Installation of CERN Intrusion Detection by GD Group
CERN IDS runs on a machine filtering and digesting information from syslog. The standard information is supplemented by a loadable kernel module which monitors network traffic. A digest of the information collected is uploaded by an hourly cron over an ssh connection to a central database controlled by the CERN security team for further analysis. CERN IDS should be installed on all GD-managed nodes which allow non-GD members interactive access. This will include the obvious case of grid User Interface nodes with all AFS-user access enabled but exclude nodes installed for testing purposes and with only a limited number of users. Notes: This is ONLY for CERN installations. The netlog rpm is kernel-version dependant and has been rebuilt for the fedora kernel by David Smith. Manual Installation IDS requires two rpms: ids and netlog. - /afs/cern.ch/project/linux/redhat/cern/addon/cc/7.3.2/RPMS/i386/ CERN-CC-ids-2.1-4.i386.rpm CERN-CC-netlog-1.0-9.i386.rpm <<< use for 2.4.20-30.7.cernsmp kernel /afs/cern.ch/user/i/ineilson/public/cernids CERN-CC-netlog-lcg1.0-9.i386.rpm <<< use for 2.4.20-30.7.legacy kernel Installation Steps: Email the name and ssh public key of the machine to lionel.cons@cernNOSPAMPLEASE.ch ( /etc/ssh/ssh_host_key.pub ) with some explanation. It is suggested that if a significant number of machines are deployed then the same ssh-key be used if possible. This is the model used for lxplus at CERN. Install selected rpms (CERN-CC-ids has dependency on CERN-CC-netlog) Run the script /usr/local/sbin/ids-configure. There are no parameters. Reboot is not necessary. IDS can be switched off by running /usr/local/sbin/ids-unconfigure LCFGng For LCFGng I have prepared a simple component which just runs the ids-configure script when started. Note that the ssh key exchange in step 1 of the manual installation is still necessary. /afs/cern.ch/user/i/ineilson/public/cernids lcg-lcfg-cernids-1.0.0-1.noarch.rpm lcg-lcfg-cernids-defaults-s1-1.0.0-1.noarch.rpm | Ian Neilson | LCG Deployment Group -- Main.dimou - 19 Aug 2005
Edit | Attach | Topic revision: r1 - 2005-08-19 - MariaDimou
LCG Wikis
- ABATBEA
- ACPP
- ADCgroup
- AEGIS
- AfricaMap
- AgileInfrastructure
- ALICE
- AliceEbyE
- AliceSPD
- AliceSSD
- AliceTOF
- AliFemto
- ALPHA
- Altair
- ArdaGrid
- ASACUSA
- AthenaFCalTBAna
- Atlas
- AtlasLBNL
- AXIALPET
- CAE
- CALICE
- CDS
- CENF
- CERNSearch
- CLIC
- Cloud
- CloudServices
- CMS
- Controls
- CTA
- CvmFS
- DB
- DefaultWeb
- DESgroup
- DPHEP
- DM-LHC
- DSSGroup
- EGEE
- EgeePtf
- ELFms
- EMI
- ETICS
- FIOgroup
- FlukaTeam
- Frontier
- Gaudi
- GeneratorServices
- GuidesInfo
- HardwareLabs
- HCC
- HEPIX
- ILCBDSColl
- ILCTPC
- IMWG
- Inspire
- IPv6
- IT
- ItCommTeam
- ITCoord
- ITdeptTechForum
- ITDRP
- ITGT
- ITSDC
- LAr
- LCG
- LCGAAWorkbook
- Leade
- LHCAccess
- LHCAtHome
- LHCb
- LHCgas
- LHCONE
- LHCOPN
- LinuxSupport
- Main
- Medipix
- Messaging
- MPGD
- NA49
- NA61
- NA62
- NTOF
- Openlab
- PDBService
- Persistency
- PESgroup
- Plugins
- PSAccess
- PSBUpgrade
- R2Eproject
- RCTF
- RD42
- RFCond12
- RFLowLevel
- ROXIE
- Sandbox
- SocialActivities
- SPI
- SRMDev
- SSM
- Student
- SuperComputing
- Support
- SwfCatalogue
- TMVA
- TOTEM
- TWiki
- UNOSAT
- Virtualization
- VOBox
- WITCH
- XTCA
 |
|
Copyright &© 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback