5. Lustre Parallel File System
๏ Lustre is a type of parallel distributed file system
๏ Linux + cluster = Lustre
๏ Used for Large scale cluster computing, HPC
๏ Three components: Metadata Server (MDS), Object Storage Server(OSS), Client
6. File system audit
๏Evaluate the organization's ability to protect its information assets
๏Ability to properly dispense information to authorized parties
๏Audit consists in controlling that all data accesses made
were done according to the access control policy in place
๏Audit can be used as a proof of security in place
7. Lustre Changelog
๏ Lustre Changelogs are a good mechanism for audit
๏ Changelog records contain all information necessary for auditing purposes
๏ Ability to identify object of action with file identifiers (FIDs) and name of targets
๏ ability to identify subject of action with UID/GID and NID information
๏ ability to identify time of action with timestamp
8. Lustre Changelog
๏ To enable all changelog entry types:
๏ To register a new changelog user for a device ( example: lustre-MDT0000 ):
๏ Example of an OPEN changelog entry
9. Change log record type
Value Description Value Description
MARK Internal recordkeeping LYOUT Layout change
CREAT Regular file creation TRUNC Regular file truncated
MKDIR Directory creation SATTR Attribute change
HLINK Hard link XATTR Extended attribute change (setxattr)
SLINK Soft link HSM HSM specific event
MKNOD Other file creation MTIME MTIME change
UNLNK Regular file removal CTIME CTIME change
RMDIR Directory removal ATIME * ATIME change
RENME Rename, original MIGRT Migration event
RNMTO Rename, final FLRW
File Level Replication: file initially
written
NOPEN * Denied open RESYNC File Level Replication: file re-synced
CLOSE Close GXATR * Extended attribute access (getxattr)
10. Implementation
๏ Created 4 Virtual machines using Virtual Box: 1 Virtual
core per VM, 2 GB Memory and 20 GB disk space.
๏ Cent OS 8.3 is installed in all the Virtual Machines.
๏ Luster will be used in the VMs: 1 Luster Client, 1 MDS,
and 2 OSS
๏ Feed changelog data to Mongo DB
๏ Display auditing
11. Functionalities
๏ Logging โ all access and changes to files and folders, including data and permissions should be
logged.
๏ Visibility โ all audit log data should be easily accessible to be reviewed, filtered, searched, etc.
๏ Alerting โ notifications should be sent based on matching criteria to actions deemed suspect.
๏ Reporting โ this gets a bit tricky, but even native tools have the ability to export log data. So, even if
itโs not pretty, the ability to generate sharable โreportsโ should be a part of file auditing.