Presentation is loading. Please wait.

Presentation is loading. Please wait.

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 LANL-stor and the Challenges of Evolutionary Development Managing.

Similar presentations


Presentation on theme: "Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 LANL-stor and the Challenges of Evolutionary Development Managing."— Presentation transcript:

1 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 LANL-stor and the Challenges of Evolutionary Development Managing the evolutionary development of a system hardening “script”.

2 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 2 Overview What is LANL-stor. Themes in the evolution of LANL-stor. Origins. Mid-life crisis. Current status. Future directions. Lessons learned

3 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 3 RHEL Security Triangle Red Hat Network Satellite Server (RHUS). Patch management capabilities. LANL ExpressWay Red Hat. Network based installation tool. LANL Security Tool On Red-Hat (STOR). Secure configuration. Configuration compliance reporting

4 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 4 STOR Current version is 4.0. System hardening tool for Red Hat Enterprise Linux. Based on: The Center for Internet Security (RHEL 4 & 5 Benchmarks). The NSA Guide to the Secure Configuration of RHEL 5. The DISA UNIX STIG and Checklist. NIST. MITRE CCE List for RHEL 5. Internal requirements.

5 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 5 STOR - Development Source documents are reviewed for applicability, automation potential, correctness and deployment impact. Field team feedback from previous versions is considered. Informal requirements outline generated (developer use only). New actions are unit tested then integrated into the main program(s). The main program is tested on virtual machines representing all supported versions ( currently 3 - 5). CSD Standards and R&D Team members test during an internal alpha test period.

6 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 6 STOR – Development cont. Internal review meeting held prior to CCB. Change Control Board reviews changes in guidance and program functionality. Makes recommendations. CCB changes are integrated into program. Internal beta test period. Public beta test period. Production.

7 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 7 Themes Evolution in source material (CIS, NIST, NSA, DISA). Evolution in internal requirements. Continuous change in program architecture. Growing complexity: Variances between RHEL versions. Additional features. Special cases.

8 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 8 STOR – Origins Early years (versions 0.1 - 1.12). Simple run once bash script. No customization without altering the script. Intolerant of use on anything but a fresh install. < 2000 lines. Mostly cut and paste from early CIS Benchmark scripts. Very incomplete implementation of CIS Benchmark.

9 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 9 STOR – Origins Growing up (versions 2.x-3.0). More focus on being able to run repeatedly without breakage. More flexible about preserving local configurations. Tuneable via a configuration file. Improved coverage of CIS Benchmark. With config file added optional hardening actions. Undo function. > 6,500 lines by 3.0.

10 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 10 STOR – Origins Mid Life Crisis (v. 3.1). Audit and reporting functions. Support for RHEL 3 - 5. Optional GUI. > 9,300 lines.

11 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 11 STOR – Origins Optional GUI (ver. 3.1).

12 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 12 STOR – Origins Mid-Life Crisis (v. 3.1) Issues. Huge code base of shell code difficult to manage. Lack of advanced data-types and language features limited development process. Performance – Required run time with all features turned on had become very long. Limited ability to integrate main code with GUI. Limited ability to handle errors in a predictable way.

13 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 13 STOR – Current Welcome to 4.0! Completely re-written in Python. More new hardening features. All new GUI. Can now execute single rules for easier debugging and targeted fixes. Initial port cut STOR line count from ~ 9K to ~7K. Current line count ~ 13,600 (9892 core, 3699 GUI).

14 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 14 STOR – Current Why Python? Previous STOR GUI was written in Py-QT. Flexible. Readable. Faster than shell. Speed of development. Batteries included. Easier integration with the GUI layer. Natively object oriented without forcing object oriented development. Good native exception handling capabilities. Native to Red Hat yet available cross-platform

15 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 15 STOR – Origins New GUI

16 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 16 STOR – Origins GUI Configuration Tool

17 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 17 STOR – Origins Online Help

18 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 18 STOR – Future Plans Tighter integration with the GUI without breaking command line function. Extend to cover additional Operating Systems. – Solaris – Ubuntu – Mac? Move to full object oriented development. Develop automated testing harness

19 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 19 Lessons Learned Don't fear the re-write! Take chances, fortune favors those who are in the right place at the right time. Challenge assumptions. Document your code – the sanity you save may be your own. Upfront planning = faster development. Talk to your customers. Don't skimp on testing.

20 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 20 LANL-stor and the Challenges of Evolutionary Development Questions? LANL-stor author: David Kennel Departmental Computing Services Central Services and Development Team dkennel@lanl.gov


Download ppt "Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 LANL-stor and the Challenges of Evolutionary Development Managing."

Similar presentations


Ads by Google