#opnfv-sec log

14:01:46 <lhinds> #startmeeting Security Group 25/05/2016
14:01:46 <collabot`> Meeting started Wed May 25 14:01:46 2016 UTC.  The chair is lhinds. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:01:46 <collabot`> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:01:46 <collabot`> The meeting name has been set to 'security_group_25_05_2016'
14:01:49 <aripie> Hi
14:01:59 <Sona> Hi
14:02:05 <lhinds> #topic agenda
14:02:11 <lhinds> #link https://etherpad.opnfv.org/p/opnfv-sec-meetings
14:02:31 <lhinds> anyone want to add / change anything in the agenda?
14:02:55 <Sona> badge program
14:03:04 <lhinds> that's in there
14:03:23 <aripie> all good
14:03:44 <lhinds> #topic functest
14:04:40 <lhinds> Been hard at this the past couple of weeks. I now have the tool running in the Apex deployment, and about to check the next load of code in today / tomorrow I expect
14:05:08 <Sona> by tool, do you mean openscap?
14:05:08 <lhinds> means it will be available for sharing at the OPNFV Summit. Might do a recorded demo even.
14:05:14 <lhinds> Sona, yep.
14:05:21 <Sona> very good :)
14:06:02 <lhinds> It quries all the overcloud nodes using nova api ,and the scans them all, downloading html reports to the opnfv dashboard
14:06:15 <Sona> so will OpenSCAP check for compliance & scan vulnerabilities ( CVEs)?
14:06:18 <lhinds> s/quries/queries
14:06:23 <lhinds> Sona, yes
14:06:41 <Sona> how often is this running?
14:07:16 <lhinds> everytime jenkins does a build
14:07:25 <Sona> sounds good
14:07:29 <Sona> well done
14:07:48 <aripie> excellent
14:07:53 <Sona> where can I see the result?
14:07:58 <lhinds> yep, its good to have our own project developed.
14:08:12 <lhinds> I have an early prototype..one minute
14:09:05 <lhinds> #link https://asciinema.org/a/8ynzgzr4c293filqscvgkstyu
14:09:21 <lhinds> not the final version, an earlier one, so its been made better since then
14:10:16 <Sona> thanks :)
14:11:02 <lhinds> I think the next project will be scanning security groups to check the rules are correct.
14:11:24 <Sona> Can Openscap do that?
14:12:04 <lhinds> I will use the python nmap library to do that
14:12:16 <lhinds> and a small vm I expect
14:12:45 <Sona> do we need to have a security policy?
14:13:28 <lhinds> that will be set in nova / openstack - when you create a VM, you assign a security group to the vm.
14:13:39 <lhinds> which then pushes the logic to iptables.
14:14:01 <Sona> I see
14:14:27 <lhinds> so we will pull out the rules set in nova (allow / deny - egress / ingress) and then do a nmap scan to insure the ports really are closed.
14:15:03 <Sona> very goos
14:15:07 <lhinds> ok..
14:15:14 <lhinds> #topic badge program
14:15:14 <Sona> who will run nmap?
14:15:24 <lhinds> Sona, programatcally
14:15:30 <lhinds> will call it inside code
14:15:51 <Sona> aha
14:16:01 <Sona> good
14:16:02 <lhinds> http://xael.org/pages/python-nmap-en.html
14:17:29 <Sona> it seems good progress on security functest front
14:18:49 <lhinds> yep. its nice to have something out there
14:19:17 <lhinds> so badge test, I have not had much time to look into this...has much progress been made?
14:19:33 <Sona> not much
14:19:58 <Sona> I went through all tsks yesterday and send email to everyone
14:20:23 <lhinds> I saw that. I really do plan to give it a good look over end of this week / early next week.
14:20:37 <lhinds> try and get as much ticked off as we can before the summit
14:20:39 <Sona> I hope to get some feedback from everyone
14:20:49 <lhinds> if not, we can grab those concerned at the summit
14:20:58 <Sona> yes :)
14:21:06 <lhinds> aric will do a lot when you sit down with him.
