wiki:GENIOperationsTrial/GENISecurityCheckClearinghouse

Version 3 (modified by lnevers@bbn.com, 9 years ago) (diff)

--

CHK-001-D: GENI Clearinghouse Security Checks

This procedure outlines Security Checks for the GENI Clearinghouse. This task is currently owned by GPO and is not being transitions, so this page highlights activities rather than step-by-step process.

1.0 GENI Clearinghouse Security Check

1.1 Goals of GENI Clearinghouse Security Check

The GENI Clearinghouse server is located at the GPO, where it undergoes various GMOC security checks. This page captures an outline of security checks activities executed by the GPO team:

  • GPO monitors vulnerabilities feeds for system level packages and:

o Evaluates potential vulnerabilities that would apply to Clearinghouse environment. o Priorities vulnerabilities to be installed. o Verifies that vulnerability fix is being applied in the GENI Community.

  • GPO monitors system for unusual system and services behavior and investigates as needed.
  • GPO periodically checks logs:

o /var/log/apache2/error.log o /var/log/geni-chapi/chapi.log o /var/log/apache2/ch_error.log o /var/log/apache2/portal_error.log

The first 3 of the above logs are checked with a script (geni-ch/bin/geni-check-errors). If something looks odd in those 3 logs than the following are reviewed:

o /var/log/apache2/portal_ssl_access.log o /var/log/apache2/ch_ssl_access.log

1.2 Steps for GENI Clearinghouse Security Check

This sections will clearly define the steps be taken to access and verify the GENI "Function/Service Name" state.

1.3 GENI Clearinghouse Security Check - Pass Criteria

This sections will clearly define the criteria that to be met in order to deem the GENI "Function/Service Name" state as functioning properly.

1.4 GENI Clearinghouse Security Check - Fail Criteria and Escalation

This sections will clearly define the failure criteria and the escalation team if the GENI "Function/Service Name" state is deemed to not be functioning properly.

Escalation: <<Insert escalation team here>>