8250
<br>>>> DEBUG:root:Failed to execute:
<br>>>> DEBUG:root:execute:iptables -I INPUT -p tcp -m tcp --dport 8250 -j
<br>>>> ACCEPT
<br>>>> DEBUG:root:execute:iptables-<wbr>save|grep INPUT|grep -w 9090
<br>>>> DEBUG:root:Failed to execute:
<br>>>> DEBUG:root:execute:iptables -I INPUT -p tcp -m tcp --dport 9090 -j
<br>>>> ACCEPT
<br>>>> DEBUG:root:execute:iptables-<wbr>save > /etc/sysconfig/iptables
<br>>>> DEBUG:root:execute:service iptables status
<br>>>> DEBUG:root:execute:service iptables status
<br>>>> DEBUG:root:execute:service iptables start
<br>>>> DEBUG:root:execute:rm -f /etc/cloud/management/server.<wbr>xml
<br>>>> DEBUG:root:execute:rm -f /etc/cloud/management/tomcat6.<wbr>conf
<br>>>> DEBUG:root:execute:ln -s /etc/cloud/management/server-<wbr>nonssl.xml
<br>>>> /etc/cloud/management/server.<wbr>xml
<br>>>> DEBUG:root:execute:ln -s /etc/cloud/management/tomcat6-<wbr>nonssl.conf
<br>>>> /etc/cloud/management/tomcat6.<wbr>conf
<br>>>> DEBUG:root:execute:hostname --fqdn
<br>>>> DEBUG:root:execute:mkdir /var/log/cloud-management/
<br>>>> DEBUG:root:execute:service tomcat6 status
<br>>>> DEBUG:root:Failed to execute:tomcat6 is stopped[ OK ]
<br>>>> DEBUG:root:execute:chkconfig --del tomcat6
<br>>>> DEBUG:root:execute:service cloud-management status
<br>>>> DEBUG:root:Failed to execute:cloud-management is stopped
<br>>>> The pid file locates at /var/run/cloud-management.pid and lock file at
<br>>>> /var/lock/subsys/cloud-<wbr>management.
<br>>>> Starting cloud-management will take care of them or you can
<br>>>> manually
<br>>>> clean up.
<br>>>> DEBUG:root:execute:chkconfig --level 2345 cloud-management on
<br>>>> DEBUG:root:execute:service cloud-management status
<br>>>> DEBUG:root:Failed to execute:cloud-management is stopped
<br>>>> The pid file locates at /var/run/cloud-management.pid and lock file at
<br>>>> /var/lock/subsys/cloud-<wbr>management.
<br>>>> Starting cloud-management will take care of them or you can
<br>>>> manually
<br>>>> clean up.
<br>>>> DEBUG:root:execute:service cloud-management start
<br>>>>
<br>>>> 蟲カ蟠取ァ倥�菴懈�縺輔l縺溯ェュ譖ク莨壹�雉�侭縺ァ縲�<wbr>SQL縺ォ繧「繧ッ繧サ繧ケ縺ァ縺阪※縺�↑縺�庄閭ス諤ァ縺後≠繧区葎縺後≠繧翫∪縺励◆縺後�
<br>>>> 繝槭ロ繝シ繧ク繝。繝ウ繝医し繝シ繝舌Ο繧ー縺悟�縺ヲ縺�↑縺�◆繧√�<wbr>蛻、譁ュ縺後〒縺阪↑縺�憾諷九〒縺吶�
<br>>>>
<br>>>> 蝗�縺ソ縺ォtelnet繧ウ繝槭Φ繝峨〒縺ッ縲�<wbr>繝ォ繝シ繝励ヰ繝�け繧「繝峨Ξ繧ケ縺ァ繧り�霄ォ縺ョ繧「繝峨Ξ繧ケ縺ァ繧�3306縺ク縺ョ謗・邯壹′<wbr>謌仙粥縺励※
<br>> 縺�k迥カ諷九〒縺吶�
<br>>>>
<br>>>>
<br>>>> 縺雁ソ吶@縺�→縺薙m諱舌l蜈・繧翫∪縺吶′縲∽ス募穀螳懊@縺上♀鬘倥>縺�◆縺励∪縺吶�
<br>>>>
<br>>>> ______________________________<wbr>_________________
<br>>>> users mailing list
<br>>>> <a href="javascript:" target="_blank" gdf-obfuscated-mailto="r4cWhNhDpPUJ">us...@cloudstack.jp</a>
<br>>>> <a href="http://ml.cloudstack.jp/mailman/listinfo/users" target="_blank">http://ml.cloudstack.jp/<wbr>mailman/listinfo/users</a>
<br>>>
<br>>>
<br>>> --
<br>>> ------------------------------<wbr>--------------
<br>>> 笘�コ句漁謇(髮サ隧ア逡ェ蜿キ)繧堤ァサ霆「縺励∪縺励◆笘�
<br>>> 荳闊ャ遉セ蝗」豕穂ココ繧ッ繝ゥ繧ヲ繝牙茜逕ィ菫�イ讖滓ァ� (CUPA)
<br>>> Cloud Utilization Promotion Agency
<br>>> 莉」陦ィ逅�コ� 闕剃コ� 蠎キ螳�
<br>>> 縲�110-0005
<br>>> 譚ア莠ャ驛ス蜿ー譚ア蛹コ荳企㍽3-10-2荳ュ隘ソ繝薙Ν2F
<br>>> TEL: 03-6803-0134 FAX: 03-6803-2813
<br>>> URL: <a href="http://cloud.or.jp" target="_blank">http://cloud.or.jp</a>
<br>>> EMail: <a href="javascript:" target="_blank" gdf-obfuscated-mailto="r4cWhNhDpPUJ">con...@cloud.or.jp</a>
<br>>> ------------------------------<wbr>--------------
<br>>> ______________________________<wbr>_________________
<br>>> users mailing list
<br>>> <a href="javascript:" target="_blank" gdf-obfuscated-mailto="r4cWhNhDpPUJ">us...@cloudstack.jp</a>
<br>>> <a href="http://ml.cloudstack.jp/mailman/listinfo/users" target="_blank">http://ml.cloudstack.jp/<wbr>mailman/listinfo/users</a>
<br>>
<br>>
<br>> ______________________________<wbr>_________________
<br>> users mailing list
<br>> <a href="javascript:" target="_blank" gdf-obfuscated-mailto="r4cWhNhDpPUJ">us...@cloudstack.jp</a>
<br>> <a href="http://ml.cloudstack.jp/mailman/listinfo/users" target="_blank">http://ml.cloudstack.jp/<wbr>mailman/listinfo/users</a>
<br>>
<br>
<br>______________________________<wbr>_________________
<br>users mailing list
<br><a href="javascript:" target="_blank" gdf-obfuscated-mailto="r4cWhNhDpPUJ">us...@cloudstack.jp</a>
<br><a href="http://ml.cloudstack.jp/mailman/listinfo/users" target="_blank">http://ml.cloudstack.jp/<wbr>mailman/listinfo/users</a>
<br></blockquote></div>