lab7.adoc

Lab 7: Reporting on the impact of the Meltdown and Spectre vulnerabilities across a hybrid environment

Goal of Lab 7

In this lab, we will learn how to take advantage of reports to understand the impact of the Meltdown and Spectre vulnerabilities across a hybrid environment

Introduction

Three vulnerabilities have been identified in fundamental layers of modern processors. Two of these vulnerabilities ( CVE-2017-5753 and CVE-2017-5715) have been branded together as “Spectre”, while one (CVE-2017-5754) has been branded as “Meltdown”. The vulnerabilities allow one process to improperly read the memory of another process or the operating system kernel. The attack can be executed by anyone person/acct/service that exists on a system to read any memory the attacker desires. Currently, the attack is not easy to execute, and takes a high degree of skill and sophistication. These vulnerabilities concern many CPU architectures and many of the operating systems that enable that hardware. Working with industry leaders, Red Hat has developed kernel security updates for products in our portfolio to address these vulnerabilities. We are working with our customers and partners to make these updates available, along with the information our customers need to quickly secure their physical systems, virtual images, and container-based deployments.

Lab 7.1 Deep inspection of Meltdown and Spectre vulnerable systems across Openstack and Container Environments

In this lab exercise, as a security officer/auditor, you are given access to information of the systems in your environment by the admin. This is an effective way to give security officers/auditors access to information about systems without giving direct root and edit access to systems, which is limited to the admins.

1. Log into CloudForms as the security officer/auditor with security as the username and r3dh4t1! as the password.

   Note	This security compliance officer/auditor user is a restricted user in Red Hat CloudForms and only have the permissions to view and create reports and scan machines. The admin has configured this user to have only this capability in CloudForms.

2. Now let’s navigate to lab7-vm1. Navigate to Compute → Infrastructure → Virtual Machines.

   

3. These are the VMs that the security officer/auditor user can see in this environment , as permitted by the admin. Notice that lab7-vm1 is a Red Hat Virtualization VM. Click on lab7-vm1.

   

4. Now let’s execute a scan of this lab7-vm1 VM so we get the latest deep OS level details of this VM. Click on Configuration → Perform SmartState Analysis. Press the refresh button at the top.

   

5. Now let’s take a closer look at the progress of our scan job. Navigate to Lab Security Auditor → Tasks at the top right.

   

6. Press the Refresh button periodically until job message changes to Process Completed Successfully.

   

7. Now let’s navigate back to the lab7-vm1 VM. Click on Compute → Infrastructure → Virtual Machines.

   

8. Look at the Last Analyzed line in the Lifecycle section in this VM summary view. Notice that the date and time has been updated to today’s date.

   

9. Now let’s look at the data that has been collected by our Smart State Analysis scan. Find to the Security and Configuration section. Notice that the Smart State Analysis scan now has the latest information on Users, Groups, Packages, Init Processes, and Files. Click on Packages.

   

10. Notice all the packages that are installed on this VM. Scroll down to the kernel package. Notice the version and release number of the kernel package. Kernel packages must be updated to at least version 3.10.0 with a release of 830.el7 to be protected from the Meltdown and Spectre vulnerabilities as noted in this Red Hat Security Advisory.

    

11. Click on the back arrow at the top and click on VM and Instance "lab7-vm1"

    

12. Now click on Files in the Configuration section.

    

13. Here are all the file contents that were collected for this VM. Click on the file /etc/ssh/sshd_config. Here you can see information such as the size of the file, date the file contents were collected, date the file contents were modified, and the content of the file itself.

    

    Note	Notice that you can see whether or not PasswordAuthentication was enabled on this machine without having to ssh into the machine or have admin level access to this machine.

14. Click on the back arrow at the top and click on Virtual Machine "lab7-vm1"

    

15. (Optional) Feel free to look at the other data collected during Smart State Analysis as well, such as Users, Groups, and Init Processes.

    

Lab 7.2 Creating and Viewing security reports for systems vulnerable to Meltdown and Spectre in a Hybrid Environment

In this part of the lab exercise, as the restricted security officer/auditor user, you will create and view security reports to see which hosts and VMs in your hybrid environment are vulnerable to the Meltdown and Spectre security vulnerabilities.

1. Navigate to Cloud Intel → Reports.

   

2. Inside of the Reports accordion, scroll to the bottom and click on the report named Lab 7 - Host Meltdown & Spectre, which is in the Custom folder. This report will list all the hosts in this environment and indicate whether or not they are vulnerable to the Meltdown and Spectre vulnerabilities. Click on the Queue button to create this report.

   

3. Click on the refresh button. Then, click on your newly created report.

   

4. In the report, you will notice that you have 1 virtualization host that is vulnerable to the Meltdown and Spectre vulnerabilities.

   

5. Now let’s generate a report that shows which VMs and Instances are vulnerable to the Meltdown and Spectre vulnerabilities.

6. Inside of the Reports accordion, scroll to the bottom and Click on the report named Lab 7 - VM Meltdown & Spectre, which is in the Custom folder. This report will list all the VMs and Instances in this environment and indicate whether or not they are vulnerable to the Meltdown and Spectre vulnerabilities. Click on the Queue button to create this report.

   

7. Click on the refresh button. Then, click on your newly created report.

   

8. In the report, you will notice that you have 2 systems that are vulnerable to the Meltdown and Spectre vulnerabilities: lab7-vm1, which is a Red Hat Virtualization VM and lab7-vm2, which is a Red Hat Openstack Platform instance.

   

[top]

Table of Contents | Lab 8