EGI CSIRT:Monitoring:EGIPakiti

EGI Pakiti gathers list of installed packages from selected worker nodes from all sites in the EGI using Pakiti client, which is run by the Nagios probe. Pakiti client also reports host name, running kernel and its site name. Because Nagios probes run on randomly selected worker node of the site, Pakiti purges every night reports older than one day.

Pakiti has implemented ACL, so only administrators (members of EGI CSIRT team) can view and change everything in the Pakiti GUI. List of administrators is managed by hand, if you want to be added, write mail to michalp@ics.muni.cz. Site security-officers can only view results regarding their site. List of security-officers is synchronized every night with the GOCDB.

Views

• Sites (default) - list of all monitored sites. List includes site name, country, number of hosts currently stored in the Pakiti DB and statistical data about average and worst number of unpatched packaged according to the security repository and CVEs. View can be filtered by the country. Site name is a link to the detailed view on the hosts from this site.

• Hosts - shows all hosts currently stored in the Pakiti DB. View can be sorted by the tag, host name, time of report, running kernel and OS.

• Hosts by tag - shows hosts, which have installed package vulnerable to the CVE, which was tagged by the EGI CSIRT team. Tags can be EGI-Critical, EGI-High, Critical, Warning. Tags with prefix EGI has impact on the EGI infrastructure. By default the view shows all tags.

• Hosts by package - this view can show all hosts, which have installed particular package. View can be filtered by the site name.

• CVE by site - this view can show all hosts, which have package which is vulnerable to the selected CVE. View can be filtered by host architecture, RedHat release and site name.