using tripwire to check cluster system integrity
play

Using Tripwire to check cluster system integrity Elio P erez Calle - PowerPoint PPT Presentation

Sep 21, 2022 •42 likes •132 views

Using Tripwire to check cluster system integrity Elio P erez Calle Miguel C ardenas Montes Francisco Javier Rodr guez Calonge CIEMAT Madrid, Spain Computing in High Energy Physics Interlaken, Switzerland, 2004 P erez Calle, C

  1. Using Tripwire to check cluster system integrity Elio P´ erez Calle Miguel C´ ardenas Montes Francisco Javier Rodr´ ıguez Calonge CIEMAT Madrid, Spain Computing in High Energy Physics Interlaken, Switzerland, 2004 P´ erez Calle, C´ ardenas Montes, Rodr´ ıguez Calonge Using Tripwire to check cluster system integrity

  2. Outline Increased security needed for large computing clusters: Perimeter Security. Intrusion Detection Systems (IDSs). The target of an IDS is early detection of an intrusion to minimize damages. Tripwire is one of the most powerful IDSs. Tripwire is oriented to monitor the status of files and directories to detect any changes: Integrity checking. P´ erez Calle, C´ ardenas Montes, Rodr´ ıguez Calonge Using Tripwire to check cluster system integrity

  3. How it works A snapshot of the system is taken, including information for any file or directory that should be protected (operating system files, core scientific software. . . ) This information is stored in a crypted database to avoid any unauthorized modification. This database is kept and it is used for reference. System checks are performed regularly. Present situation is compared with the reference one. A report is generated for each check. Reports may be stored or sent by email automatically. P´ erez Calle, C´ ardenas Montes, Rodr´ ıguez Calonge Using Tripwire to check cluster system integrity

  4. Tripwire’s Elements Policy and configuration files define Tripwire’s behaviour. Configuration file covers general options. Policy file defines monitoring for each kind of file, depending of its characteristics and importance in system overall security. A original crypted database. The information is protected before being stored. That is a key feature of Tripwire that guarantees its own security and integrity. Reports generated by comparting the original database with the present status of the system. Reports include a general summary and a detailed list of any detected modifications. P´ erez Calle, C´ ardenas Montes, Rodr´ ıguez Calonge Using Tripwire to check cluster system integrity

  5. Tripwire at CIEMAT: Policy and Configuration MAIN FILESYSTEM MONITORED PROPERTIES FILE ADDITION, DELETION AND MODIFICATION FILE PERMISSIONS, PROPERTIES AND OWNER FILE TYPE, SIZE AND BLOCKS ALLOCATED INODE NUMBER, NUMBER OF LINKS AND INODE GENERATION NUMBER ACCESS CONTROL LISTS (ACLs) TIMESTAMPS OF FILES AND INODES HASH CHECKING MONITORING MODELS DEFINED IN POLICY FILE OPERATING SYSTEM CRITICAL FILES FILES WITH SUID AND SGID BIT ON OPERATING SYSTEM CORE BINARIES CONFIGURATION FILES OF IMPORTANT APPLICATIONS GROWING FILES (SUCH AS SYSTEM LOGS) INVARIANT DIRECTORIES P´ erez Calle, C´ ardenas Montes, Rodr´ ıguez Calonge Using Tripwire to check cluster system integrity

  6. ✁ � �✁ Tripwire at CIEMAT: Implementation (I) PARALLEL EXECUTION OF TRIPWIRE GENERATION OF LOCAL CLUSTER REPORTS SSH/SNMP REMOTE RESULTS PICK UP ✂✄✂ ☎✄☎ MONITORING SYSTEM P´ erez Calle, C´ ardenas Montes, Rodr´ ıguez Calonge Using Tripwire to check cluster system integrity

  7. Tripwire at CIEMAT: Implementation (II) Large-scale and parallel execution of Tripwire at any computer in a network. Monitoration is implemented in a central computer: Throws parallel executions of Tripwire in the cluster by SSH. Gets information from the MIB tree of the cluster by SNMP. Use of a monitoring system (Nagios) as a visual interface for intrusion detection. Features: Offers information about remote executions. Sends alerts by email if a problem is detected. P´ erez Calle, C´ ardenas Montes, Rodr´ ıguez Calonge Using Tripwire to check cluster system integrity

