[[PageOutline(1-2)]] = CHK-001-E: GENI Portal Security Checks = This procedure outlines Security Checks for the GENI Portal. This task is currently owned by GPO and is not being transitions, so this page highlights activities rather than step-by-step process. = 1.0 GENI Portal Security Check = == 1.1 Goals of GENI Portal Security Check == The GENI Portal server is located at the GPO, where it undergoes various GMOC security checks. This page captures an outline of security checks activities executed by the GPO team: - GPO monitors vulnerabilities feeds for system level packages and: * Evaluates potential vulnerabilities that would apply to Clearinghouse environment. * Priorities vulnerabilities to be installed. * Verifies that vulnerability fix is being applied in the GENI Community. - GPO monitors system for unusual system and services behavior and investigates as needed. - GPO periodically checks logs: * /var/log/apache2/error.log * /var/log/geni-chapi/chapi.log * /var/log/apache2/ch_error.log * /var/log/apache2/portal_error.log The first 3 of the above logs are checked with a script (geni-ch/bin/geni-check-errors). If something looks odd in those 3 logs than the following are reviewed: * /var/log/apache2/portal_ssl_access.log * /var/log/apache2/ch_ssl_access.log == 1.2 Steps for GENI Portal Security Check == This sections will clearly define the steps be taken to access and verify the GENI "!Function/Service Name" state. == 1.3 GENI Portal Security Check - Pass Criteria == This sections will clearly define the criteria that to be met in order to deem the GENI "!Function/Service Name" state as functioning properly. == 1.4 GENI Portal Security Check - Fail Criteria and Escalation == This sections will clearly define the failure criteria and the escalation team if the GENI "!Function/Service Name" state is deemed to not be functioning properly. '''__Escalation:__''' ``<>``