About EGI-CSIRT Security monitoring activities
See the description of the Security Monitoring Group for general description of the activity.
Security monitoring with Nagios
Pakiti is a client-server tool to collect and evaluate data about packages installed on Linux machines, primarily meant to identify vulnerable SW that have not been properly updated. The EGI CSIRT operates the EGI Pakiti instance that is used to monitor the state of the EGI sites.
A site can also choose to install its own Pakiti instance. There is a documentation guide available from the Pakiti homepage that describes the steps needed to deploy the server and clients. The Nagios probes used to launch the Pakiti client in the EGI are also available. Note, the Pakiti distribution available at the moment doesn't support all the features supported by the EGI instance of Pakiti, nevertheless it is fully working and can be used to monitor the site status.
Currently we are working on the new version of the Pakiti v3, more information is available here.
How to get client?
Visit https://pakiti.egi.eu, click the "Sites" link and then click the "Download" button next to your site entry. On the next page you can view details and download the package.
You can also download the client directly from the worker node. Replace SITE_NAME with the name of your site (use exactly the same name as is on the Pakiti web pages), otherwise you won't be able to see results on the Pakiti web pages.
wget --ca-directory=/etc/grid-security/certificates -O pakiti-client-egi.tar 'https://pakiti.egi.eu/client/?site=SITE_NAME'
How to run client?
- Unpack downloaded pakiti-client-egi.tar to the root /.
cd / && tar xf pakiti-client-egi.tar
- Restart Cron daemon. Pakiti client will be lunched every day.
- You can manually run the client by executing:
- Look at the https://pakiti.egi.eu, if the host is there.
- Deploy the Pakiti client on all nodes which should be monitored.
Everytime the Pakiti client is executed it sends data to the Pakiti server where the data are immediately processed. The host reports are purged every day, so if the site should be monitored continuously Pakiti client has to be executed every day. It's good to spread execution of the Pakiti client in time to not overload the Pakiti server. Pakiti server updates its internal database of vulnerabilities once a day.