14:21:19 <Sona> we have done progress
14:21:42 <lhinds> maybe we should get a room / slot reserved to go over all this in person
14:21:55 <Sona> that would be good
14:22:23 <Sona> I think if we have right people, we can just finish most tasks/stories
14:22:51 <Sona> we can focus on badge program next week
14:24:46 <lhinds> just sent an email about getting a room reserved so we can all sit round a table and hack through the list
14:24:59 <Sona> thanks
14:25:02 <Sona> how is it going with  PTL questionnaire?
14:25:02 <lhinds> np
14:25:17 <lhinds> anymore on badge p?
14:26:01 <Sona> one question
14:26:09 <lhinds> sorry, just seen that
14:26:14 <Sona> about seurity-19
14:26:35 <Sona> https://jira.opnfv.org/browse/SECURITY-19
14:26:45 <lhinds> PTL Q, I need to tweak my script...kvm project has over a thousand libraries
14:26:57 <Sona> wow
14:27:03 <lhinds> but I will kill that off as I look at my tasks this week
14:27:33 <Sona> no more on badge p
14:27:34 <lhinds> yep, they pretty much copied the kernel tree for kvm. so we can likely ignore most of it
14:28:01 <lhinds> #topic Opnfv Summit Talk
14:28:21 <Sona> we need to start with our presentation slide
14:28:24 <lhinds> mainly for you and me Sona. I guess we have a bout three weeks.
14:29:09 <lhinds> for the timing, I thought we could leave 10 minutes at the end for questions..and we can work out how much we both need when we are nearer having are slides complete.
14:29:26 <Sona> how long do we have total
14:29:31 <lhinds> 1 hour I think
14:29:40 <lhinds> let me chec
14:29:44 <Sona> ok, good
14:30:29 <Sona> I think it is good to start with presentation slide as soon as possible
14:30:42 <lhinds> 30 minutes
14:31:08 <Sona> we have 30 minutes for the talk
14:32:02 <lhinds> yep
14:32:07 <Sona> should we have one slide? I think it is better with one slide
14:32:46 <lhinds> one single slide, or one shared slide deck?
14:33:33 <Sona> one single slide
14:33:40 <Sona> you start
14:34:06 <Sona> and at the end I can 5-10 min talk about badge program
14:34:26 <Sona> short description about what badge program is, back ground and then update of OPNFV badge p
14:34:26 <lhinds> ok sounds good. we can then do questions
14:34:32 <Sona> yes
14:35:01 <lhinds> ok, I will get to work on the google hosted deck you shared
14:35:15 <lhinds> I will also show a demo of the security scan as well.#
14:35:23 <Sona> ok, check if it is good
14:36:05 <Sona> if you want to write from start, please go ahead and do it :)
14:37:12 <lhinds> ok
14:37:27 <lhinds> shall we move to next topic?
14:37:45 <Sona> yes
14:37:58 <lhinds> #topic TIA NFV Security Group
14:38:18 <Sona> What does TIA mean?
14:39:08 <lhinds> Telecommunications Industry Association (TIA)
14:39:51 <lhinds> They have started a NFV Security sub-team which I got pulled into. I am there for red-hat, but also as a PTL of this group/
14:40:01 <Sona> aha :)
14:40:18 <lhinds> So far the plan is to do stuff like an infographic, but they also might get involved here.
14:40:22 <Sona> good for you :)
14:40:30 <lhinds> #link https://www.sdxcentral.com/articles/news/tia-nfv-security-group-reflects-carriers-open-source-worries/2016/04/
14:40:52 <Sona> you can give us some update
14:41:00 <Sona> what is going on there
14:41:33 <lhinds> sure
14:42:02 <Sona> thanks
14:42:03 <lhinds> ok, final topic
14:42:08 <lhinds> #topic outreach
14:42:24 <lhinds> been trying to think what we can do to attract more members.
14:42:42 <lhinds> maybe there is something we could do that the summit
14:42:58 <lhinds> open to ideas here, so have a think about it
14:43:07 <lhinds> could maybe do some press stuff
14:43:23 <Sona> yes
14:45:15 <lhinds> ok, i think we are done.
14:45:27 <Sona> yes
14:46:09 <lhinds> thanks for your time. Sona I will contact you on google talk about badge program
14:46:20 <Sona> thanks
14:46:21 <lhinds> also I am always online in here (freenode)
14:46:26 <Sona> bye
14:46:32 <lhinds> see you aripie Sona
14:46:37 <lhinds> #endmeeting