managing prometheus in a security focused environment
play

Managing Prometheus in a Security-focused Environment Linux - PowerPoint PPT Presentation

Sep 08, 2023 •340 likes •605 views

Managing Prometheus in a Security-focused Environment Linux Monitoring at HUK-COBURG PromCon 2019 | Christian Hoffmann Conways Law? 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 2 Introduction $ cat

  1. Managing Prometheus in a Security-focused Environment Linux Monitoring at HUK-COBURG PromCon 2019 | Christian Hoffmann

  2. Conway‘s Law? 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 2

  3. Introduction $ cat /HUK-COBURG HUK-COBURG  German consumer insurance company  Largest car insurance for consumers in Germany  12 million customers  10.000 employees 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 3

  4. Introduction $ cat /HUK-COBURG/IT IT-related departments HUK-COBURG  800 people  Not a startup, but lots of teams …  Highly regulated 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 4

  5. Introduction $ cat /HUK-COBURG/IT/Linux Linux Platform Development IT-related departments HUK-COBURG …  Internal IaaS provider  900 RHEL servers  Two main data centers 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 5

  6. Introduction $ cat /HUK-COBURG/IT/Linux/Christian Hoffmann Linux Platform Development IT-related departments  One of ten people HUK-COBURG  Joined in 2016 …  Linux & Open Source enthusiast 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 6

  7. Introduction $ cat /HUK-COBURG/IT/Linux/Application owners Linux Platform Development IT-related departments Application owners HUK-COBURG …  About 130 people, running: • Databases • Web servers • … 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 7

  8. Introduction $ cat /HUK-COBURG/IT/Linux/Others Linux Platform Development IT-related departments Application owners HUK-COBURG Operations … … 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 8

  9. Overview Scraping Alerts Monitoring Graphs Integrations 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 9

  10. Scraping Placement of Prometheus Instances  Close to the target  What does close mean? Firewalled zone #40 SMTP? Alertmanager/HTTP? 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 10

  11. Scraping Our setup: One Prometheus per DC DC 1 DC 2 60s 2 4 1.7 M 200 VMs cores series alert rules scrape_interval 20 GiB 1.2 TiB 2 600 1 600 30 k RAM disk file_sd rec rules samples/s 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 11

  12. Scraping Scraping: Securing and unifying metrics access # ps – ef | grep agent root 3474 Nov07 00:30:14 /opt/security-scanner/agent root 7182 Nov07 00:05:03 /opt/hardware-monitoring/agent root 1139 Nov07 83:01:37 /opt/license-management/agent root 4100 Nov07 00:20:00 /opt/config-management/agent root 9983 Nov07 01:30:53 /opt/backup-management/agent ... 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 12

  13. Scraping So… # nmap server1001 PORT STATE SERVICE 22/tcp open ssh Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 13

  14. Scraping Introducing sshified Monitoring target Prometheus server proxy_url: 10.1.2.3:22 127.0.0.1:8000 127.0.0.1:9100 node_exporter sshified sshd 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 14

  15. Scraping Exporters node process multilog blackbox non-systemd textfile decentralized procs runs as root systemd 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 15

  16. Overview Scraping Alerts Monitoring Graphs Integrations 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 16

  17. Alerts Alertmanager Alertmanager Central Event • Routing Management • LinuxPlatform.+ Operations Prometheus • LinuxServer.+ • Dead man’s switch • App.+ • Incident creation • Integrations • Paging • webhook • email • Silences syslog Server inventory 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 17

  18. Overview Scraping Alerts Monitoring Graphs Integrations 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 18

  19. Graphs Grafana with basic multi-tenancy huk-grafana-provisioning.py Template 127.0.0.1:8888/owner="john"/ api/v1/query?query=up Apache httpd owner_john prometheus-filter-proxy • mod_ldap • mod_auth_kerb owner_lisa 127.0.0.1:9090/api/v1/query?query=up{ owner="john" } John owner_* Prometheus 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 19

  20. Graphs Grafana with high availability Apache httpd prometheus-filter-proxy 10.1.2.3 Prometheus rsync grafana.sqlite John Prometheus Apache httpd prometheus-filter-proxy 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 20

