Changes between Version 17 and Version 18 of HowTo/ManageCustomImages
- Timestamp:
- 05/15/16 15:25:13 (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
HowTo/ManageCustomImages
v17 v18 2 2 3 3 = Managing GENI Custom Images = 4 5 Users in GENI have the ability to create image snapshots known as "custom images", this feature is available to facilitate the running of experiments, but as is usual with any OS image, there are associated administrative tasks that must take place, such as: 6 - monitoring security alerts and installing required updates to block security attacks. 4 GENI users have the ability to create image snapshots known as "custom images", this feature is available to facilitate the running of experiments, but as is usual with any OS image there are associated administrative tasks that must take place, such as: 5 - Monitoring security alerts and installing required updates to block security attacks. 7 6 - Cleaning up bad, duplicate, or old images on GENI racks. 8 7 … … 11 10 == Security Alerts == 12 11 13 GENI Custom Image maintainers should subscribe to appropriate security mailing lists, or get alerts for the Operating Systems used to create the custom images. This function was initially owned by the GPO. The goal is to have different ways that look for a virus once you know it exists, find a resolution and apply it to the appropriate custom image.12 GENI custom image maintainers should subscribe to appropriate operatings system security mailing lists to get alerts for the OS used to create the custom images. The goal is to find out about software vulnerabilities, find a resolution and apply the resolution to the appropriate custom image. This administrative function was initially owned by the GPO and it now outlined here for maintainers. 14 13 15 14 === Security Alerts Sources === 16 15 17 In GENI there are mostly CentOS or Ubuntu image. Bothhave security notices available at:16 In GENI there are mostly CentOS or Ubuntu custom images. Both of these OS have security notices available at: 18 17 19 18 * Ubuntu security notices: http://www.ubuntu.com/usn/ … … 36 35 So how do we confirm that are images are affected if there is no patch immediately available? There will probably be an article on [https://slashdot.org/ slashdot] or other news outlets. From there they might link to a vendor's page. 37 36 38 If you interested in an ongoing Vulnerability that you can reference, see [https://access.redhat.com/security/vulnerabilities/drown here], where you can click on `diagnose` and download a script download, to see if you are affected, or maybe some mitigation steps.37 If you interested in an ongoing vulnerability that you can reference, see [https://access.redhat.com/security/vulnerabilities/drown here], where you can click on `diagnose` and download a script download, to see if you are affected, or maybe some mitigation steps. 39 38 40 39 Once you identified a package that is affected, you need to check if you have that package installed and compare it to the affected versions. Remember there are various factors to consider depending on the bug. Maybe its package specific or perhaps it is OS version specific (CentOS 5 is effected but 6, or Ubuntu 12.04 is affected, but not 14.04). As an example, the libc vulnerability was addressed by different package names. The Ubuntu package is called `libc6`, and the CentOS is called `glibc` and to address the vulnerability the following instructions were given: