Details
-
Type:
Bug
-
Status: Done
-
Resolution: Done
-
Fix Version/s: None
-
Component/s: SUIT
-
Labels:None
-
Story Points:2
-
Epic Link:
-
Sprint:SUIT Sprint 2019-07, SUIT Sprint 2019-08
-
Team:Science User Interface
Description
This is a recreation of a jira ticket submitted by NCSA security in our internal ticket system:
"Qualys scan has found an instance of Redis that seems to allow unauthenticated connections on lsst-sui-tomcat01.ncsa.illinois.edu
We would like to make sure only authorized users and hosts are able to connect to this redis instance. There is concern that maybe the Jupiter hubs users/machines can connect to this database."
Attachments
Issue Links
- links to
Activity
My changes are currently in `-int`. The Redis in question is running on lsst-sui-proxy01.
[loi@lsst-bastion01 ~]$ kubectl get pods -o wide
|
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
|
redis-srv-5596fd9c-rxdq5 1/1 Running 0 42h 10.40.128.5 lsst-sui-proxy01 <none> <none>
|
Christopher Clausen [X] Matthew Thomas Long [X] Did you get a chance to look at this yet? I would like to mark it as done and merge my changes.
At this time, there are not any redis alerts showing in Qualys for any of the LSST hosts at NCSA. I believe you can close this now.
We can check in Qualys, but we'd need to know which host(s) this service is running on at this time. I understand some of this might have been moved into the Kubernetes environment and therefore possibly not on the lsst-sui-tomcat01.ncsa host?