openstack-manuals

Security Guide - Chapter 43. Security beyond scheduling, images, and migrations

Bug #1344342 reported by N Dillon on 2014-07-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	openstack-manuals	Fix Released	Medium	N Dillon

Bug Description

CH43 does not touch on any of the following:

OS Hardening - I believe it is a mistake to have the one sentence referring to hardening be buried in the middle of the doc in another heading. IMHO, there should be a section that says, "please follow hardening best practices" even if that's all it says.
Password/Key Management - setting/creating them, using them to connect to instances, and managing them
Security Groups - creation/mgmt
Monitoring and Reporting - image changes, group changes, etc...
Updating Instances - users should still do it

-----------------------------------
Built: 2014-07-18T16:16:50 00:00
git SHA: d7b47995e6316a4f686f39354880ceb6ea9b664c
URL: http://docs.openstack.org/security-guide/content/security-services-for-instances.html
source File: file:/home/jenkins/workspace/security-doc-tox-doc-publishdocs/security-guide/ch_security-services-for-instances.xml
xml:id: security-services-for-instances

Tags:

Andreas Jaeger (jaegerandi) on 2014-07-24

Changed in openstack-manuals:
status:	New → Confirmed
importance:	Undecided → Medium
tags:	added: sec-guide

N Dillon (sicarie) on 2014-07-25

Changed in openstack-manuals:
assignee:	nobody → N Dillon (sicarie)

Revision history for this message

N Dillon (sicarie) wrote on 2014-10-24:

Queued one small section - should I add everything (approximately 5 or 6 sections) all at once, or add smaller sections incrementally?

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-10-24: Fix proposed to security-doc (master)

Fix proposed to branch: master
Review: https://review.openstack.org/130888

Changed in openstack-manuals:
status:	Confirmed → In Progress

OpenStack Infra (hudson-openstack) on 2014-10-27

Changed in openstack-manuals:
assignee:	N Dillon (sicarie) → Gauvain Pocentek (gpocentek)

OpenStack Infra (hudson-openstack) on 2014-10-30

Changed in openstack-manuals:
assignee:	Gauvain Pocentek (gpocentek) → N Dillon (sicarie)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-11-17: Fix merged to security-doc (master)

Reviewed: https://review.openstack.org/130888
Committed: https://git.openstack.org/cgit/openstack/security-doc/commit/?id=c566a7f87b99c4b1216792bc7fc2ee967016f004
Submitter: Jenkins
Branch: master

commit c566a7f87b99c4b1216792bc7fc2ee967016f004
Author: dillonn <email address hidden>
Date: Fri Oct 24 14:07:16 2014 -0700

Adding monitoring section to instance security overview

Added section recommending monitoring and reporting be configured.

Re-submitting with revised style, voice, and structure editing.

Change-Id: Ie71df156f7574b511d4d0e4cfdeb297ee0bf0d60
Partial-Bug: #1344342

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-11-17: Fix proposed to security-doc (master)

Fix proposed to branch: master
Review: https://review.openstack.org/135051

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-11-27: Fix merged to security-doc (master)

Reviewed: https://review.openstack.org/135051
Committed: https://git.openstack.org/cgit/openstack/security-doc/commit/?id=6611de66193fa52a92efc1342463b3cc78f9c7a6
Submitter: Jenkins
Branch: master

commit 6611de66193fa52a92efc1342463b3cc78f9c7a6
Author: dillonn <email address hidden>
Date: Mon Nov 17 10:56:34 2014 -0800

Adding paragraph on updates to security instances section

    Added paragraph noting that instances will need to be updated separately
    from hypervisors, and cleaning up grammar/voice. Also adding additional
    paragraph to clarify difference between hypervisors and guest vms.
    Fixed my typos.

Change-Id: If3f5cc82e45f312187c6c5a6d277f1be508348e3
Partial-Bug: #1344342

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-03: Fix proposed to security-doc (master)

Fix proposed to branch: master
Review: https://review.openstack.org/138833

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-15: Fix merged to security-doc (master)

Reviewed: https://review.openstack.org/138833
Committed: https://git.openstack.org/cgit/openstack/security-doc/commit/?id=e8e815f092cd8346ce7f2869d325d8439e2061a1
Submitter: Jenkins
Branch: master

commit e8e815f092cd8346ce7f2869d325d8439e2061a1
Author: dillonn <email address hidden>
Date: Wed Dec 3 11:31:37 2014 -0800

Adding recommendations for host based security controls

    Added three paragraphs on firewalls, SELinux, and security group
    recommendations, and clarifying the differences between them.
    Updated host aggregates link and filters links.

Change-Id: I298e7af74bd9201cba7ae92abdd2a3950bf708b5
Closes-Bug: #1344342

Changed in openstack-manuals:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.