  21. Overview Scraping Alerts Monitoring Graphs Integrations 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 21

  22. Integrations Integrating Prometheus into Configuration Management Deploy & configure exporters  hiera  common.yml  role/web.yml • Scrape configs  role/db.yml • Platform alerts  node/srv1001.yml Role-specific alerts 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 22

  23. Integrations Integrating Patch Management into Prometheus  Staging of new Linux patches Development  Roll-out on application servers Staging Production 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 23

  24. Future What‘s up next?  Long Term Storage, Downsampling, „ Janitor “  Dashboard performance  Lots of additional ideas and areas for work 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 24

  25. Summary Benefits & Takeaways Prometheus and Grafana provide us  Sufficient flexibility in a regulated environment,  Basic multi-tenancy for our teams, and  Helpful integrations into other processes. 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 25

  26. Thanks! Any questions? Christian Hoffmann Linux System Engineer at HUK-COBURG christian.hoffmann2@huk-coburg.de http://github.com/hoffie/sshified http://github.com/hoffie/prometheus-filter-proxy http://github.com/hoffie/multilog_exporter 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Prometheus Best Practices and Beastly Pitfalls Julius Volz, August 17, 2017 Prometheus

Prometheus Best Practices and Beastly Pitfalls Julius Volz, August 17, 2017 Prometheus

Prometheus Best Practices and Beastly Pitfalls Julius Volz, August 17, 2017 Prometheus Prometheus Areas Instrumentation Alerting Querying Prometheus Instrumentation Prometheus What to Instrument Every component (including

579 views • 34 slides
PromCon 2017 Welcome and Introduction Julius Volz, 17. August 2017 Prometheus Welcome and Thank

PromCon 2017 Welcome and Introduction Julius Volz, 17. August 2017 Prometheus Welcome and Thank

PromCon 2017 Welcome and Introduction Julius Volz, 17. August 2017 Prometheus Welcome and Thank You Prometheus What Happened? Lots of work on: Prometheus 2.0 prep Very soon now! new TSDB Prometheus 2.0 January 2015 July 2016

161 views • 14 slides
3. Agent-Oriented Methodologies Part 2: D) ems Design (MASD The PROMETHEUS The PROMETHEUS

3. Agent-Oriented Methodologies Part 2: D) ems Design (MASD The PROMETHEUS The PROMETHEUS

3. Agent-Oriented Methodologies Part 2: D) ems Design (MASD The PROMETHEUS The PROMETHEUS methodology. Javier Vzquez-Salceda q Multiagent Syste MASD https://kemlg.upc.edu Methodological Extensions to Object-Oriented Approaches A

310 views • 20 slides
110 Rules for Prometheus Brian Brazil Founder Rule 110 110 Rules for Prometheus Brian Brazil

110 Rules for Prometheus Brian Brazil Founder Rule 110 110 Rules for Prometheus Brian Brazil

110 Rules for Prometheus Brian Brazil Founder Rule 110 110 Rules for Prometheus Brian Brazil Founder Who am I? One of the core developers of Prometheus Founder of Robust Perception Primary author of Reliable Insights blog

443 views • 16 slides
Co-Founder, Managing Partner, SPiCE VC - Security Token Pioneers @AmiBenDavid 1 st Fully

Co-Founder, Managing Partner, SPiCE VC - Security Token Pioneers @AmiBenDavid 1 st Fully

P R E S E N T A T I O N B Y A M I B E N D A V I D Co-Founder, Managing Partner, SPiCE VC - Security Token Pioneers @AmiBenDavid 1 st Fully tokenized VC fund 4 th ever Security Token 1 st Regulation-enforcing Token (DS Protocol) Focused on

488 views • 21 slides
Knowledge in Interviews Brian Brazil Founder Who am I? One of the developers of Prometheus

Knowledge in Interviews Brian Brazil Founder Who am I? One of the developers of Prometheus

Evaluating Prometheus Knowledge in Interviews Brian Brazil Founder Who am I? One of the developers of Prometheus Author of Prometheus: Up&Running Primary author of Reliable Insights blog You may have heard of me :) Looking

