Site Security and Administration
http://www.gridpp.ac.uk/wiki/SiteSecurity Steve Cobrin
Slide 2
Site Security and Administration Proposing a wiki to be used to
discuss some basic Site Security and SysAdmin issues focusing on
Unix, Unix-like and Unix-derived systems. e.g. Solaris, AIX, HP-UX,
Linux, GNU/Linux, FreeBSD, MacOSX, OpenBSD, etc Will not look at
deploying or using LCG/EGEE middleware
Slide 3
Introduction There are quite a few areas of security and
administration, which don't seem to be discussed enough. Why not?
Old topics (been doing this for > 20 years) Boring Done it! Been
there! Read the book (Practical Unix Security) However if
overlooked Less security Forever reinventing the wheel Less
stability Less quality Poor mentorship So, lets share best
practices!
Slide 4
Initial commissioning of machines (building, configuration,
deployment) Defining the life-cycle / work-flow of machines.
Slide 5
Initial commissioning of machines (building, configuration,
deployment) (continued) Differing type of operating systems Many
different Linux distributions Some centrally administered others
ad-hoc administration Linux and Unix system interoperability
MacOSX
Slide 6
Security Documents Internal Documents: Site Security Policies
Acceptable Use Policies Incident Response Procedures Baseline
Security Documents Local Security Hardening Procedures Standard off
the shelf documents: BSI 7799 /ISO 27001 Standards The Centre for
Internet Security BenchmarksThe Centre for Internet Security
Benchmarks
Slide 7
SysAdmin Procedures Initial build and deployment of systems -
Kickstart, Imaging Documentation - Useful documentation used at
sites Patch Management - e.g. OS Vendor and Distribution patches
up2date yumit/pakiti (http://pakiti.sourceforge.net)pakiti Software
Management - e.g. 3rd party software, compiling from source, etc
Cluster management - for example how you perform kernel updates
across a large cluster
Slide 8
SysAdmin Procedures (continued) Admin methods - how you go
about configuration tasks (e.g. logging in as root, use of SSH
keys, Sudo (http://courtesan.com/sudo)Sudo Managing non-user
accounts Helpdesk Systems - Configuration Management and Change
Control CFengine (http://www.cfengine.org/)CFengine RT
(http://bestpractical.com/rt) and FootprintsRT SubVersion
Slide 9
Security Monitoring & Forensics Logging - Central
Syslogging (syslog-ng) level of error logging for tools like ssh
Network Monitoring Any network tracing or forensics that you
perform (tracing IDs via processes)
Snort(http://www.snort.org/)Snorthttp://www.snort.org/
Sguil(http://sguil.sourceforge.net/)Sguil General Monitoring Nagios
(http://www.nagios.org)Nagios Tripwire
(http://sourceforge.net/projects/tripwire/) & AIDE
(http://sourceforge.net/projects/aide)Tripwire AIDE
Slide 10
Security Monitoring & Forensics (continued) Inventorying
& Auditing - Tests that are performed to check security.
Bastille(http://www.bastille-linux.org/)Bastille
Nessus(http://www.nessus.org/)Nessus
SARA(http://www-arc.com/sara/)SARA Forensics - procedures,
techniques Benchmarking - performance, network Alerts and
Escalation
Slide 11
SysAdmin Training SAGE Job Descriptions
(http://www.sage.org/pubs/8_jobs/)SAGE Job Descriptions Linux
Professional Institute (http://www.lpi.org)Linux Professional
Institute Red Hat Certification
Slide 12
THANK YOU Please visit web site
http://www.gridpp.ac.uk/wiki/SiteSecurity