  8. Tripwire at CIEMAT: Implementation (III) Implementation prototypes on LCG2 clusters at CIEMAT (35 machines monitored) and other collaborating institutes: UB (6 machines) and UAM (37 machines). Implementation in other computing clusters related to local scientific projects at CIEMAT. Wide clusters get global protection: Cluster system integrity checking. Large-scale centralized execution. Remote control of execution results. Administration interface using Nagios. P´ erez Calle, C´ ardenas Montes, Rodr´ ıguez Calonge Using Tripwire to check cluster system integrity

  9. Conclusions Combining Tripwire and Nagios provides: A very secure and versatile IDS tool. Complete monitoring of system integrity. Adaptable to the needs of a large cluster. User friendly visualization and configuration interface. Remote control using alarms. Free software (GPL). Main references Tripwire project: http://www.tripwire.org Nagios monitoring system: http://www.nagios.org P´ erez Calle, C´ ardenas Montes, Rodr´ ıguez Calonge Using Tripwire to check cluster system integrity

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

BGP Integrity Check using IRR draft-kengo-bgp-integrity-check-00.txt Kengo Nagahashi

BGP Integrity Check using IRR draft-kengo-bgp-integrity-check-00.txt Kengo Nagahashi

BGP Integrity Check using IRR draft-kengo-bgp-integrity-check-00.txt Kengo Nagahashi <kenken@sfc.wide.ad.jp> Keio University, Japan 1 Motivation Multiple Origin ASes are often observed Most of them are severe Filtering by

351 views • 7 slides
STEP 3: OPTIMIZE THE TRIPWIRE OFFER An irresistible, super- WHAT IS A low-ticket offer that

STEP 3: OPTIMIZE THE TRIPWIRE OFFER An irresistible, super- WHAT IS A low-ticket offer that

STEP 3: OPTIMIZE THE TRIPWIRE OFFER An irresistible, super- WHAT IS A low-ticket offer that exists for one reason TRIPWIRE? and one reason only to convert prospects into BUYERS! In other words, Tripwires change relationships

799 views • 44 slides
System Integrity Matrix or PWSRCAC Matrix of VMT Concerns By Tom Kuckertz & Anna Carey

System Integrity Matrix or PWSRCAC Matrix of VMT Concerns By Tom Kuckertz & Anna Carey

System Integrity Matrix or PWSRCAC Matrix of VMT Concerns By Tom Kuckertz & Anna Carey TOEM Commi8ee Tracking VMT Integrity Concerns System Integrity Project (5050) Report of status of selected integrity items/ issues difficult

401 views • 25 slides
Accommodations LIST OF TD/ITOs/NTOs HOTELS CLUSTER - SPORT / CHECK- CHECK- Night HOTEL

Accommodations LIST OF TD/ITOs/NTOs HOTELS CLUSTER - SPORT / CHECK- CHECK- Night HOTEL

Accommodations LIST OF TD/ITOs/NTOs HOTELS CLUSTER - SPORT / CHECK- CHECK- Night HOTEL DISCIPLINE IN OUT CHOFA MINE Air Sports (Paragliding) 11/11/14 22/11/14 11 DARA Hotel Phuket Air Sports (Power Paragliding) SAPHAN HIN 10/11/14

679 views • 25 slides
TRIPWIRE ENTERPRISE SERVER - UBIT Tech Review February 2019 John Ball

TRIPWIRE ENTERPRISE SERVER - UBIT Tech Review February 2019 John Ball

TRIPWIRE ENTERPRISE SERVER - UBIT Tech Review February 2019 John Ball john@buffalo.edu 1 What is Tripwire? Enterprise Security Configuration Management (SCM) tool Standards Compliance software - File

155 views • 11 slides
F I R S T Financial Integrity Rating System of Texas F I R S T The FIRST (Financial Integrity

F I R S T Financial Integrity Rating System of Texas F I R S T The FIRST (Financial Integrity

Willis I.S.D. 2015-2016 District Status F I R S T Financial Integrity Rating System of Texas F I R S T The FIRST (Financial Integrity Rating System of Texas) Rating, officially referred to as School FIRST, was established by TEA effective

477 views • 20 slides
KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY Blockchain & Security Ruth Crowell, Chief Executive Asia Pacific Precious Metals

