wiki:GENIOperationsTrial/GENISecurityCheckPortal

CHK-001-E: GENI Portal Security Checks

This procedure outlines Security Checks for the GENI Portal. This task is currently owned by GPO and is not being transitions, so this page highlights activities rather than step-by-step process.

1.0 GENI Portal Security Check

1.1 Goals of GENI Portal Security Check

The GENI Portal server is located at the GPO, where it undergoes various GMOC security checks. This page captures an outline of security checks activities executed by the GPO team:

  • GPO monitors vulnerabilities feeds for system level packages and:
    • Evaluates potential vulnerabilities that would apply to Portal environment.
    • Priorities vulnerabilities to be installed.
    • Verifies that vulnerability fix is being applied in the GENI Community.
  • GPO monitors system for unusual system and services behavior and investigates as needed.
  • GPO periodically checks logs:
    • /var/log/apache2/error.log
    • /var/log/geni-chapi/chapi.log
    • /var/log/apache2/ch_error.log
    • /var/log/apache2/portal_error.log

The first 3 of the above logs are checked with a script (geni-ch/bin/geni-check-errors). If something looks odd in those 3 logs than the following are reviewed:

  • /var/log/apache2/portal_ssl_access.log
  • /var/log/apache2/ch_ssl_access.log

1.2 Steps for GENI Portal Security Check

No steps are captured in this page, this procedure is not being transitioned.

1.3 GENI Portal Security Check - Pass Criteria

Pass criteria is not being captured because this procedure is not being transitioned.

1.4 GENI Portal Security Check - Fail Criteria and Escalation

Fail criteria is not being captured because this procedure is not being transitioned.

Escalation: GPO

Last modified 9 years ago Last modified on 07/02/15 07:49:19