<html><head></head><body bgcolor="white" lang="EN-US" link="blue" vlink="purple" data-blackberry-caret-color="#00a8df" style="background-color: rgb(255, 255, 255); line-height: initial;"><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">I've worked for two stock exchanges, ‎I've done infosec for several banks and currently work in a mission critical environment where a large portion of my job is infosec and there is a fairly high probability if I can set the time aside that I will get a CISP cert this year. None of my production servers except for my spacewalk servers are in a isolated vlan which has outbound internet access that is only to natted private IPs. Furthermore when I worked for the stock exchanges our satellite servers went through a squid proxy which limited them to specific URI's and virus scanned all traffic. so I really do understand security but again I'm failing to understand the requirement and even so the whole adding a vhost to the spacewalk server is superfluous and in the case of spacewalk may cause problems.</div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br name="BB10" caretmarkerset="INVALID" class="markedForCaretMarkerRemoval"></div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">If some one can give a full explanation of the specific security concerns and requirements I can suggest ‎several ranging from simple to more elaborate methods for handling them which have been tested and follow best practices appropriate to the environment.</div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br name="BB10" caretmarkerset="INVALID" class="markedForCaretMarkerRemoval"></div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">By the way rsync won't work with the spacewalk repos you need to use wget recursively "-r" instead</div> <div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br name="BB10" caretmarkerset="INVALID" class="markedForCaretMarkerRemoval"></div> <div style="font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">Sent from my BlackBerry 10 smartphone.</div> <table width="100%" style="background-color:white;border-spacing:0px;"> <tbody><tr><td colspan="2" style="font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"> <div id="_persistentHeader" style="border-style: solid none none; border-top-color: rgb(181, 196, 223); border-top-width: 1pt; padding: 3pt 0in 0in; font-family: Tahoma, 'BB Alpha Sans', 'Slate Pro'; font-size: 10pt;"> <div><b>From: </b>Brian Kinney</div><div><b>Sent: </b>Monday, January 19, 2015 15:00</div><div><b>To: </b>spacewalk-list@redhat.com</div><div><b>Reply To: </b>spacewalk-list@redhat.com</div><div><b>Subject: </b>Re: [Spacewalk-list] general inquiry about client install/registration</div></div></td></tr></tbody></table><div style="border-style: solid none none; border-top-color: rgb(186, 188, 209); border-top-width: 1pt; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div><br><div id="_originalContent" style="background-color: white;"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="Generator" content="Microsoft Word 15 (filtered medium)"><style></style><div class="WordSection1"><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">I have to agree with Joe here.</span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">I am not overly security paranoid, but I’d plan to lock down the OS deployment/patch services for 90% of the servers in my company too – whether or not I had a gov’t contract to protect. Also, I am not finding this a “complicated solution.” After working for a banking system, this is comparatively trivial. </span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Brian</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span></p><div><div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <a href="mailto:spacewalk-list-bounces@redhat.com">spacewalk-list-bounces@redhat.com</a> [mailto:<a href="mailto:spacewalk-list-bounces@redhat.com">spacewalk-list-bounces@redhat.com</a>] <b>On Behalf Of </b><a href="mailto:prmarino1@gmail.com">prmarino1@gmail.com</a><br><b>Sent:</b> Monday, January 19, 2015 10:49 AM<br><b>To:</b> <a href="mailto:spacewalk-list@redhat.com">spacewalk-list@redhat.com</a>; <a href="mailto:spacewalk-list@redhat.com">spacewalk-list@redhat.com</a><br><b>Subject:</b> Re: [Spacewalk-list] general inquiry about client install/registration</span></p></div></div><p class="MsoNormal"> </p><div><p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#1f497d">Wow you guys do like complicated solutions why not just put the repo in a subdirectory of /pub off the docroot ‎spacewalk doesn't password protect that directly off the webserver for just such uses.</span></p></div><div><p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#1f497d"><br><br></span></p></div><div><p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#1f497d">Just to be clear what repos precisely are you intending to mirror? Server, client, EPEL or what?</span><span style="color:#1f497d"></span></p></div><div><p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#1f497d"> </span></p></div><div><p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#1f497d">Sent from my BlackBerry 10 smartphone.</span></p></div><table class="MsoNormalTable" border="0" cellpadding="0" width="100%" style="width:100.0%;background:white;border-spacing:0px"><tbody><tr><td style="padding:.75pt .75pt .75pt .75pt;font-size:initial;text-align:initial"><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in" id="_persistentHeader"><div><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">From: </span></b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">Joe Belliveau</span></p></div><div><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">Sent: </span></b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">Monday, January 19, 2015 12:38</span></p></div><div><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">To: </span></b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"><a href="mailto:spacewalk-list@redhat.com">spacewalk-list@redhat.com</a></span></p></div><div><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">Reply To: </span></b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"><a href="mailto:spacewalk-list@redhat.com">spacewalk-list@redhat.com</a></span></p></div><div><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">Subject: </span></b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">Re: [Spacewalk-list] general inquiry about client install/registration</span></p></div></div></td></tr></tbody></table><p class="MsoNormal"> </p><div id="_originalContent"><p class="MsoNormal">Also here is another one. if you want to use nfs as well.