Slide 1

Site Security and Administration http://www.gridpp.ac.uk/wiki/SiteSecurity Steve Cobrin

Slide 2

Site Security and Administration Proposing a wiki to be used to discuss some basic Site Security and SysAdmin issues focusing on Unix, Unix-like and Unix-derived systems. e.g. Solaris, AIX, HP-UX, Linux, GNU/Linux, FreeBSD, MacOSX, OpenBSD, etc Will not look at deploying or using LCG/EGEE middleware

Slide 3

Introduction There are quite a few areas of security and administration, which don't seem to be discussed enough. Why not? Old topics (been doing this for > 20 years) Boring Done it! Been there! Read the book (Practical Unix Security) However if overlooked Less security Forever reinventing the wheel Less stability Less quality Poor mentorship So, lets share best practices!

Slide 4

Initial commissioning of machines (building, configuration, deployment) Defining the life-cycle / work-flow of machines.

Slide 5

Initial commissioning of machines (building, configuration, deployment) (continued) Differing type of operating systems Many different Linux distributions Some centrally administered others ad-hoc administration Linux and Unix system interoperability MacOSX

Slide 6

Security Documents Internal Documents: Site Security Policies Acceptable Use Policies Incident Response Procedures Baseline Security Documents Local Security Hardening Procedures Standard off the shelf documents: BSI 7799 /ISO 27001 Standards The Centre for Internet Security BenchmarksThe Centre for Internet Security Benchmarks

Slide 7

SysAdmin Procedures Initial build and deployment of systems - Kickstart, Imaging Documentation - Useful documentation used at sites Patch Management - e.g. OS Vendor and Distribution patches up2date yumit/pakiti (http://pakiti.sourceforge.net)pakiti Software Management - e.g. 3rd party software, compiling from source, etc Cluster management - for example how you perform kernel updates across a large cluster

Slide 8

SysAdmin Procedures (continued) Admin methods - how you go about configuration tasks (e.g. logging in as root, use of SSH keys, Sudo (http://courtesan.com/sudo)Sudo Managing non-user accounts Helpdesk Systems - Configuration Management and Change Control CFengine (http://www.cfengine.org/)CFengine RT (http://bestpractical.com/rt) and FootprintsRT SubVersion

Slide 9

Security Monitoring & Forensics Logging - Central Syslogging (syslog-ng) level of error logging for tools like ssh Network Monitoring Any network tracing or forensics that you perform (tracing IDs via processes) Snort(http://www.snort.org/)Snorthttp://www.snort.org/ Sguil(http://sguil.sourceforge.net/)Sguil General Monitoring Nagios (http://www.nagios.org)Nagios Tripwire (http://sourceforge.net/projects/tripwire/) & AIDE (http://sourceforge.net/projects/aide)Tripwire AIDE

Slide 10

Security Monitoring & Forensics (continued) Inventorying & Auditing - Tests that are performed to check security. Bastille(http://www.bastille-linux.org/)Bastille Nessus(http://www.nessus.org/)Nessus SARA(http://www-arc.com/sara/)SARA Forensics - procedures, techniques Benchmarking - performance, network Alerts and Escalation

Slide 11

SysAdmin Training SAGE Job Descriptions (http://www.sage.org/pubs/8_jobs/)SAGE Job Descriptions Linux Professional Institute (http://www.lpi.org)Linux Professional Institute Red Hat Certification

Slide 12

THANK YOU Please visit web site http://www.gridpp.ac.uk/wiki/SiteSecurity