Uploaded image for project: 'Help-Desk'
  1. Help-Desk
  2. HELP-6779

FIWARE.Request.Tech.Cloud.Docker.Update the Linux operating system on which GE and SE applica ions are installed - Question 2

        Details

        • Type: extRequest
        • Status: Closed
        • Priority: Major
        • Resolution: Done
        • Fix Version/s: 2021
        • Component/s: FIWARE-TECH-HELP
        • Labels:
          None

          Description

          Dear FIWARE coach,
          we forward you a support request received from a CreatiFI applicant we are
          not able to solve.
          Please let us know if you need direct contact with the submitter.
          Thanks.

          *********************************

          Hello,

          we have a few questions regarding the update of the Linux operating system.
          They concern the kernel and packages
          of the machines on which we have installed GEs: Ckanm, WMarket, Wirecloud,
          WStore, Repository and SEs: Text to Speech
          (Flexible and Adaptive Text to Speech)and Social Network (PPNET).

          Before the installation of any of the aforementioned applications a
          thorough update was made to the Linux machines
          with apt-get upgrade or yum update and the GEs and SEs were installed
          afterwards according to their requirements.

          1. Ckan, WMarket and WStore are installed on Ubuntu 14.04
          2. Wirecloud is installed on CentOS7 with Docker.
          3. Repository is installed on Ubuntu 14.04 with Docker
          4. The Social Network (PPNET) is installed on CentOS7 with Docker.
          5. The Text to Speech (Flexible and Adaptive Text to Speech) is installed
          on CentOS7 with Docker

          Our questions are:
          1. Do we have to add some exceptions when updating the operating system
          (kernels, packages...) which conflict with the
          GE and SE applications after update and result in the loss of functionality
          of the apps.
          2. What is the recommended security (best practices) about the GEs and SEs
          applications installed with Docker?

          Thank you for your help.

          *********************************

          <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
          Mail
          priva di virus. www.avast.com
          <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
          <#DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

          Since January 1st, old domains won't be supported and messages sent to any domain different to @lists.fiware.org will be lost.
          Please, send your messages using the new domain (Fiware-creatifi-coaching@lists.fiware.org) instead of the old one.
          _______________________________________________
          Fiware-creatifi-coaching mailing list
          Fiware-creatifi-coaching@lists.fiware.org
          https://lists.fiware.org/listinfo/fiware-creatifi-coaching
          [Created via e-mail received from: Andrea Maestrini <amaestrini@create-net.org>]

            Issue Links

            is cloned by

            extRequest - Request from external stakeholder received in the help desk HELP-6852 FIWARE.Request.Tech.Update the Linux operating system on which GE and SE applications are installed - Question 1.

            • Major - Major loss of function.
            • Closed
            relates to

            extRequest - Request from external stakeholder received in the help desk HELC-1423 FIWARE.Request.Coach.CreatiFI.Update the Linux operating system on which GE and SE applications are installed

            • Major - Major loss of function.
            • Closed

              Activity

              Ascending order - Click to sort in descending order
              5 older comments
              Hide
              Permalink
              knagin Kenneth Nagin added a comment -

              I will respond to
              2. What is the recommended security (best practices) about the GEs and SEs
              applications installed with Docker?
              The best practice for docker is to limit the external ports that you expose to the user as much as possible.
              The services listening on the exposed ports are your most vulnerably part of the application. If you have a database to access do not allow the user direct access to the db, rather place an api to filter out requests.
              Do not allow ssh, telnet, etc. access to the containers; use attach, log, and exec for debugging.
              Likewise, if you control the docker hosts only allow passwordless ssh.

              Ken

              Show
              knagin Kenneth Nagin added a comment - I will respond to 2. What is the recommended security (best practices) about the GEs and SEs applications installed with Docker? The best practice for docker is to limit the external ports that you expose to the user as much as possible. The services listening on the exposed ports are your most vulnerably part of the application. If you have a database to access do not allow the user direct access to the db, rather place an api to filter out requests. Do not allow ssh, telnet, etc. access to the containers; use attach, log, and exec for debugging. Likewise, if you control the docker hosts only allow passwordless ssh. Ken
              Hide
              Permalink
              knagin Kenneth Nagin added a comment -

              I think question
              1. Do we have to add some exceptions when updating the operating system
              (kernels, packages...) which conflict with the
              GE and SE applications after update and result in the loss of functionality
              of the apps.

              Can only be answered by GE and SE owners.

              Manuel I am passing the problem back to you to reassign to the GE owners

              --Ken

              Show
              knagin Kenneth Nagin added a comment - I think question 1. Do we have to add some exceptions when updating the operating system (kernels, packages...) which conflict with the GE and SE applications after update and result in the loss of functionality of the apps. Can only be answered by GE and SE owners. Manuel I am passing the problem back to you to reassign to the GE owners --Ken
              Hide
              Permalink
              knagin Kenneth Nagin added a comment -

              I will respond to the second question:
              2. What is the recommended security (best practices) about the GEs and SEs
              applications installed with Docker?
              The best practice for docker is to limit the external ports that you expose to the user as much as possible.
              The services listening on the exposed ports are your most vulnerably part of the application. If you have a database to access do not allow the user direct access to the db, rather place an api to filter out requests.
              Do not allow ssh, telnet, etc. access to the containers; use attach, log, and exec for debugging.
              Likewise, if you control the docker hosts only allow passwordless ssh.

              Ken

              Show
              knagin Kenneth Nagin added a comment - I will respond to the second question: 2. What is the recommended security (best practices) about the GEs and SEs applications installed with Docker? The best practice for docker is to limit the external ports that you expose to the user as much as possible. The services listening on the exposed ports are your most vulnerably part of the application. If you have a database to access do not allow the user direct access to the db, rather place an api to filter out requests. Do not allow ssh, telnet, etc. access to the containers; use attach, log, and exec for debugging. Likewise, if you control the docker hosts only allow passwordless ssh. Ken
              Hide
              Permalink
              mev Manuel Escriche added a comment -

              Andrea, I've clonned the ticket for question 1 at HELP-6852.
              I think Kenneth answered Question 2 already. Please, check it.
              Kind regards,
              Manuel

              Show
              mev Manuel Escriche added a comment - Andrea, I've clonned the ticket for question 1 at HELP-6852 . I think Kenneth answered Question 2 already. Please, check it. Kind regards, Manuel
              Hide
              Permalink
              fw.ext.user FW External User added a comment -

              Comment by amaestrini@create-net.org :

              Dear Manuel,
              thanks for the feedback I have already reply to the applicant about
              question 2 some days ago when I saw the Kenneth answer on public HELP.
              Thanks for question 2 as well.

              BR
              Andrea

              On Thu, Jun 30, 2016 at 11:31 AM, Help-Desk <jira-help-desk@fi-ware.org>
              wrote:

              >
              >

              Show
              fw.ext.user FW External User added a comment - Comment by amaestrini@create-net.org : Dear Manuel, thanks for the feedback I have already reply to the applicant about question 2 some days ago when I saw the Kenneth answer on public HELP. Thanks for question 2 as well. BR Andrea On Thu, Jun 30, 2016 at 11:31 AM, Help-Desk <jira-help-desk@fi-ware.org> wrote: > >

                People

                • Assignee:
                  knagin Kenneth Nagin
                  Reporter:
                  fw.ext.user FW External User
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: