Changes between Version 17 and Version 18 of HowTo/ManageCustomImages


Ignore:
Timestamp:
05/15/16 15:25:13 (6 years ago)
Author:
lnevers@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • HowTo/ManageCustomImages

    v17 v18  
    22
    33= Managing GENI Custom Images =
    4 
    5 Users in GENI have the ability to create image snapshots known as "custom images", this feature is available to facilitate the running of experiments, but as is usual with any OS image, there are associated administrative tasks that must take place, such as:
    6  - monitoring security alerts and installing required updates to block security attacks.
     4GENI users have the ability to create image snapshots known as "custom images", this feature is available to facilitate the running of experiments, but as is usual with any OS image there are associated administrative tasks that must take place, such as:
     5 - Monitoring security alerts and installing required updates to block security attacks.
    76 - Cleaning up bad, duplicate, or old images on GENI racks. 
    87
     
    1110== Security Alerts ==
    1211
    13 GENI Custom Image maintainers should subscribe to appropriate security mailing lists, or get alerts for the Operating Systems used to create the custom images. This function was initially owned by the GPO.  The goal is to have different ways that look for a virus once you know it exists, find a resolution and apply it to the appropriate custom image.
     12GENI custom image maintainers should subscribe to appropriate operatings system security mailing lists to get alerts for the OS used to create the custom images.  The goal is to find out about software vulnerabilities, find a resolution and apply the resolution to the appropriate custom image. This administrative function was initially owned by the GPO and it now outlined here for maintainers.
    1413
    1514=== Security Alerts Sources ===
    1615
    17 In GENI there are mostly CentOS or Ubuntu image.  Both have security notices available at:
     16In GENI there are mostly CentOS or Ubuntu custom images. Both of these OS have security notices available at:
    1817
    1918 * Ubuntu security notices:  http://www.ubuntu.com/usn/
     
    3635So how do we confirm that are images are affected if there is no patch immediately available?  There will probably be an article on [https://slashdot.org/ slashdot] or other news outlets.  From there they might link to a vendor's page.
    3736
    38 If you interested in an ongoing Vulnerability that you can reference, see  [https://access.redhat.com/security/vulnerabilities/drown here], where you can click on `diagnose` and download a script download, to see if you are affected, or maybe some mitigation steps.
     37If you interested in an ongoing vulnerability that you can reference, see  [https://access.redhat.com/security/vulnerabilities/drown here], where you can click on `diagnose` and download a script download, to see if you are affected, or maybe some mitigation steps.
    3938
    4039Once you identified a package that is affected, you need to check if you have that package installed and compare it to the affected versions.  Remember there are various factors to consider depending on the bug. Maybe its package specific or perhaps it is OS version specific (CentOS 5 is effected but 6, or Ubuntu 12.04 is affected, but not 14.04). As an example, the libc vulnerability was addressed by different package names. The Ubuntu package is called `libc6`, and the CentOS is called `glibc` and to address the vulnerability the following instructions were given: