Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Pakiti.

Published byAngelina Moore Modified over 9 years ago

Similar presentations

Presentation on theme: "Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Pakiti."— Presentation transcript:

1 www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Pakiti

2 www.egi.eu EGI-InSPIRE RI-261323 Pakiti Overview Patch monitoring Unpatched vulnerabilities present severe security threat Client - server architecture In production use by EGI CSIRT Nagios probe against WNs https://pakiti.egi.eu/ Development by EGI CSIRT

3 www.egi.eu EGI-InSPIRE RI-261323 Utilization in EGI

4 www.egi.eu EGI-InSPIRE RI-261323 Excerise Install your own Pakiti server Collect report from a node Identify unpatched vulnerabilities

5 www.egi.eu EGI-InSPIRE RI-261323 Installation steps Installation of server package Configuration of Apache Configuration of MySQL Configuration of Pakiti server Using Pakiti client

6 www.egi.eu EGI-InSPIRE RI-261323 Server package RPM from EGI AppDB 1.rpm --import http://pgp.mit.edu/pks/lookup?op=get&sear ch=0x930D2233A28C25A6 2.wget -O /etc/yum.repos.d/pakiti.repo http://repository.egi.eu/community/software/ pakiti/pakiti2/releases/repofiles/sl-6- i386.repo 3.yum update 4.yum install pakiti2-server

7 www.egi.eu EGI-InSPIRE RI-261323 Apache Configuration Enable https and Pakiti virtual host 1.Remove default https virtual host /etc/httpd/conf.d/ssl.conf 2.Copy Pakiti definition cp /usr/share/doc/pakiti2-server- 2.1.6/pakiti2.apache2 /etc/httpd/conf.d/pakiti2.conf 3.Adapt to your preferred authN system 4.Check firewall configuration

8 www.egi.eu EGI-InSPIRE RI-261323 MySQL Create Pakiti database and MySQL user: 1.CREATE DATABASE pakiti; 2.CREATE USER 'pakiti'@'localhost' IDENTIFIED BY 'really_random_password'; 3.GRANT ALL PRIVILEGES ON pakiti.* to 'pakiti'@'localhost' ; 4.FLUSH PRIVILEGES; Create schema: 1.cd /usr/share/doc/pakiti2-server-2.1.6/ 2.mysql -D pakiti -u pakiti -p < pakiti2.sql

9 www.egi.eu EGI-InSPIRE RI-261323 Pakiti server Update mysql password/username: 1./etc/pakiti2/pakiti2-server.conf Browse to https://server/ and adapt Settings (top right)https://server/ 1.http://www.redhat.com/security/data/oval/co m.redhat.rhsa-2014.xmlhttp://www.redhat.com/security/data/oval/co m.redhat.rhsa-2014.xml 2.Release 4,5,6

10 www.egi.eu EGI-InSPIRE RI-261323 Server configuration

11 www.egi.eu EGI-InSPIRE RI-261323 Putting it together Install Pakiti client 1.yum install pakiti2-client-manual Configure the client /usr/share/doc/pakiti2-client-manual- 2.1.6/pakiti2-client 1.SERVERS="localhost:443“ 2.#CA_PATH="/etc/ssl/certs/" Run the client and check the results

12 www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Central Log Collecting

13 www.egi.eu EGI-InSPIRE RI-261323 Motivation Logs can point to an attack and vector Attackers wipe logs once they have root access Having logs stored locally doesn’t scale A single point where to analyse data Local logs are not trustworthy

14 www.egi.eu EGI-InSPIRE RI-261323 Solutions syslog, former default logging system replaced by rsyslog (syslog clients can send to rsyslog) syslog-ng (OSE and Premium Edition, additional plugins under proprietary license) Commercial solutions splunk (volume based licensing/can get expensive)

15 www.egi.eu EGI-InSPIRE RI-261323 Rsyslog Server Decide whether secure channel is required TLS is supported Decide what directory structure is needed Make sure you have free space on storage Enable monitoring of the server Rsyslog is well documented

16 www.egi.eu EGI-InSPIRE RI-261323 Rsyslog client Decide what message to send out Find out security requirements 1.$DefaultNetstreamDriverCAFile /etc/ssl/certs/AddTrust_External_Root.pem 2.$DefaultNetstreamDriver gtls 3.$ActionSendStreamDriverMode 1 4.$ActionSendStreamDriverAuthMode x509/certvalid # server is NOT authenticated 5.*.* @@(o)147.251.252.199:10514

17 www.egi.eu EGI-InSPIRE RI-261323 Processing Collected Data Usual tools like grep, etc. Files are available from /var/log/remote-hosts More volumes data needs advanced tools Indexing, filtering ElasticSearch, Kibana Processing logs using cloud tools http://home.zcu.cz/~bodik/metasw/esbegitf/

18 www.egi.eu EGI-InSPIRE RI-261323 Kibana

19 www.egi.eu EGI-InSPIRE RI-261323 Excercise Configure your client to log remotely 147.251.252.199 is provided as a VO server Check the log contents Files ssh cf@147.251.252.199cf@147.251.252.199 /var/log/remote-hosts Kibana: http://147.251.252.199/kibana3/index.html#/dash board/file/logstashesb.json

Download ppt "Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Pakiti."

Similar presentations

Pakiti.

Pakiti.
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Chapter 20 Oracle Secure Backup.

Chapter 20 Oracle Secure Backup.
©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
Presented by Mina Haratiannezhadi 1.  publishing, editing and modifying content  maintenance  central interface  manage workflows 2.

Presented by Mina Haratiannezhadi 1.  publishing, editing and modifying content  maintenance  central interface  manage workflows 2.
Voyager Server Security and Monitoring Best practices and tools.

Voyager Server Security and Monitoring Best practices and tools.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.

1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.
Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
NovaBACKUP 10 xSP Technical Training By: Nathan Fouarge

NovaBACKUP 10 xSP Technical Training By: Nathan Fouarge
A crash course in njit’s Afs

A crash course in njit’s Afs
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
This presentation will guide you though the initial stages of installation, through to producing your first report Click your mouse to advance the presentation.

This presentation will guide you though the initial stages of installation, through to producing your first report Click your mouse to advance the presentation.
Va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany.

Va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany.

Similar presentations

Ads by Google