Presentation is loading. Please wait.

Presentation is loading. Please wait.

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 LANL-stor and the Challenges of Evolutionary Development Managing.

Published byBlaze Webster Modified over 8 years ago

Similar presentations

Presentation on theme: "Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 LANL-stor and the Challenges of Evolutionary Development Managing."— Presentation transcript:

1 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 LANL-stor and the Challenges of Evolutionary Development Managing the evolutionary development of a system hardening “script”.

2 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 2 Overview What is LANL-stor. Themes in the evolution of LANL-stor. Origins. Mid-life crisis. Current status. Future directions. Lessons learned

3 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 3 RHEL Security Triangle Red Hat Network Satellite Server (RHUS). Patch management capabilities. LANL ExpressWay Red Hat. Network based installation tool. LANL Security Tool On Red-Hat (STOR). Secure configuration. Configuration compliance reporting

4 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 4 STOR Current version is 4.0. System hardening tool for Red Hat Enterprise Linux. Based on: The Center for Internet Security (RHEL 4 & 5 Benchmarks). The NSA Guide to the Secure Configuration of RHEL 5. The DISA UNIX STIG and Checklist. NIST. MITRE CCE List for RHEL 5. Internal requirements.

5 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 5 STOR - Development Source documents are reviewed for applicability, automation potential, correctness and deployment impact. Field team feedback from previous versions is considered. Informal requirements outline generated (developer use only). New actions are unit tested then integrated into the main program(s). The main program is tested on virtual machines representing all supported versions ( currently 3 - 5). CSD Standards and R&D Team members test during an internal alpha test period.

6 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 6 STOR – Development cont. Internal review meeting held prior to CCB. Change Control Board reviews changes in guidance and program functionality. Makes recommendations. CCB changes are integrated into program. Internal beta test period. Public beta test period. Production.

7 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 7 Themes Evolution in source material (CIS, NIST, NSA, DISA). Evolution in internal requirements. Continuous change in program architecture. Growing complexity: Variances between RHEL versions. Additional features. Special cases.

8 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 8 STOR – Origins Early years (versions 0.1 - 1.12). Simple run once bash script. No customization without altering the script. Intolerant of use on anything but a fresh install. < 2000 lines. Mostly cut and paste from early CIS Benchmark scripts. Very incomplete implementation of CIS Benchmark.

9 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 9 STOR – Origins Growing up (versions 2.x-3.0). More focus on being able to run repeatedly without breakage. More flexible about preserving local configurations. Tuneable via a configuration file. Improved coverage of CIS Benchmark. With config file added optional hardening actions. Undo function. > 6,500 lines by 3.0.

10 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 10 STOR – Origins Mid Life Crisis (v. 3.1). Audit and reporting functions. Support for RHEL 3 - 5. Optional GUI. > 9,300 lines.

11 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 11 STOR – Origins Optional GUI (ver. 3.1).

12 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 12 STOR – Origins Mid-Life Crisis (v. 3.1) Issues. Huge code base of shell code difficult to manage. Lack of advanced data-types and language features limited development process. Performance – Required run time with all features turned on had become very long. Limited ability to integrate main code with GUI. Limited ability to handle errors in a predictable way.

13 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 13 STOR – Current Welcome to 4.0! Completely re-written in Python. More new hardening features. All new GUI. Can now execute single rules for easier debugging and targeted fixes. Initial port cut STOR line count from ~ 9K to ~7K. Current line count ~ 13,600 (9892 core, 3699 GUI).

14 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 14 STOR – Current Why Python? Previous STOR GUI was written in Py-QT. Flexible. Readable. Faster than shell. Speed of development. Batteries included. Easier integration with the GUI layer. Natively object oriented without forcing object oriented development. Good native exception handling capabilities. Native to Red Hat yet available cross-platform

15 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 15 STOR – Origins New GUI

16 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 16 STOR – Origins GUI Configuration Tool

17 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 17 STOR – Origins Online Help

18 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 18 STOR – Future Plans Tighter integration with the GUI without breaking command line function. Extend to cover additional Operating Systems. – Solaris – Ubuntu – Mac? Move to full object oriented development. Develop automated testing harness

19 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 19 Lessons Learned Don't fear the re-write! Take chances, fortune favors those who are in the right place at the right time. Challenge assumptions. Document your code – the sanity you save may be your own. Upfront planning = faster development. Talk to your customers. Don't skimp on testing.

