Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "EGI CSIRT:Monitoring"

From EGIWiki
Jump to navigation Jump to search
({{From OSCT wiki|http://osct.web.cern.ch/osct/monitoring.html}})
 
 
(22 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{Under construction|Security monitoring}}
{{Egi-csirt-header}}
{{Egi-csirt-header}}
Security monitoring is a key component to security. It may enable the service managers to prevent, detect and contain security incidents. The OSCT contributes to the security monitoring of the EGEE infrastructure by:


* promoting a set of existing monitoring tools as part of its [[EGI_CSIRT:dissemination|dissemination]] activity;
= About EGI-CSIRT Security monitoring activities =
* performing different tests using the [https://twiki.cern.ch/twiki/bin/view/LCG/SAMOverview SAM] framework.


== Security monitoring tools ==
See the description of the [[EGI_CSIRT:SMG|Security Monitoring Group]] for general description of the activity.


The OSCT highly recommends all sites to deploy a coherent set of security monitoring tools. Such a local approach enables the service managers at each sites to perform a detailed level of monitoring to detect possible change of patterns. More details, as well as a list of several useful tools are available as part of our dissemination activity.
= Security monitoring with Nagios =
== SAM Security Monitoring ==


In addition to promoting the use of security monitoring tools, as part of the Grid operations, the OSCT also uses [https://twiki.cern.ch/twiki/bin/view/LCG/SAMOverview SAM] to perform simple security checks at the sites.
* [[EGI_CSIRT:Monitoring:NagiosInstallationGuide|Installation guide for NGI level (security monitoring) Nagios]]


The SAM security tests have significant technical limitations, but they provide a basic form of monitoring at '''all''' the sites.
= Pakiti =


There are several key objectives with the SAM security tests:
[https://github.com/CESNET/pakiti2 Pakiti] is a client-server tool to collect and evaluate data about packages installed on Linux machines, primarily meant to identify vulnerable SW that have not been properly updated. The EGI CSIRT operates the [[EGI_CSIRT:Monitoring:EGIPakiti|EGI Pakiti instance]] that is used to monitor the state of the EGI sites.


* identify weak sites and address possible problems;
Currently we are working on the new version of the Pakiti v3, more information for developers is available [[EGI_CSIRT:Monitoring:Pakitiv3|here]].
* identify common security vulnerabilities and adapt our training material;
* raise awarness at the sites and/or at the VOs during specific security campains.  


Each SAM security test is designed and implemented based on the following practices.
== Pakiti client ==


* Tests are NOT intrusive and DO NOT attempt to circumvent any security mechanism.
=== How to use the service? ===
* Tests are NOT using (or trying to gain access to) any additional privilege on the system.
* Tests are NOT resource-consuming.
* Detailed results are available ONLY to the OSCT.
* Results are transmitted and stored in the encrypted form.


More details about the SAM security tests are available [https://twiki.cern.ch/twiki/bin/view/LCG/SecurityAuditing here].
Pakiti is used by EGI CSIRT and can be used by any EGI site for additional checks. The documentation for client installation [[EGI_CSIRT:Pakiti_client|is available]].
 
{{From OSCT wiki|http://osct.web.cern.ch/osct/monitoring.html}}

Latest revision as of 08:20, 20 July 2015


| Mission | Members | Contacts
| Incident handling | Alerts | Monitoring | Security challenges | Procedures | Dissemination



About EGI-CSIRT Security monitoring activities

See the description of the Security Monitoring Group for general description of the activity.

Security monitoring with Nagios

Pakiti

Pakiti is a client-server tool to collect and evaluate data about packages installed on Linux machines, primarily meant to identify vulnerable SW that have not been properly updated. The EGI CSIRT operates the EGI Pakiti instance that is used to monitor the state of the EGI sites.

Currently we are working on the new version of the Pakiti v3, more information for developers is available here.

Pakiti client

How to use the service?

Pakiti is used by EGI CSIRT and can be used by any EGI site for additional checks. The documentation for client installation is available.