546 views • 17 slides
Rethinking monitoring with Prometheus Martn Ferrari Based on a previous talk prepared with

Rethinking monitoring with Prometheus Martn Ferrari Based on a previous talk prepared with

Rethinking monitoring with Prometheus Martn Ferrari Based on a previous talk prepared with tefan afr - @som_zlo Who is Prometheus? A dude who stole fire from Mt. Olympus and gave it to humanity http://prometheus.io/ What is

402 views • 27 slides
Prometheus Adam Goldsmith, Jack Gonsalves, Ben Gillette, and Luke Buquicchio Prometheus

Prometheus Adam Goldsmith, Jack Gonsalves, Ben Gillette, and Luke Buquicchio Prometheus

Prometheus Adam Goldsmith, Jack Gonsalves, Ben Gillette, and Luke Buquicchio Prometheus Synopsis Have you ever wanted to travel to new and exciting places? Have you ever wanted to meet your maker? Have you ever wanted to kill

248 views • 9 slides
Managing Dependencies and Runtime Security ActiveState Deminar Managing Dependencies and

Managing Dependencies and Runtime Security ActiveState Deminar Managing Dependencies and

Managing Dependencies and Runtime Security ActiveState Deminar Managing Dependencies and Runtime Security About ActiveState Track-record: 97% of Fortune 1000, 20+ years open source Polyglot: 5 languages - Python, Perl, Tcl, Go, Ruby

727 views • 47 slides
YOUR CYBER SECURITY Ben Goodall PSC Griffiths Goodall, Managing Principal Nathaniel Barrs

YOUR CYBER SECURITY Ben Goodall PSC Griffiths Goodall, Managing Principal Nathaniel Barrs

YOUR CYBER SECURITY Ben Goodall PSC Griffiths Goodall, Managing Principal Nathaniel Barrs PSC Insurance Group, Director of Operations 19 May 2020 1 Agenda for Today Todays Environment Covid-19 Influences Types of Cyber

666 views • 21 slides
Staleness and Isolation in Prometheus 2.0 Brian Brazil Founder Who am I? One of the core

Staleness and Isolation in Prometheus 2.0 Brian Brazil Founder Who am I? One of the core

Staleness and Isolation in Prometheus 2.0 Brian Brazil Founder Who am I? One of the core developers of Prometheus Founder of Robust Perception Primary author of Reliable Insights blog Contributor to many open source projects

487 views • 44 slides
Practical monitoring with Prometheus and Grafana Jess Portnoy jess.portnoy@kaltura.com, Kaltura,

Practical monitoring with Prometheus and Grafana Jess Portnoy jess.portnoy@kaltura.com, Kaltura,

Practical monitoring with Prometheus and Grafana Jess Portnoy jess.portnoy@kaltura.com, Kaltura, Inc Abstract Prometheus is an open source monitoring and alerting toolkit. In this session we'll review the Prometheus architecture and various

418 views • 16 slides
An Introduction to Prometheus Brian Brazil Founder Who am I? Engineer passionate about running

An Introduction to Prometheus Brian Brazil Founder Who am I? Engineer passionate about running

An Introduction to Prometheus Brian Brazil Founder Who am I? Engineer passionate about running software reliably in production. Core developer of Prometheus Studied Computer Science in Trinity College Dublin. Google SRE for 7 years, working

431 views • 42 slides
Prometheus: Designing and Implementing a Modern Monitoring Solution in Go Bjrn Beorn

Prometheus: Designing and Implementing a Modern Monitoring Solution in Go Bjrn Beorn

Prometheus: Designing and Implementing a Modern Monitoring Solution in Go Bjrn Beorn Rabenstein, Production Engineer, SoundCloud Ltd. http://prometheus.io Architecture Go client library Counter interface (almost complete) type

489 views • 37 slides
Cortex: Prometheus as a Service, One Year On Tom Wilkie, PromCon 2017 tom.wilkie@gmail.com

Cortex: Prometheus as a Service, One Year On Tom Wilkie, PromCon 2017 tom.wilkie@gmail.com

