LANL-stor and the Challenges of Evolutionary Development - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

LANL-stor and the Challenges of Evolutionary Development

Description:

Lack of advanced data-types and language features limited development process. ... planning = faster development. Talk to your customers. Don't skimp on testing. ... – PowerPoint PPT presentation

Number of Views:33
Avg rating:3.0/5.0
Slides: 21
Provided by: info87
Learn more at: http://info.ornl.gov
Category:

less

Transcript and Presenter's Notes

Title: LANL-stor and the Challenges of Evolutionary Development


1
LANL-stor and the Challenges of Evolutionary
Development
  • Managing the evolutionary development of a system
    hardening script.

2
Overview
  • What is LANL-stor.
  • Themes in the evolution of LANL-stor.
  • Origins.
  • Mid-life crisis.
  • Current status.
  • Future directions.
  • Lessons learned

3
RHEL Security Triangle
  • Red Hat Network Satellite Server (RHUS).
  • Patch management capabilities.
  • LANL ExpressWay Red Hat.
  • Network based installation tool.
  • LANL Security Tool On Red-Hat (STOR).
  • Secure configuration.
  • Configuration compliance reporting

4
STOR
  • Current version is 4.0.
  • System hardening tool for Red Hat Enterprise
    Linux.
  • Based on
  • The Center for Internet Security (RHEL 4 5
    Benchmarks).
  • The NSA Guide to the Secure Configuration of RHEL
    5.
  • The DISA UNIX STIG and Checklist.
  • NIST.
  • MITRE CCE List for RHEL 5.
  • Internal requirements.

5
STOR - Development
  • Source documents are reviewed for applicability,
    automation potential, correctness and deployment
    impact.
  • Field team feedback from previous versions is
    considered.
  • Informal requirements outline generated
    (developer use only).
  • New actions are unit tested then integrated into
    the main program(s).
  • The main program is tested on virtual machines
    representing all supported versions ( currently 3
    - 5).
  • CSD Standards and RD Team members test during an
    internal alpha test period.

6
STOR Development cont.
  • Internal review meeting held prior to CCB.
  • Change Control Board reviews changes in guidance
    and program functionality. Makes recommendations.
  • CCB changes are integrated into program.
  • Internal beta test period.
  • Public beta test period.
  • Production.

7
Themes
  • Evolution in source material (CIS, NIST, NSA,
    DISA).
  • Evolution in internal requirements.
  • Continuous change in program architecture.
  • Growing complexity
  • Variances between RHEL versions.
  • Additional features.
  • Special cases.

8
STOR Origins
  • Early years (versions 0.1 - 1.12).
  • Simple run once bash script.
  • No customization without altering the script.
  • Intolerant of use on anything but a fresh
    install.
  • lt 2000 lines.
  • Mostly cut and paste from early CIS Benchmark
    scripts.
  • Very incomplete implementation of CIS Benchmark.

9
STOR Origins
  • Growing up (versions 2.x-3.0).
  • More focus on being able to run repeatedly
    without breakage.
  • More flexible about preserving local
    configurations.
  • Tuneable via a configuration file.
  • Improved coverage of CIS Benchmark.
  • With config file added optional hardening
    actions.
  • Undo function.
  • gt 6,500 lines by 3.0.

10
STOR Origins
  • Mid Life Crisis (v. 3.1).
  • Audit and reporting functions.
  • Support for RHEL 3 - 5.
  • Optional GUI.
  • gt 9,300 lines.

11
STOR Origins
  • Optional GUI (ver. 3.1).

12
STOR Origins
  • Mid-Life Crisis (v. 3.1) Issues.
  • Huge code base of shell code difficult to manage.
  • Lack of advanced data-types and language features
    limited development process.
  • Performance Required run time with all features
    turned on had become very long.
  • Limited ability to integrate main code with GUI.
  • Limited ability to handle errors in a predictable
    way.

13
STOR Current
  • Welcome to 4.0!
  • Completely re-written in Python.
  • More new hardening features.
  • All new GUI.
  • Can now execute single rules for easier debugging
    and targeted fixes.
  • Initial port cut STOR line count from 9K to
    7K.
  • Current line count 13,600 (9892 core, 3699 GUI).

14
STOR Current
  • Why Python?
  • Previous STOR GUI was written in Py-QT.
  • Flexible.
  • Readable.
  • Faster than shell.
  • Speed of development.
  • Batteries included.
  • Easier integration with the GUI layer.
  • Natively object oriented without forcing object
    oriented development.
  • Good native exception handling capabilities.
  • Native to Red Hat yet available cross-platform

15
STOR Origins
  • New GUI

16
STOR Origins
  • GUI Configuration Tool

17
STOR Origins
  • Online Help

18
STOR Future Plans
  • Tighter integration with the GUI without breaking
    command line function.
  • Extend to cover additional Operating Systems.
  • Solaris
  • Ubuntu
  • Mac?
  • Move to full object oriented development.
  • Develop automated testing harness

19
Lessons Learned
  • Don't fear the re-write!
  • Take chances, fortune favors those who are in the
    right place at the right time.
  • Challenge assumptions.
  • Document your code the sanity you save may be
    your own.
  • Upfront planning faster development.
  • Talk to your customers.
  • Don't skimp on testing.

20
LANL-stor and the Challenges of Evolutionary
Development
  • Questions?
  • LANL-stor author
  • David Kennel
  • Departmental Computing Services
  • Central Services and Development Team
  • dkennel_at_lanl.gov
Write a Comment
User Comments (0)
About PowerShow.com