Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

EGI CSIRT:Monitoring

From EGIWiki
Jump to navigation Jump to search


| Mission | Members | Contacts
| Incident handling | Alerts | Monitoring | Security challenges | Procedures | Dissemination



About EGI-CSIRT Security monitoring activities

See the description of the Security Monitoring Group for general description of the activity.

Security monitoring with Nagios

Pakiti

Pakiti is a client-server tool to collect and evaluate data about packages installed on Linux machines, primarily meant to identify vulnerable SW that have not been properly updated. The EGI CSIRT operates the EGI Pakiti instance that is used to monitor the state of the EGI sites.

Currently we are working on the new version of the Pakiti v3, more information for developers is available here.

Pakiti client

How to use the service?

Pakiti is used by EGI CSIRT and can be used by any EGI site for additional checks. The documentation for client installation is available.

Monitoring process

Everytime the Pakiti client is executed it sends data to the Pakiti server where the data are immediately processed. The host reports are purged every day, so if the site should be monitored continuously Pakiti client has to be executed every day. It's good to spread execution of the Pakiti client in time to not overload the Pakiti server. Pakiti server updates its internal database of vulnerabilities once a day.