460 views • 10 slides
The next gas lift well integrity & reliability leap forwards: Barrier SPM's with retrievable

The next gas lift well integrity & reliability leap forwards: Barrier SPM's with retrievable

The next gas lift well integrity & reliability leap forwards: Barrier SPM's with retrievable check valves www.ptc.as Introduction Established reputation for developing equipment in response to client demands Integrity

572 views • 15 slides
MS Cluster on KVM Vadim Rozenfeld vrozenfe@redhat.com 25 Aug, 2016 Cluster: Servers Combined to

MS Cluster on KVM Vadim Rozenfeld vrozenfe@redhat.com 25 Aug, 2016 Cluster: Servers Combined to

MS Cluster on KVM Vadim Rozenfeld vrozenfe@redhat.com 25 Aug, 2016 Cluster: Servers Combined to Improve Availability and Scalability. - Cluster: A group of independent systems working together as a single system. Clients see scalable and

903 views • 28 slides
Trouble-Shooting Three Parts 1. Have appropriate tools on-site 2. Check wire and connector

Trouble-Shooting Three Parts 1. Have appropriate tools on-site 2. Check wire and connector

Trouble-Shooting Three Parts 1. Have appropriate tools on-site 2. Check wire and connector integrity, fuses, and power source (generator, battery) -this is when the electrofisher is not working 3. Check maximum outputs to see if the control

331 views • 14 slides
NATIONAL INTEGRITY CONVENTION 2017 TOPIC 4: Corporate Transparency and Enhancing Corporate Image:

NATIONAL INTEGRITY CONVENTION 2017 TOPIC 4: Corporate Transparency and Enhancing Corporate Image:

NATIONAL INTEGRITY CONVENTION 2017 TOPIC 4: Corporate Transparency and Enhancing Corporate Image: Actions Speak Louder than Words Speaker Mohd Ismail Abdul Jalil Director, Economic Cluster Malaysian Institute of Integrity TONE FROM THE TOP

415 views • 9 slides
STEP 2: OPTIMIZE THE LEAD MAGNET 1 Lead Magnet Whats your number? 2 Tripwire

STEP 2: OPTIMIZE THE LEAD MAGNET 1 Lead Magnet Whats your number? 2 Tripwire

STEP 2: OPTIMIZE THE LEAD MAGNET 1 Lead Magnet Whats your number? 2 Tripwire Want to get coffee? 3 Core Offer Can I take you to dinner? 4 Profit Maximizer Will you marry me? 5 Return Path (Flowers, date

586 views • 27 slides
National Integrity Strategy of IGS, BRAC University Bangladesh Overview Background The

National Integrity Strategy of IGS, BRAC University Bangladesh Overview Background The

Draft dated August 28th National Integrity Strategy of IGS, BRAC University Bangladesh Overview Background The conception of integrity, national integrity system and rationale for a National Integrity Strategy Vision and Mission

630 views • 49 slides
Using SPARK to ensure System to Software Integrity Tonu Naks , M. Anthony Aiello, S. Tucker Taft

Using SPARK to ensure System to Software Integrity Tonu Naks , M. Anthony Aiello, S. Tucker Taft

Using SPARK to ensure System to Software Integrity Tonu Naks , M. Anthony Aiello, S. Tucker Taft 10th European Congress on Embedded Real Time Software and Systems, 29-31/01/2020 Toulouse 1 Agenda AdaCore System-to-Software Integrity (SSI)

504 views • 29 slides
Tripwire Inferring Internet Site Compromise Joe DeBlasio Stefan Savage UC San Diego Geoffrey

Tripwire Inferring Internet Site Compromise Joe DeBlasio Stefan Savage UC San Diego Geoffrey

Tripwire Inferring Internet Site Compromise Joe DeBlasio Stefan Savage UC San Diego Geoffrey M. Voelker Alex C. Snoeren On account compromise Compromise of email/social network/etc is devastating Personal/professional reputational, financial

798 views • 49 slides
RECURRENCE WHAT CAUSES CLUSTER HEADACHES? Occasionally referred to as alarm headaches

RECURRENCE WHAT CAUSES CLUSTER HEADACHES? Occasionally referred to as alarm headaches

