Version 5 (modified by 9 years ago) (diff) | ,
---|
CHK-001-E: GENI Portal Security Checks
This procedure outlines Security Checks for the GENI Portal. This task is currently owned by GPO and is not being transitions, so this page highlights activities rather than step-by-step process.
1.0 GENI Portal Security Check
1.1 Goals of GENI Portal Security Check
The GENI Portal server is located at the GPO, where it undergoes various GMOC security checks. This page captures an outline of security checks activities executed by the GPO team:
- GPO monitors vulnerabilities feeds for system level packages and:
- Evaluates potential vulnerabilities that would apply to Portal environment.
- Priorities vulnerabilities to be installed.
- Verifies that vulnerability fix is being applied in the GENI Community.
- GPO monitors system for unusual system and services behavior and investigates as needed.
- GPO periodically checks logs:
- /var/log/apache2/error.log
- /var/log/geni-chapi/chapi.log
- /var/log/apache2/ch_error.log
- /var/log/apache2/portal_error.log
The first 3 of the above logs are checked with a script (geni-ch/bin/geni-check-errors). If something looks odd in those 3 logs than the following are reviewed:
- /var/log/apache2/portal_ssl_access.log
- /var/log/apache2/ch_ssl_access.log
1.2 Steps for GENI Portal Security Check
No steps are captured in this page, this procedure is not being transitioned.
1.3 GENI Portal Security Check - Pass Criteria
Pass criteria is not being captured because this procedure is not being transitioned.
1.4 GENI Portal Security Check - Fail Criteria and Escalation
Fail criteria is not being captured because this procedure is not being transitioned.
Escalation: GPO