security review of servo networks

RESOLVED FIXED

Status

mozilla.org
Security Assurance: Review Request
RESOLVED FIXED
5 years ago
4 years ago

People

(Reporter: bhearsum, Assigned: michal)

Tracking

Details

(Whiteboard: [Ops])

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
These networks are up and I _think_ that all the ACLs are in place, but they're not locked down like they need to be yet AFAIK:
➜  output  ssh mpt-vpn.mozilla.com
Last login: Mon May  6 12:36:38 2013 from 24.52.200.235
[bhearsum@cm-vpn01 ~]$ telnet buildbot-master-servo-01.srv.servo.releng.use1.mozilla.com 22
Trying 10.134.82.21...
Connected to buildbot-master-servo-01.srv.servo.releng.use1.mozilla.com.
Escape character is '^]'.
SSH-1.99-OpenSSH_5.3
Connection closed by foreign host.

This might block bug 874089.

Updated

5 years ago
Depends on: 812342

Updated

5 years ago
No longer depends on: 812342

Updated

5 years ago
Depends on: 812342
Assignee: nobody → mpurzynski
(Reporter)

Updated

5 years ago
No longer blocks: 861283
Whiteboard: [Ops]
The cm-vpn01 by definition has access to everything and will be decommissioned once everyone switches to the new VPN. I'm going to take a look at the servo networks ACLs anyway.
Status: NEW → ASSIGNED
(Reporter)

Comment 2

4 years ago
I think everyone accessing Servo machines switched to the Mozilla VPN, fwiw.
Created attachment 8339407 [details]
RelEng_to_VPC_flows.pdf
I don't see anything suspicious that would be totally different from the usual RelEng standards. Flows audit report in PDF attached. Feel free to reopen if you think otherwise, for now closing.
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.