SENTINIX

News Release
FOR IMMEDIATE RELEASE

Contact: Bruce Knox
bknox@cox-internet.com

SENTINIX Gives the Boot to Monitoring Woes
      by Bruce Knox and Matthias Rechenburg

SENTINIX gives the boot to monitoring woes by artfully using a collection 
of best of class free software products.  Download the ISO image, burn the 
CD, boot, type om (UP) or omsmp (SMP) to chose an openMosix kernel, and 
type install.

The installation will walk you through formatting the new host's hard drive 
and installing the software. (There is a great HowTo available from the 
project website.)

Reboot the system and it starts with openMosix running and the 
pre-configured network and service monitoring tools are started and working.

Where most CD distributions try to "do it all" or "do only one thing well", 
SENTINIX does just two.

Yes, two.  But let us explain later.  First, some details on SENTINIX.

Michel Blomgren leads the development of SENTINIX (perhaps you new it as 
Compledge Sentinel which was the predecessor of SENTINIX).  Michel said, 
"SENTINIX is a Linux distribution designed for monitoring, auditing, 
intrusion detection, statistics and anti-spam. It is completely free; free 
to use, free to modify and free to distribute."

SENTINIX includes the following software, installed and pre-configured:
Nagios       - Host, service and network monitoring (was 
NetSaint).  http://Nagios.org
Nagat        - Web based Nagios Administration Tool (written in 
PHP).  http://sourceforge.net/projects/nagat/
Snort        - Network Intrusion Detection System.  http://www.snort.org/
SnortCenter  - A web-based client-server management system written for 
Snort.  http://users.pandora.be/larc/
ACID         - Analysis Console for Intrusion Databases 
(ACID).  http://www.cert.org/kb/acid/
Cacti        - Network 
monitoring/graphing.  http://www.raxnet.net/products/cacti/
RRDTool      - Round Robin Database is a system to store and display 
time-series data. 
http://people.ee.ethz.ch/~oetiker/webtools/rrdtool//index.html
Nessus       - Security scanner software which will audit remotely a given 
network.  http://www.nessus.org/
Postfix      - Fast, easy to administer, and secure, sendmail 
alternative.  http://www.postfix.org/
MailScanner  - Anti-Virus and Anti-Spam e-mail 
Filter.  http://www.sng.ecs.soton.ac.uk/mailscanner/
SpamAssassin - A mail filter to identify spam.  http://spamassassin.org/
plus MySQL, Apache, PHP, Perl, Python, openMosix, and more.

OK, that is a great collection, but this is on openMosix.  Why is mail 
coming into the cluster?  That is so different from the typical openMosix 
HPC cluster I had to ask:

  bknox:  "Michel, I know Nagios needs mail to send e-mail notices, but why 
are you putting a full mail system inside the cluster?"

michel:  "Not inside a cluster; SENTINIX is the cluster!"

          "As a sysadmin I have frequently seen the need to add more 
processing power as e-mail traffic increases.  The e-mail server is 
suddenly overloaded and a solution is needed immediately.  With the typical 
system design, this is never easy, it is always tedious and expensive, and 
it generally causes down time. So, you follow a period of poor system 
performance by one of system outage."

          "But SENTINIX is on openMosix.  You add a new computer to the 
network, boot it from the SENTINIX CD, and a node adds itself to the 
Cluster.  In seconds the load is being taken up by the new "temporary" 
machine and the old server is back to running as intended."

  bknox:  "So, you are just using the built-in load leveling of openMosix 
with these standard e-mail filtering applications?  And the results?"

michel:  "That's right, SpamAssassin and MailScanner are processing 
intensive, use modest IO, and the e-mail handling generates several forked 
processes.  We thought that this would be great fit for openMosix and it is."

  bknox:  "OK, I know the theory.  Processes automatically move to the 
available resources.  But, the proof is in the results.  What kind of test 
results have you seen?"

michel:  "My tests are not rigorous or scientific, but sending a huge 
number of e-mails to a dual-processor (SMP) SENTINIX node plus one 
additional openMosix node will generally lower the workload on the 
dual-processor system and also finish the last e-mail more quickly (20-25% 
faster with no tuning or special consideration given to the cluster).  I 
will share the details."

  bknox:  "SENTINIX is also monitoring the processors and services that can 
be seen on the network ,but openMosix HPC clusters are typically well 
hidden behind a firewall.  What if you move SENTINIX inside that HPC 
cluster?"

michel:  "Sendmail was originally in the distro to handle outbound e-mail 
(Nagios alerts primarily). Then I choose Postfix instead and put 
MailScanner+SpamAssassin on top of that. With Nagios, you'll need an MTA 
otherwise Nagios won't send any alerts (unless one configures 'nail' to use 
SMTP only).  But, the MailScanner+SpamAssassin suite should only be used if 
one intends to use the box as an e-mail gateway/proxy to filter out spam 
and e-mail viruses, otherwise, running Postfix alone will be sufficient to 
handle Nagios alerts and outbound e-mail.  So, running inside an HPC 
cluster you just stop MailScanner and SpamAssassin."

  bknox:  "Matt, SENTINIX appears to compliment the type of monitoring done 
by your openMosixview?"

   matt:  "I just tested it {SENTINIX 1 BETA 01} . . . and I love 
it.  SENTINIX is VERY easy to install and if you have some cluster-nodes 
fitting to the running openMosix kernel 2.4.22-openMosix-1, it is the BEST 
for monitoring those nodes."

michel:  "I just re-ran my SENTINIX cluster test watching openMosixview 
display the process migration.  I found that extremely useful; exactly what 
I needed."

michel:  "In the SENTINIX 0.70.5 (beta 2) I have downgraded Linux from 
2.4.22 to 2.4.21.  Also, Beta 2 is now able to boot the 'omsmp' kernel from 
the CD, modprobe a NIC and configure eth0 using DHCP, then starting 
omdiscd, so one should be able to boot diskless nodes to add them to a 
SENTINIX cluster from the same installation CD. Stay tuned!"

Michel is looking for a few talented volunteers including beta testers, 
programmers, anti-spam specialists and Linux distribution experts.

Michel Blomgren is SENTINIX Project Manager http://sentinix.org mirror site 
at http://sentinix.34hack.net/

Download mirrors at http://sentinix.org/downloads.html or 
http://sentinix.34hack.net/downloads.html

Matthias Rechenburg is an openMosix developer and is the creator of 
openMosixview, a cluster-management GUI for openMosix-clusters. 
http://www.openmosixview.com/

Bruce Knox maintains the openMosix.org website including the openMosix 
Community webpage which now includes SENTINIX. 
http://openmosix.sourceforge.net/community.html  The information above is 
edited from e-mails, mostly from questions used to clarify where SENTINIX 
fits into the openMosix Community.  While this is not intended to be a 
transcript, it does fairly represent the conversations.

bknox:  "I set out to present a convincing argument that SENTINIX does two 
things very well.  I think I have shown that it does both Network 
Monitoring and Filtering very well.  But then, SENTINIX can also monitor an 
openMosix cluster, so maybe it is actually three?"

openMosix is Copyright (c) 2002, 2003 by Moshe Bar.
http://www.openmosix.org

openMosix is a Linux kernel extension for single-system image (SSI) 
clustering that allows building a cluster from ordinary networked 
computers.  Applications benefit without modification specifically for 
openMosix.
###