Version 5 (modified by 9 years ago) (diff) | ,
---|
CHK-001-D: GENI Clearinghouse Security Checks
This procedure outlines Security Checks for the GENI Clearinghouse. This task is currently owned by GPO and is not being transitions, so this page highlights activities rather than step-by-step process.
1.0 GENI Clearinghouse Security Check
1.1 Goals of GENI Clearinghouse Security Check
The GENI Clearinghouse server is located at the GPO, where it undergoes various GMOC security checks. This page captures an outline of security checks activities executed by the GPO team:
- GPO monitors vulnerabilities feeds for system level packages and:
- Evaluates potential vulnerabilities that would apply to Clearinghouse environment.
- Priorities vulnerabilities to be installed.
- Verifies that vulnerability fix is being applied in the GENI Community.
- GPO monitors system for unusual system and services behavior and investigates as needed.
- GPO periodically checks logs:
- /var/log/apache2/error.log
- /var/log/geni-chapi/chapi.log
- /var/log/apache2/ch_error.log
- /var/log/apache2/portal_error.log
The first 3 of the above logs are checked with a script (geni-ch/bin/geni-check-errors). If something looks odd in those 3 logs than the following are reviewed:
- /var/log/apache2/portal_ssl_access.log
- /var/log/apache2/ch_ssl_access.log
1.2 Steps for GENI Clearinghouse Security Check
No steps are captured in this page, this procedure is not being transitioned.
1.3 GENI Clearinghouse Security Check - Pass Criteria
Pass criteria is not being captured because this procedure is not being transitioned.
1.4 GENI Clearinghouse Security Check - Fail Criteria and Escalation
Fail criteria is not being captured because this procedure is not being transitioned.
Escalation: GPO