Difference between revisions of "WI07 Security Vulnerability handling"
Jump to navigation
Jump to search
(Explicitely mention EGI Operations at some places) |
m (Add some links, rewording.) |
||
Line 6: | Line 6: | ||
The main idea behind this handling is to make sure that sites are aware of the issue and working on it. | The main idea behind this handling is to make sure that sites are aware of the issue and working on it. | ||
Usually, sites that are showing good intention are not penalized even if the progress is not strictly within the procedure: [[SEC03_EGI-CSIRT_Critical_Vulnerability_Handling|SEC03]]. | |||
{| align="center" cellspacing="0" cellpadding="5" border="1" | {| align="center" cellspacing="0" cellpadding="5" border="1" | ||
Line 15: | Line 15: | ||
| 1 | | 1 | ||
| [[IRTF]] is responsible for: | | [[IRTF]] is responsible for: | ||
* looking at Pakiti/the | * looking at [https://pakiti.egi.eu/ Pakiti]/the [https://operations-portal.egi.eu/csiDashboard|Security dashboard]. | ||
* looking for false positives | * looking for false positives | ||
* creating new [https://rt.egi.eu/ RT] tickets in the Vulnerability Handling queue with a due date of 3 days. | * creating new [https://rt.egi.eu/ RT] tickets in the Vulnerability Handling queue with a due date of 3 days. | ||
Line 41: | Line 41: | ||
* If it's a simple package/kernel update, EGI Operations check [https://pakiti.egi.eu/ Pakiti]: | * If it's a simple package/kernel update, EGI Operations check [https://pakiti.egi.eu/ Pakiti]: | ||
** If there is a report for the affected node(s) without any vulnerability, thanks and close the ticket | ** If there is a report for the affected node(s) without any vulnerability, thanks and close the ticket | ||
** If the last report for the | ** If the last report for the affected node(s) is still from before the update, ask to run the Pakiti client by following [[EGI_CSIRT:Pakiti_client]]. | ||
*** If the vulnerability then disappear from Pakiti, with or without any other message, close the ticket | *** If the vulnerability then disappear from [https://pakiti.egi.eu/ Pakiti], with or without any other message, close the ticket | ||
|} | |} |
Revision as of 10:27, 4 May 2018
Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
EGI Infrastructure Operations Oversight menu: | Home • | EGI.eu Operations Team • | Regional Operators (ROD) |
Work instruction to handle new Security Vulnerability handling GGUS tickets
The purpose of this page is to provide instructions to the EGI Operations team members on how to handle Security Vulnerability identified by IRTF.
The main idea behind this handling is to make sure that sites are aware of the issue and working on it. Usually, sites that are showing good intention are not penalized even if the progress is not strictly within the procedure: SEC03.
Step | Action |
---|---|
1 | IRTF is responsible for: |
2a | If there is no acknowledgement or answer from the site:
|
2b | If there is an acknowledgement, but no solution announced:
|
3 | After the due date, if there is still no answer/solution announced, EGI Operations suspend the site |
4 | If a solution is said to be deployed:
|