20 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 20 LANL-stor and the Challenges of Evolutionary Development Questions? LANL-stor author: David Kennel Departmental Computing Services Central Services and Development Team dkennel@lanl.gov

Download ppt "Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 LANL-stor and the Challenges of Evolutionary Development Managing."

Similar presentations

Operating-System Structures

Operating-System Structures
FDCC Implementation Efforts at Idaho National Laboratory Justin Hansen NLIT 2009.

FDCC Implementation Efforts at Idaho National Laboratory Justin Hansen NLIT 2009.
SSCLI: The Microsoft Shared Source CLI Implementation Mark Lewin Microsoft Research

SSCLI: The Microsoft Shared Source CLI Implementation Mark Lewin Microsoft Research
The Basic Tools Presented by: Robert E., & Jonathan Chase.

The Basic Tools Presented by: Robert E., & Jonathan Chase.
Executive Overview. PLEASE READ (hidden slide) To deliver this presentation effectively, you need to be familiar with Windows Server 2008 R2 management.

Executive Overview. PLEASE READ (hidden slide) To deliver this presentation effectively, you need to be familiar with Windows Server 2008 R2 management.
PaperCut NG Chris Dance. Copyright © 2006 - PaperCut Software Pty. Ltd. 2 Overview Overview of PaperCut NG Why we offer a Mac Version The story of our.

PaperCut NG Chris Dance. Copyright © PaperCut Software Pty. Ltd. 2 Overview Overview of PaperCut NG Why we offer a Mac Version The story of our.
Linux Basics CS 302. Outline  What is Unix?  What is Linux?  Virtual Machine.

Linux Basics CS 302. Outline  What is Unix?  What is Linux?  Virtual Machine.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Copyright © 2006, SAS Institute Inc. All rights reserved. What Is New in SAS Profitability Management (PrM) 2.1? Authors: Jack Zhang Solution & Version:

Copyright © 2006, SAS Institute Inc. All rights reserved. What Is New in SAS Profitability Management (PrM) 2.1? Authors: Jack Zhang Solution & Version:
I. Pribela, M. Ivanović Neum, 2009. Content Automated assessment Testovid system Test generator Module generators Conclusion.

I. Pribela, M. Ivanović Neum, Content Automated assessment Testovid system Test generator Module generators Conclusion.
STIG Compliance and Remediation with Ansible April 2015.

STIG Compliance and Remediation with Ansible April 2015.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Information Systems in Organizations 3.1.1 Running the Business: Enterprise Systems (ERP)

Information Systems in Organizations Running the Business: Enterprise Systems (ERP)
Testovid - an environment for testing almost any aspect of student assignments I. Pribela, S. Tošić, M. Ivanović, Z. Budimac Risan, September 2007.

Testovid - an environment for testing almost any aspect of student assignments I. Pribela, S. Tošić, M. Ivanović, Z. Budimac Risan, September 2007.
Bring The Best to VeriSign. 2 VM3:Software Engineer –Network Operations Req # : 175,183 Position : Software Engineer - Network Operations Job Description.

Bring The Best to VeriSign. 2 VM3:Software Engineer –Network Operations Req # : 175,183 Position : Software Engineer - Network Operations Job Description.
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.

Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.

1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Lessons Learned: Certification and Accreditation.

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy’s NNSA U N C L A S S I F I E D Lessons Learned: Certification and Accreditation.
A Combat Support Agency Rapid Access Computing Environment (RACE) 17 August 2011 A Combat Support Agency Defense Information Systems Agency.

A Combat Support Agency Rapid Access Computing Environment (RACE) 17 August 2011 A Combat Support Agency Defense Information Systems Agency.
Presentation: SOAP/WS in a distributed object framework, Application Servers & AXIS SOAP.

Presentation: SOAP/WS in a distributed object framework, Application Servers & AXIS SOAP.

Similar presentations

Ads by Google