Site Security

and Administration

http://www.gridpp.ac.uk/wiki/SiteSecuritySteve Cobrin  <s.a.cobrin@rl.ac.uk>

Site Security and Administration

• Proposing a wiki to be used to discuss some basic Site Security and SysAdmin issues– focusing on Unix, Unix-like and Unix-derived

systems. e.g. Solaris, AIX, HP-UX, Linux, GNU/Linux, FreeBSD, MacOSX, OpenBSD, etc

• Will not look at deploying or using LCG/EGEE middleware

Introduction

• There are quite a few areas of security and administration, which don't seem to be discussed enough.

• Why not?– Old topics (been doing this for > 20 years)– Boring– Done it! Been there! Read the book (Practical Unix Security)

• However if overlooked– Less security– Forever reinventing the wheel– Less stability– Less quality– Poor mentorship

• So, lets share best practices!

Initial commissioning of machines (building, configuration,

deployment)

• Defining the life-cycle / work-flow of machines.

Initial commissioning of machines (building,

configuration, deployment)(continued)

• Differing type of operating systems – Many different Linux distributions – Some centrally administered others ad-hoc

administration – Linux and Unix system interoperability – MacOSX

Security Documents

• Internal Documents: – Site Security Policies – Acceptable Use Policies – Incident Response Procedures – Baseline Security Documents – Local Security Hardening Procedures

• Standard off the shelf documents: – BSI 7799 /ISO 27001 Standards – The Centre for Internet Security Benchmarks

SysAdmin Procedures

• Initial build and deployment of systems - Kickstart, Imaging

• Documentation - Useful documentation used at sites • Patch Management - e.g. OS Vendor and Distribution

patches – up2date – yumit/pakiti (http://pakiti.sourceforge.net)

• Software Management - e.g. 3rd party software, compiling from source, etc

• Cluster management - for example how you perform kernel updates across a large cluster

SysAdmin Procedures(continued)

• Admin methods - how you go about configuration tasks (e.g. logging in as root, use of SSH keys, Sudo (http://courtesan.com/sudo)

• Managing non-user accounts • Helpdesk Systems - • Configuration Management and Change Control

– CFengine (http://www.cfengine.org/) – RT (http://bestpractical.com/rt) and Footprints – SubVersion

Security Monitoring & Forensics

• Logging - – Central Syslogging (syslog-ng)– level of error logging for tools like ssh

• Network Monitoring – Any network tracing or forensics that you perform

(tracing IDs via processes)• Snort (http://www.snort.org/)• Sguil (http://sguil.sourceforge.net/)

• General Monitoring– Nagios (http://www.nagios.org) – Tripwire (http://sourceforge.net/projects/tripwire/) &

AIDE (http://sourceforge.net/projects/aide)

Security Monitoring & Forensics(continued)

• Inventorying & Auditing - – Tests that are performed to check security.

• Bastille (http://www.bastille-linux.org/)• Nessus (http://www.nessus.org/)• SARA (http://www-arc.com/sara/)

• Forensics - procedures, techniques

• Benchmarking - performance, network

• Alerts and Escalation

SysAdmin Training

• SAGE Job Descriptions(http://www.sage.org/pubs/8_jobs/)

• Linux Professional Institute(http://www.lpi.org)

• Red Hat Certification

THANK YOU

• Please visit web site

• http://www.gridpp.ac.uk/wiki/SiteSecurity