Installation of CERN Intrusion Detection by GD Group
CERN IDS runs on a machine filtering and digesting information from syslog. The standard information is supplemented by a loadable kernel module which monitors network traffic. A digest of the information collected is uploaded by an hourly cron over an ssh connection to a central database controlled by the CERN security team for further analysis.
CERN IDS should be installed on all GD-managed nodes which allow non-GD members interactive access. This will include the obvious case of grid User Interface nodes with all AFS-user access enabled but exclude nodes installed for testing purposes and with only a limited number of users.
Notes: This is ONLY for CERN installations. The netlog rpm is kernel-version dependant and has been rebuilt for the fedora kernel by David Smith.
Manual Installation
IDS requires two rpms: ids and netlog. -
/afs/cern.ch/project/linux/redhat/cern/addon/cc/7.3.2/RPMS/i386/
CERN-CC-ids-2.1-4.i386.rpm
CERN-CC-netlog-1.0-9.i386.rpm <<< use for 2.4.20-30.7.cernsmp kernel
/afs/cern.ch/user/i/ineilson/public/cernids
CERN-CC-netlog-lcg1.0-9.i386.rpm <<< use for 2.4.20-30.7.legacy kernel
Installation Steps:
Email the name and ssh public key of the machine to
lionel.cons@cernNOSPAMPLEASE.ch ( /etc/ssh/ssh_host_key.pub ) with some explanation. It is suggested that if a significant number of machines are deployed then the same ssh-key be used if possible. This is the model used for lxplus at CERN.
Install selected rpms (CERN-CC-ids has dependency on CERN-CC-netlog)
Run the script /usr/local/sbin/ids-configure. There are no parameters.
Reboot is not necessary. IDS can be switched off by running /usr/local/sbin/ids-unconfigure
LCFGng
For LCFGng I have prepared a simple component which just runs the ids-configure script when started. Note that the ssh key exchange in step 1 of the manual installation is still necessary.
/afs/cern.ch/user/i/ineilson/public/cernids
lcg-lcfg-cernids-1.0.0-1.noarch.rpm
lcg-lcfg-cernids-defaults-s1-1.0.0-1.noarch.rpm
| Ian Neilson
| LCG Deployment Group
-- Main.dimou - 19 Aug 2005