Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Identify tooling for auditing access controls to infrastructure #2968

Closed
sxa opened this issue Feb 24, 2023 · 4 comments
Closed

Identify tooling for auditing access controls to infrastructure #2968

sxa opened this issue Feb 24, 2023 · 4 comments
Assignees
@steelhead31
Labels
secure-dev Issues specific to SSDF/SLSA compliance work security
Milestone
2023-05 (May)

Comments

@sxa
Copy link
Member

sxa commented Feb 24, 2023

In order to detect threats and understand the use of our machines we need to identify what attempts are being made to access our machines and ensure we follow up on entries in the logs. Some of this may be feasible with Nagios, or we can identify other tooling that fulfils this role. Eclipse have some tooling in this area, but it is closed and not directly available for us to use at present.
@sxa sxa added the security label Feb 24, 2023
@sxa sxa added this to the 2023-03 (March) milestone Feb 24, 2023
@sxa sxa mentioned this issue Feb 24, 2023
Open
@steelhead31 steelhead31 self-assigned this Mar 7, 2023
@sxa
Copy link
Member Author

sxa commented Mar 7, 2023

Note: Eclipse have a logscan tool that they use internally but it has not been open-sourced

@sxa sxa added the secure-dev Issues specific to SSDF/SLSA compliance work label Mar 21, 2023
@sxa sxa modified the milestones: 2023-03 (March), 2023-04 (April) Apr 3, 2023
@steelhead31 steelhead31 moved this from Todo to In Progress in Adoptium 2Q 2023 Plan Apr 17, 2023
@steelhead31
Copy link
Contributor

Miro diagram of potential monitoring approaches.. https://miro.com/app/board/uXjVMSLkAYY=/ , currently working on a document with some details and potential options for discussion.

@steelhead31
Copy link
Contributor

Document.. https://docs.google.com/document/d/1LagjwclS9U0LCELML9yGAihr8eeb3j7pnVw1NcTVMxo/edit?usp=sharing

@steelhead31 steelhead31 mentioned this issue May 5, 2023
Open
@sxa sxa modified the milestones: 2023-04 (April), 2023-05 (May) May 16, 2023
@steelhead31
Copy link
Contributor

As this has now been discussed, the next step is to provide a detailed breakdown of the next steps. This will be covered by this Epic #3047 and particular task 2, next steps and more detailed breakdown of tasks required to implement.

@github-project-automation github-project-automation bot moved this from In Progress to Done in Adoptium 2Q 2023 Plan May 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@steelhead31 steelhead31

Labels
secure-dev Issues specific to SSDF/SLSA compliance work security
Projects
No open projects
Adoptium 2Q 2023 Plan
Status: Done
Secure Software Development Activities
Status: Done
Milestone
2023-05 (May)
Development

No branches or pull requests
2 participants
@sxa @steelhead31