[openstack-dev] [OSSG] hardening openstack
Clark, Robert Graham
robert.clark at hp.com
Fri Nov 2 11:37:38 UTC 2012
It may be worth publishing a recipe or something similar that demonstrates using ceilometer for this.
Log correlation is essential for meeting many auditing and compliance requirements, typically I have considered this to be a deployment issue, we currently use ArcSight and a few other toys in this area but I think it's worth exploring options that reduce the difficulty of deploying standards-complient OpenStack clouds.
-Rob
From: Matt Joyce <matt.joyce at cloudscaling.com<mailto:matt.joyce at cloudscaling.com>>
Reply-To: OpenStack List <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Date: Friday, 2 November 2012 06:55
To: OpenStack List <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Subject: Re: [openstack-dev] [OSSG] hardening openstack
For the record, ceilometer provides a perfect mechanism for recording audit logs of events.
On Thu, Nov 1, 2012 at 9:55 PM, Bryan D. Payne <bdpayne at acm.org<mailto:bdpayne at acm.org>> wrote:
Some of the log handling may end up being deployment specific.
Nevertheless, this is a very good idea.
One thing that the OpenStack projects can do to help with logging
would be to cleanup the log messages in all of the projects such that
they provide useful information to someone that was aggregating all of
the logs as you describe. Last time I checked, there was lots of work
to be done there.
-bryan
On Thu, Nov 1, 2012 at 4:55 PM, Bhandaru, Malini K
<malini.k.bhandaru at intel.com<mailto:malini.k.bhandaru at intel.com>> wrote:
> From out of http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf
> Review system and application logs on a routine basis.
> Dend logs to a dedicated log server. This prevents intruders from easily avoiding detection by modifying the local logs.
>
> Down the road this is something we should consider. Might not want to have to go over the network for every log item, but do so in some digest mode. Alternately, create a VM for logging on the host nodes, a nova-log-vm, a quantum-log-vm .. and log to that for the respective openstack service. Needs more thought.
>
> Regards
> Malini
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list