Site Security

1. Site Security and Administration http://www.gridpp.ac.uk/wiki/SiteSecurity Steve Cobrin  <s.a.cobrin@rl.ac.uk>

2. Site Security and Administration • Proposing a wiki to be used to discuss some basic Site Security and SysAdmin issues • focusing on Unix, Unix-like and Unix-derived systems. e.g. Solaris, AIX, HP-UX, Linux, GNU/Linux, FreeBSD, MacOSX, OpenBSD, etc • Will not look at deploying or using LCG/EGEE middleware

3. Introduction • There are quite a few areas of security and administration, which don't seem to be discussed enough. • Why not? • Old topics (been doing this for > 20 years) • Boring • Done it! Been there! Read the book (Practical Unix Security) • However if overlooked • Less security • Forever reinventing the wheel • Less stability • Less quality • Poor mentorship • So, lets share best practices!

4. Initial commissioning of machines (building, configuration, deployment) • Defining the life-cycle / work-flow of machines.

5. Initial commissioning of machines (building, configuration, deployment)(continued) • Differing type of operating systems • Many different Linux distributions • Some centrally administered others ad-hoc administration • Linux and Unix system interoperability • MacOSX

6. Security Documents • Internal Documents: • Site Security Policies • Acceptable Use Policies • Incident Response Procedures • Baseline Security Documents • Local Security Hardening Procedures • Standard off the shelf documents: • BSI 7799 /ISO 27001 Standards • The Centre for Internet Security Benchmarks

7. SysAdmin Procedures • Initial build and deployment of systems - Kickstart, Imaging • Documentation - Useful documentation used at sites • Patch Management - e.g. OS Vendor and Distribution patches • up2date • yumit/pakiti (http://pakiti.sourceforge.net) • Software Management - e.g. 3rd party software, compiling from source, etc • Cluster management - for example how you perform kernel updates across a large cluster

8. SysAdmin Procedures(continued) • Admin methods - how you go about configuration tasks (e.g. logging in as root, use of SSH keys, Sudo(http://courtesan.com/sudo) • Managing non-user accounts • Helpdesk Systems - • Configuration Management and Change Control • CFengine (http://www.cfengine.org/) • RT (http://bestpractical.com/rt) and Footprints • SubVersion

9. Security Monitoring & Forensics • Logging - • Central Syslogging (syslog-ng) • level of error logging for tools like ssh • Network Monitoring • Any network tracing or forensics that you perform (tracing IDs via processes) • Snort (http://www.snort.org/) • Sguil (http://sguil.sourceforge.net/) • General Monitoring • Nagios(http://www.nagios.org) • Tripwire(http://sourceforge.net/projects/tripwire/) &AIDE(http://sourceforge.net/projects/aide)

10. Security Monitoring & Forensics(continued) • Inventorying & Auditing - • Tests that are performed to check security. • Bastille (http://www.bastille-linux.org/) • Nessus (http://www.nessus.org/) • SARA (http://www-arc.com/sara/) • Forensics - procedures, techniques • Benchmarking - performance, network • Alerts and Escalation

11. SysAdmin Training • SAGE Job Descriptions(http://www.sage.org/pubs/8_jobs/) • Linux Professional Institute(http://www.lpi.org) • Red Hat Certification

12. THANK YOU • Please visit web site • http://www.gridpp.ac.uk/wiki/SiteSecurity