Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "EGI CSIRT:Central emergency suspension"

From EGIWiki
Jump to navigation Jump to search
(No difference)

Revision as of 16:28, 18 December 2014

EGI-CSIRT web site EGI-CSIRT Public wiki EGI-CSIRT Contacts EGI-CSIRT Activities EGI-CSIRT Private wiki




This page describe status of implementation of EGI Central emergency suspension infrastructure.


Central emergency suspension procedure

The document describing the central emergency suspension procedure is available at EGI CSIRT Operational Procedure for Compromised Certificates.

Argus Infrastructure Deployment

Argus Deployment

  • Central Argus Instance at CERN
  • NGI Argus Instance: EGI CoreArgus Service Group
    • All NGIs should run a Argus instance
    • NGIs that don't have a Site/RC that uses Argus don't need to run a Argus service
    • NGI Argus instance should be registered in GOC DB with service type emi.ARGUS
    • The NGI-Argus servers have to be configured/maintained carefully. A potential attacker getting privileged access to this system could block all jobs that are submitted to the sites using this NGI-Argus service.
  • Site Argus Instance
    • Sites in the NGIs pull policies from NGI Argus
    • Small sites that don't have the expertise to run a local Argus could use the NGI Argus
    • No Argus site directly uses the central Argus at CERN.
    • Site Argus instance should be registered in GOC DB with service type emi.ARGUS

Non Argus Infrastructures/NGIs/RCs

Argus Monitoring

Argus Support

Support is provided through ARGUS Support unit in GGUS


  1. INFN supports PAP component
    • Could take PDP + PEPd on board if e.g. INDIGO-DataCloud gets approved
  2. NIKHEF supports C clients
    • Used e.g. by gLExec
  3. EGI
    • Release management, staged rollout, deployment
      campaigns
    • 1st and 2nd level support
    • Scale testing with partner sites
      • MW Readiness Validation activity

Potential new partners

  1. CESNET
    • Testing, maybe development
  2. UNICORE
    • Connection via CANL
  3. ARC
    • Client needs fixing

Documentation

Documentation on possible problems and solutions with certain deployment scenarios are in Nikhef wiki, Argus Global Banning Setup Overview

Workplan

Members:

  • Sven Gabriel (EGI CSIRT)
  • Małgorzata Krakowian (EGI Operations)
  • Peter Solagna (EGI Operations)
  • Cristina Aiftimiei (EGI Operations)
  • Emir Imamagic (Monitoring)
  • V. Brillaut (Monitoring probes)



  1. NGI Argus Services are deployed (coordinated by EGI Operations, action on NGIs, ggus tickets opened) DONE
  2. Information of the NGI Argus services is in the appropriate format in goc db (action on goc-db/NGIs, coordinated by EGI Operations)DONE
  3. Monitoring that NGI-Argus services have updated banning information, monitoring results available to EGI-CSIRT for example via security dashboard (coordinated by EGI Operations, action on Nagios Monitoring group) Remark: probe is available from V. Brillaut
  4. Test if ban information propagates to the sites services: CE/SE/WMS (action on EGI-CSIRT)
  5. ?