Closed Bug 874637 Opened 11 years ago Closed 11 years ago

security review of servo networks

Categories

(mozilla.org :: Security Assurance: Review Request, task)

Product:
mozilla.org
Component:
Security Assurance: Review Request
Platform:
x86_64
Linux
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bhearsum, Assigned: michalpurzynski1)

Details

(Whiteboard: [Ops])

Attachments

(1 file)

RelEng_to_VPC_flows.pdf
269.88 KB, application/pdf
Details 
These networks are up and I _think_ that all the ACLs are in place, but they're not locked down like they need to be yet AFAIK:
➜  output  ssh mpt-vpn.mozilla.com
Last login: Mon May  6 12:36:38 2013 from 24.52.200.235
[bhearsum@cm-vpn01 ~]$ telnet buildbot-master-servo-01.srv.servo.releng.use1.mozilla.com 22
Trying 10.134.82.21...
Connected to buildbot-master-servo-01.srv.servo.releng.use1.mozilla.com.
Escape character is '^]'.
SSH-1.99-OpenSSH_5.3
Connection closed by foreign host.

This might block bug 874089.
Assignee: nobody → mpurzynski
No longer blocks: 861283
Whiteboard: [Ops]
The cm-vpn01 by definition has access to everything and will be decommissioned once everyone switches to the new VPN. I'm going to take a look at the servo networks ACLs anyway.
Status: NEW → ASSIGNED
I think everyone accessing Servo machines switched to the Mozilla VPN, fwiw.
I don't see anything suspicious that would be totally different from the usual RelEng standards. Flows audit report in PDF attached. Feel free to reopen if you think otherwise, for now closing.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: