[[PageOutline(1-2)]]

= CHK-001-D: GENI Clearinghouse Security Checks =

This procedure outlines Security Checks for the GENI Clearinghouse.  This task is currently owned by GPO and is not being transitions, so this page highlights activities rather than step-by-step process.


= 1.0 GENI Clearinghouse Security Check =

== 1.1 Goals of GENI Clearinghouse Security Check ==

The GENI Clearinghouse server is located at the GPO, where it undergoes various GMOC security checks. This page captures an outline of security checks activities executed by the GPO team: 
 - GPO monitors vulnerabilities feeds for system level packages and:
    * Evaluates potential vulnerabilities that would apply to Clearinghouse environment.
    * Priorities vulnerabilities to be installed.
    * Verifies that vulnerability fix is being applied in the GENI Community.
 - GPO monitors system for unusual system and services behavior and investigates as needed.
 - GPO periodically checks logs:
    * /var/log/apache2/error.log
    * /var/log/geni-chapi/chapi.log
    * /var/log/apache2/ch_error.log
    * /var/log/apache2/portal_error.log

The first 3 of the above logs are checked with a script (geni-ch/bin/geni-check-errors). If something looks odd in those 3 logs than the following are reviewed:
    * /var/log/apache2/portal_ssl_access.log
    * /var/log/apache2/ch_ssl_access.log

== 1.2 Steps for GENI Clearinghouse Security Check ==

No steps are captured in this page, this procedure is not being transitioned. 

== 1.3 GENI Clearinghouse Security Check - Pass Criteria ==

Pass criteria is not being captured because this procedure is not being transitioned.  

== 1.4 GENI Clearinghouse Security Check - Fail Criteria and Escalation ==

Fail criteria is not being captured because this procedure is not being transitioned.  

'''__Escalation:__'''   ``GPO``