10/4/18 QUESTIONS : CLUSTER HEADACHES: 1. Have any of you heard of cluster THE WORST PAIN POSSIBLE? headaches? 2. Do you know someone who suffers from cluster headaches? WHAT ARE CLUSTER HEADACHES? TRIGEMINAL NERVE A neurological

514 views • 3 slides
DATA WAREHOUSE BUILT FOR THE CLOUD QCON San Francisco, November 2019 Thierry Cruanes, Co-Founder

DATA WAREHOUSE BUILT FOR THE CLOUD QCON San Francisco, November 2019 Thierry Cruanes, Co-Founder

DATA WAREHOUSE BUILT FOR THE CLOUD QCON San Francisco, November 2019 Thierry Cruanes, Co-Founder & CTO THE DREAM DATA WAREHOUSE (CIRCA 2012) Unlimited and Store all Extreme No compromises Instant Scaling your data simplicity full

1.11k views • 25 slides
High Performance and Scalable MPI+X Library for Emerging HPC Clusters Talk at Intel HPC Developer

High Performance and Scalable MPI+X Library for Emerging HPC Clusters Talk at Intel HPC Developer

High Performance and Scalable MPI+X Library for Emerging HPC Clusters Talk at Intel HPC Developer Conference (SC 16) by Dhabaleswar K. (DK) Panda Khaled Hamidouche The Ohio State University The Ohio State University E-mail:

691 views • 48 slides
Anticipating the European Supercomputing Infrastructure of the Early 2020s Thomas C. Schulthess

Anticipating the European Supercomputing Infrastructure of the Early 2020s Thomas C. Schulthess

Anticipating the European Supercomputing Infrastructure of the Early 2020s Thomas C. Schulthess T. Schulthess 1 European Commission President Jean-Claude Juncker "Our ambi*on is for Europe to become one of the top 3 world leaders in

560 views • 23 slides
VSched: Mixing Batch And Interactive Virtual Machines Using Periodic Real-time Scheduling Bin

VSched: Mixing Batch And Interactive Virtual Machines Using Periodic Real-time Scheduling Bin

VSched: Mixing Batch And Interactive Virtual Machines Using Periodic Real-time Scheduling Bin Lin Peter A. Dinda Prescience Lab Department of Electrical Engineering and Computer Science Northwestern University http://www.presciencelab.org

467 views • 44 slides
The Olympus High Performance Computing Cluster: A Resource for MIDAS Researchers Shawn T. Brown,

The Olympus High Performance Computing Cluster: A Resource for MIDAS Researchers Shawn T. Brown,

The Olympus High Performance Computing Cluster: A Resource for MIDAS Researchers Shawn T. Brown, PhD. Director of Public Health Applications Pittsburgh Supercomputing Center Carnegie Mellon University MIDAS Informatics Services Group What is

461 views • 11 slides
Resilient Distributed Datasets: A Fault-Tolerant Abstraction for In-Memory Cluster Computing M.

Resilient Distributed Datasets: A Fault-Tolerant Abstraction for In-Memory Cluster Computing M.

Resilient Distributed Datasets: A Fault-Tolerant Abstraction for In-Memory Cluster Computing M. Zaharia, M. Chowdhury, T. Das, A. Dave, J. Ma, M. McCauley, M.J. Franklin, S. Shenker, I. Stoica Computer Laboratory Principal Motivation

628 views • 15 slides
Workforce in Iow as Creative Corridor University of Iowa January 2014 Strategic Skills Study

Workforce in Iow as Creative Corridor University of Iowa January 2014 Strategic Skills Study

Strategic Skills November 2013 1/9/2014 Presentation Workforce in Iow as Creative Corridor University of Iowa January 2014 Strategic Skills Study Purpose Gain a greater understanding of the workforce characteristic and needs of key

443 views • 21 slides
Spectral Clustering on Handwritten Digits Database Mid-Year Presentation Danielle Middlebrooks

Spectral Clustering on Handwritten Digits Database Mid-Year Presentation Danielle Middlebrooks

Introduction Project Overview Results Project Schedule Deliverables References Spectral Clustering on Handwritten Digits Database Mid-Year Presentation Danielle Middlebrooks dmiddle1@math.umd.edu Advisor: Kasso Okoudjou kasso@umd.edu

453 views • 23 slides

More recommend