Pakiti
Pakiti
Pakiti is a client-server tool to collect and evaluate data about packages installed on Linux machines, primarily meant to identify vulnerable SW that have not been properly updated. The EGI CSIRT operates the EGI Pakiti instance that is used to monitor the state of the EGI sites.
Pakiti client
The pakiti-client
can be used to send package informations to
pakiti.egi.eu.
If you have the proper credentials in the
Configuration Database and submit your report
with the correct SITE_NAME
, you, your NGI-CSIRT and the EGI-CSIRT will be
able to monitor the packages installed on your hosts and potentially
vulnerabilities. The results can be accessed on the
EGI Pakiti central instance.
Running the Pakiti client from CVMFS for EGI
If you have CVMFS installed and configured to mount grid.cern.ch
, you can run
pakiti by simply running:
$ /cvmfs/grid.cern.ch/pakiti/bin/pakiti-client \
--url "https://pakiti.egi.eu/feed/" \
--site SITE_NAME
Please remember to replace SITE_NAME by your actual site name
Manual installation
Installing the Pakiti client
The pakiti-client
is now available from
EPEL. If your machine already has
EPEL enabled, the following command is enough to install it:
$ yum install pakiti-client
Running the Pakiti client for EGI
With the package and the configuration, the following commands will run the
pakiti-client
and transmit all its data to the EGI CSIRT pakiti instance!
$ pakiti-client --url "https://pakiti.egi.eu/feed/" --site SITE_NAME
Please remember to replace SITE_NAME by your actual site name
Puppet Installation
The simplest way to configure and run the pakiti-client
on a cluster is to use
puppet: You just need to create a file and a manifest.
package { 'pakiti-client':
ensure => 'present',
}
cron { 'pakiti-egi':
ensure => 'present',
command => 'pakiti-client --url "https://pakiti.egi.eu/feed/" --site SITE_NAME',
user => 'nobody',
hour => fqdn_rand(24),
minute => fqdn_rand(60),
}