tachtler:virtualisierung_entropien
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
tachtler:virtualisierung_entropien [2016/11/10 16:23] – klaus | tachtler:virtualisierung_entropien [2016/11/10 16:31] (aktuell) – klaus | ||
---|---|---|---|
Zeile 38: | Zeile 38: | ||
< | < | ||
# yum install haveged | # yum install haveged | ||
+ | Loaded plugins: changelog, priorities | ||
+ | base | 3.6 kB | ||
+ | epel | 4.3 kB | ||
+ | extras | ||
+ | icinga-stable-release | ||
+ | updates | ||
+ | 125 packages excluded due to repository priority protections | ||
+ | Resolving Dependencies | ||
+ | --> Running transaction check | ||
+ | ---> Package haveged.x86_64 0: | ||
+ | --> Finished Dependency Resolution | ||
+ | |||
+ | Changes in packages about to be updated: | ||
+ | |||
+ | |||
+ | Dependencies Resolved | ||
+ | |||
+ | ================================================================================ | ||
+ | | ||
+ | ================================================================================ | ||
+ | Installing: | ||
+ | | ||
+ | |||
+ | Transaction Summary | ||
+ | ================================================================================ | ||
+ | Install | ||
+ | |||
+ | Total download size: 61 k | ||
+ | Installed size: 181 k | ||
+ | Is this ok [y/d/N]: y | ||
+ | Downloading packages: | ||
+ | haveged-1.9.1-1.el7.x86_64.rpm | ||
+ | Running transaction check | ||
+ | Running transaction test | ||
+ | Transaction test succeeded | ||
+ | Running transaction | ||
+ | Installing : haveged-1.9.1-1.el7.x86_64 | ||
+ | Verifying | ||
+ | |||
+ | Installed: | ||
+ | haveged.x86_64 0: | ||
+ | |||
+ | Complete! | ||
</ | </ | ||
Zeile 43: | Zeile 86: | ||
< | < | ||
# rpm -qil haveged | # rpm -qil haveged | ||
+ | Name : haveged | ||
+ | Version | ||
+ | Release | ||
+ | Architecture: | ||
+ | Install Date: Thu 10 Nov 2016 04:25:21 PM CET | ||
+ | Group : System Environment/ | ||
+ | Size : 185694 | ||
+ | License | ||
+ | Signature | ||
+ | Source RPM : haveged-1.9.1-1.el7.src.rpm | ||
+ | Build Date : Thu 20 Feb 2014 01:12:49 AM CET | ||
+ | Build Host : buildvm-25.phx2.fedoraproject.org | ||
+ | Relocations : (not relocatable) | ||
+ | Packager | ||
+ | Vendor | ||
+ | URL : http:// | ||
+ | Summary | ||
+ | Description : | ||
+ | A Linux entropy source using the HAVEGE algorithm | ||
+ | |||
+ | Haveged is a user space entropy daemon which is not dependent upon the | ||
+ | standard mechanisms for harvesting randomness for the system entropy | ||
+ | pool. This is important in systems with high entropy needs or limited | ||
+ | user interaction (e.g. headless servers). | ||
+ | |||
+ | Haveged uses HAVEGE (HArdware Volatile Entropy Gathering and Expansion) | ||
+ | to maintain a 1M pool of random bytes used to fill /dev/random | ||
+ | whenever the supply of random bits in /dev/random falls below the low | ||
+ | water mark of the device. The principle inputs to haveged are the | ||
+ | sizes of the processor instruction and data caches used to setup the | ||
+ | HAVEGE collector. The haveged default is a 4kb data cache and a 16kb | ||
+ | instruction cache. On machines with a cpuid instruction, | ||
+ | attempt to select appropriate values from internal tables. | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
</ | </ | ||
Zeile 50: | Zeile 137: | ||
< | < | ||
# systemctl enable haveged | # systemctl enable haveged | ||
+ | Created symlink from / | ||
+ | / | ||
</ | </ | ||
Zeile 55: | Zeile 144: | ||
< | < | ||
# systemctl list-unit-files --type=service | grep -e haveged | # systemctl list-unit-files --type=service | grep -e haveged | ||
+ | haveged.service | ||
</ | </ | ||
bzw. | bzw. | ||
Zeile 62: | Zeile 152: | ||
</ | </ | ||
- | ==== Erster Start SPF ==== | + | ==== Erster Start haveged |
Um den [[http:// | Um den [[http:// | ||
Zeile 72: | Zeile 162: | ||
< | < | ||
# systemctl status haveged | # systemctl status haveged | ||
+ | ● haveged.service - Entropy Daemon based on the HAVEGE algorithm | ||
+ | | ||
+ | | ||
+ | Docs: man: | ||
+ | | ||
+ | Main PID: 4400 (haveged) | ||
+ | | ||
+ | | ||
+ | |||
+ | Nov 10 16:27:25 server20.idmz.tachtler.net systemd[1]: Started Entropy Daemon... | ||
+ | Nov 10 16:27:25 server20.idmz.tachtler.net systemd[1]: Starting Entropy Daemo... | ||
+ | Nov 10 16:27:26 server20.idmz.tachtler.net haveged[4400]: | ||
+ | Nov 10 16:27:26 server20.idmz.tachtler.net haveged[4400]: | ||
+ | Nov 10 16:27:26 server20.idmz.tachtler.net haveged[4400]: | ||
+ | Nov 10 16:27:26 server20.idmz.tachtler.net haveged[4400]: | ||
+ | Hint: Some lines were ellipsized, use -l to show in full. | ||
</ | </ | ||
Zeile 77: | Zeile 183: | ||
< | < | ||
# ps aux | grep haveged | # ps aux | grep haveged | ||
+ | root 4400 0.8 0.3 12288 3860 ? Ss | ||
+ | root 4492 0.0 0.0 112648 | ||
+ | </ | ||
+ | ===== Überprüfung Entropien ===== | ||
+ | |||
+ | Vor der Installation von [[http:// | ||
+ | |||
+ | Nachfolgender Befehl gibt die aktuell verfügbaren Entropien **__VOR__** der Instalaltion von [[http:// | ||
+ | < | ||
+ | # cat / | ||
+ | 183 | ||
+ | </ | ||
+ | |||
+ | |||
+ | :!: **HINWEIS** - **Ein Wert zwischen 0 und 200 ist bedenklich!** | ||
+ | |||
+ | Nachfolgender Befehl gibt die aktuell verfügbaren Entropien **__NACH__** der Instalaltion von [[http:// | ||
+ | < | ||
+ | # cat / | ||
+ | 2263 | ||
</ | </ | ||
tachtler/virtualisierung_entropien.1478791403.txt.gz · Zuletzt geändert: 2016/11/10 16:23 von klaus