</p><div><p class="MsoNormal"> </p></div><div><p class="MsoNormal"><a href="http://wiki.centos.org/HowTos/CreateLocalRepos?action=fullsearch&value=linkto:%22HowTos/CreateLocalRepos%22&context=180">http://wiki.centos.org/HowTos/CreateLocalRepos?action=fullsearch&value=linkto%3A%22HowTos/CreateLocalRepos%22&context=180</a></p></div><div><p class="MsoNormal"> </p></div><div><p class="MsoNormal">—Joe</p></div><div><p class="MsoNormal"> </p><div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><div><p class="MsoNormal">On Jan 19, 2015, at 12:18 PM, Brian Kinney <<a href="mailto:brian.kinney@memeo-inc.com">brian.kinney@memeo-inc.com</a>> wrote:</p></div><p class="MsoNormal"> </p><div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Sounds great! Never built a mirror like this. Any suggestions/URLs where a quality example could be found?</span></p></div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span></p><div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Brian</span></p></div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span></p><div><p class="MsoNormal"><span style="font-size:7.5pt;font-family:"Calibri",sans-serif;color:#1f497d">This e-mail is private and may be confidential and is for the intended recipient only. If misdirected, please notify us by telephone and confirm that it has been deleted from your system and any copies destroyed. If you are not the intended recipient you are strictly prohibited from using, printing, copying, distributing or disseminating this e-mail or any information contained in it. We use reasonable measures to virus scan all E-mails leaving UNICOM Global but no warranty is given that this E-mail and any attachments are virus free. You should ensure you have adequate measures in place for your own virus checking.</span></p></div></div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span></p><div><div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in"><div><p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span class="apple-converted-space"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span></span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><a href="mailto:spacewalk-list-bounces@redhat.com"><span style="color:purple">spacewalk-list-bounces@redhat.com</span></a><span class="apple-converted-space"> </span>[mailto:<a href="mailto:spacewalk-list-bounces@redhat.com"><span style="color:purple">spacewalk-list-bounces@redhat.com</span></a>]<span class="apple-converted-space"> </span><b>On Behalf Of<span class="apple-converted-space"> </span></b>Joe Belliveau<br><b>Sent:</b><span class="apple-converted-space"> </span>Monday, January 19, 2015 5:52 AM<br><b>To:</b><span class="apple-converted-space"> </span><a href="mailto:spacewalk-list@redhat.com"><span style="color:purple">spacewalk-list@redhat.com</span></a><br><b>Subject:</b><span class="apple-converted-space"> </span>Re: [Spacewalk-list] general inquiry about client install/registration</span></p></div></div></div><p class="MsoNormal"> </p><div><p class="MsoNormal">This can be done easily.</p></div><div><p class="MsoNormal"> </p></div><div><div><p class="MsoNormal">I mirror the packages to a local apache redirect on the spacewalk server… </p></div></div><div><p class="MsoNormal"> </p></div><div><div><p class="MsoNormal">It can easily be done.</p></div></div><div><p class="MsoNormal"> </p></div><div><div><p class="MsoNormal">—Joe</p></div></div><div><p class="MsoNormal"> </p></div><div><p class="MsoNormal"> </p><div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><div><div><p class="MsoNormal">On Jan 19, 2015, at 8:32 AM, Edsall, William (WJ) <<a href="mailto:WJEdsall@dow.com"><span style="color:purple">WJEdsall@dow.com</span></a>> wrote:</p></div></div><p class="MsoNormal"> </p><div><p class="MsoNormal" style="margin-bottom:5.0pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Hello list,</span></p><p class="MsoNormal" style="margin-bottom:5.0pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Just a general question about clients.<span class="apple-converted-space"> </span></span></p><div style="margin-bottom:5.0pt"><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span></p></div><p class="MsoNormal" style="margin-bottom:5.0pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">One reason for my investigation into satellite/spacewalk is due to network security and lack of internet access to our linux machines. I was surprised when the spacewalk documentation mentioned external yum installs in order to get spacewalk ready; was really hoping this was done 100% internal with the spacewalk server.</span></p><div style="margin-bottom:5.0pt"><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span></p></div><p class="MsoNormal" style="margin-bottom:5.0pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">So my question is – what’s the best practice to move everything internal? Can it be done? Should I look further into the bootstrap procedure?</span></p><div style="margin-bottom:5.0pt"><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span></p></div><div style="margin-bottom:5.0pt"><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span></p></div><div style="margin-bottom:5.0pt"><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span></p></div><p class="MsoNormal" style="margin-bottom:5.0pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Thanks,</span></p><p class="MsoNormal" style="margin-bottom:5.0pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">William</span></p><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> </span></p></div><div><p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">_______________________________________________<br>Spacewalk-list mailing list<br></span><a href="mailto:Spacewalk-list@redhat.com"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:purple">Spacewalk-list@redhat.com</span></a><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><br></span><a href="https://www.redhat.com/mailman/listinfo/spacewalk-list"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:purple">https://www.redhat.com/mailman/listinfo/spacewalk-list</span></a></p></div></div></blockquote></div><p class="MsoNormal"> </p></div><p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">_______________________________________________<br>Spacewalk-list mailing list<br></span><a href="mailto:Spacewalk-list@redhat.com"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:purple">Spacewalk-list@redhat.com</span></a><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><br></span><a href="https://www.redhat.com/mailman/listinfo/spacewalk-list"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:purple">https://www.redhat.com/mailman/listinfo/spacewalk-list</span></a></p></div></blockquote></div><p class="MsoNormal"> </p></div><p class="MsoNormal"><br><br></p></div></div> <br></div><br></body></html>