Cortex: Prometheus as a Service, One Year On Tom Wilkie, PromCon 2017 tom.wilkie@gmail.com https://github.com/weaveworks/cortex https://www.youtube.com/watch?v=3Tb4Wc0kfCM Prometheus HA Grafana Cortex: Prometheus as a Service Alertmanager

541 views • 35 slides
Staying Focused in Volatile Times - Managing Investment Risk Sonia Kowal, President Kevin

Staying Focused in Volatile Times - Managing Investment Risk Sonia Kowal, President Kevin

Staying Focused in Volatile Times - Managing Investment Risk Sonia Kowal, President Kevin Callahan, CFA, Senior Portfolio Manager www.zevin.com (617) 742 - 6666 Managing Sustainable and Responsible Portfolios Since 1997 1 www.zevin.com |

511 views • 16 slides
Configurations: Do you prove yours ? Continuous configuration, observability, compliance Pass the

Configurations: Do you prove yours ? Continuous configuration, observability, compliance Pass the

Pass The SALT 2019 Configurations: Do you prove yours ? Continuous configuration, observability, compliance Pass the SALT 2019 Alexandre BRIANCEAU alexandre@rudder.io @abrianceau How are the servers doing? Pass The SALT 2019 No error nor

292 views • 16 slides
Configuration Management What is CM? CM processes in practice CM and organizational

Configuration Management What is CM? CM processes in practice CM and organizational

Prof. Yoram Reich, Faculty of Engineering, Tel Aviv University, 6/15/2006, [CM overview.doc] Configuration Management What is CM? CM processes in practice CM and organizational context CM technology Configurations

541 views • 17 slides
LibreOffice configuration management tools, approaches & best practices Thorsten Behrens -

LibreOffice configuration management tools, approaches & best practices Thorsten Behrens -

LibreOffice configuration management tools, approaches & best practices Thorsten Behrens - tbehrens@suse.com LibreOffice Hacker at SUSE What, Why, How Customize LibreOffice repeatably Makes your life easier, happier & more secure

823 views • 18 slides
Using the Script MIB for Policy-based Configuration Management T. Klie, S. Mertens, M. Brunner,

Using the Script MIB for Policy-based Configuration Management T. Klie, S. Mertens, M. Brunner,

Using the Script MIB for Policy-based Configuration Management Page 1 Using the Script MIB for Policy-based Configuration Management T. Klie, S. Mertens, M. Brunner, P. Martinez, J. Sch onw alder, F. Strau J. Quittek Computer

448 views • 24 slides
INF 111 / CSE 121: Software Tools and Methods Lecture Notes for Fall Quarter, 2007 Michele

INF 111 / CSE 121: Software Tools and Methods Lecture Notes for Fall Quarter, 2007 Michele

INF 111 / CSE 121: Software Tools and Methods Lecture Notes for Fall Quarter, 2007 Michele Rousseau Set 13 (Some slides adapted from Sommerville 2000 & Scott Miller) Announcements Still no lab on Friday Regrades for Quiz #1 Due

621 views • 20 slides
CS615 - Aspects of System Administration Monitoring, Configuration Management Department of

CS615 - Aspects of System Administration Monitoring, Configuration Management Department of

CS615 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration Monitoring, Configuration Management Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens-tech.edu

1.26k views • 90 slides
Leadership Release Management Continuous Integration october 9, 2013 1 Significant Semester

Leadership Release Management Continuous Integration october 9, 2013 1 Significant Semester

Leadership Release Management Continuous Integration october 9, 2013 1 Significant Semester Requirements 15% Participation: in-class, at meetings, setup meetings in timely manner, weekly status reports (individual grade) 15% Writing:

410 views • 20 slides
Infrastructure as Code So far.. .. Server-based systems (IaaS) Low-level infrastructure

Infrastructure as Code So far.. .. Server-based systems (IaaS) Low-level infrastructure

Infrastructure as Code So far.. .. Server-based systems (IaaS) Low-level infrastructure exposed Manage dozens of custom containers and VMs needed to run your site Flexible, but high management costs Manual creation and

3.18k views • 31 slides

More recommend