Tuesday, 2015-07-07

« Monday, 2015-07-06 Index Wednesday, 2015-07-08 »
*** sdake_ has joined #openstack-security00:00
*** bpokorny has quit IRC00:00
*** sdake has quit IRC00:02
*** sdake has joined #openstack-security00:09
*** sdake_ has quit IRC00:13
*** security_ has quit IRC00:51
*** security-admin has joined #openstack-security00:52
*** bpokorny_ has quit IRC01:01
*** security-admin has quit IRC01:20
*** security-admin has joined #openstack-security01:20
*** security-admin has quit IRC01:25
*** tamo has joined #openstack-security02:28
tamohola02:29
*** tmcpeak has quit IRC02:32
tamohello02:33
*** tamo has left #openstack-security02:33
*** security-admin has joined #openstack-security03:33
*** security_ has joined #openstack-security03:34
*** security-admin has quit IRC03:38
*** security_ has quit IRC03:51
*** security-admin has joined #openstack-security03:51
*** security-admin has quit IRC03:55
*** hyakuhei1 has joined #openstack-security04:35
*** hyakuhei has quit IRC04:35
*** hyakuhei1 has quit IRC04:44
*** hyakuhei has joined #openstack-security04:51
*** dave-mccowan has quit IRC04:52
*** dave-mccowan has joined #openstack-security05:05
*** elo has quit IRC05:16
*** security-admin has joined #openstack-security05:20
*** hyakuhei has quit IRC05:25
*** hyakuhei has joined #openstack-security05:28
*** dave-mccowan has quit IRC05:31
*** elo has joined #openstack-security05:32
*** hyakuhei has quit IRC05:41
*** elo has quit IRC05:42
*** hyakuhei has joined #openstack-security05:44
*** ig0r_ has joined #openstack-security05:51
*** ig0r__ has quit IRC05:55
*** elo has joined #openstack-security06:10
*** browne has quit IRC07:33
*** security-admin has quit IRC07:43
*** security-admin has joined #openstack-security07:56
*** hyakuhei has quit IRC08:33
*** hyakuhei has joined #openstack-security08:33
*** elo has quit IRC08:40
*** security-admin has quit IRC08:57
*** security-admin has joined #openstack-security09:28
*** security-admin has quit IRC09:35
*** shohel has joined #openstack-security10:58
*** vivcheri has joined #openstack-security11:26
*** security-admin has joined #openstack-security11:32
*** security-admin has quit IRC11:36
*** markvoelker has quit IRC11:59
*** markvoelker has joined #openstack-security11:59
*** bknudson has quit IRC12:03
*** dave-mccowan has joined #openstack-security12:13
*** ramitsurana has joined #openstack-security12:18
*** browne has joined #openstack-security12:18
*** elo has joined #openstack-security12:23
*** bknudson has joined #openstack-security12:27
*** markvoelker has quit IRC12:31
*** edmondsw has joined #openstack-security12:38
*** ramitsurana has quit IRC12:38
*** markvoelker has joined #openstack-security12:40
*** tmcpeak has joined #openstack-security12:52
*** browne has quit IRC13:10
*** localloop127 has joined #openstack-security13:30
*** browne has joined #openstack-security13:30
*** security-admin has joined #openstack-security13:33
*** singlethink has joined #openstack-security13:34
*** singlethink has quit IRC13:38
*** security-admin has quit IRC13:38
*** singlethink has joined #openstack-security13:39
*** singleth_ has joined #openstack-security13:49
openstackgerritNathan Kinder proposed openstack/security-doc: Correct typo in OSSN-0049  https://review.openstack.org/19910513:49
*** singlethink has quit IRC13:52
elmikonkinder: oops...13:53
*** sigmavirus24_awa is now known as sigmavirus2413:57
nkinderelmiko: :)13:59
nkinderelmiko: the only reason I caught it was that thunderbird highlighted it when I was sending it out13:59
elmikonkinder: oh man...13:59
nkinderelmiko: I just fixed it before publishing13:59
elmikolucky catch13:59
openstackgerritMerged openstack/security-doc: Correct typo in OSSN-0049  https://review.openstack.org/19910514:00
Davieyelmiko: did you see i responded to your comment on https://review.openstack.org/#/c/198328/ ?14:07
elmikoDaviey: i had not, 1 sec14:08
elmikoDaviey: https://wiki.openstack.org/wiki/Documentation/Conventions#backend.2C_back_end.2C_and_back-end14:08
Davieyta14:08
elmikonot a huge deal, but it looked like the sentences would be the same without using back-end14:08
Davieyelmiko: Ah, so I *should* use "back end"14:09
elmikoif it can't be avoided, yes14:09
Davieyhmm or should i14:09
Davieyelmiko: Well why should it be avoided?  It is cinder terminology14:09
elmikoi wasn't aware of the cinder terminology, so this may be one of the cases where usage is acceptable14:10
DavieyIf i was talking about the backend of a website, that would be wrong.. I should say Django or something14:10
elmikoright14:10
DavieyBut if i was talking about mod_backend, then it seems appropriate14:10
elmikodefinitely14:10
elmikothanks for the clarification, removing -114:10
Davieyelmiko: Thanks!14:11
Davieyelmiko: fancy changing it to +2 +A ? :))14:11
openstackgerritMerged openstack/security-doc: Fix clunky sentence about front-end caching in Dashboard chapter  https://review.openstack.org/19890214:11
elmikohmm14:12
elmikois 2 x +2 enough for +A?14:12
elmikoalthough, i can't imagine what issues folks might have with this14:12
DavieyUnless doc's handle things different to other projects?14:13
Davieyhyakuhei did +2 on an earlier change14:13
elmikogood point14:13
*** sdake has quit IRC14:14
elmikook, added +A14:15
elmikobut if anyone asks, i'll tell em you twisted my arm ;)14:15
*** sdake has joined #openstack-security14:15
Davieyelmiko: I did!  And i appreciate it. Ta14:15
elmikonp14:16
openstackgerritMerged openstack/security-doc: Introduce Block Storage / Cinder chapter  https://review.openstack.org/19832814:28
*** sicarie has joined #openstack-security14:31
*** voodookid has joined #openstack-security14:54
*** shohel has quit IRC14:59
*** georgem1 has joined #openstack-security14:59
georgem1I was doing a port scan against my public IP space and I noticed that port 9697 is exposed on the outside on all the IP's owned by neutron routers, and I'm trying to find a way to close this access15:01
georgem1I think it's a security issue to have a tenant lock down his instances but still open up a web service on his public IP space, what do you think?15:02
elmikogeorgem1: i'm not intimately familiar with neutron, but is 9697 the port it needs to access the service?15:05
elmikoin general though, your premise seems reasonable15:06
georgem19697 is where the metadata service listens on, so the vms request metadata from 169.254.169.254:80 which gets redirected to 9697 and from there the neutron metadata service sends the request to nova on port 877515:07
georgem1my problem is that neutron listens on all IPs inside the qrouter namespace on port 9697 and this shows up in a port scan15:08
elmikointeresting, have you talked with the folks in openstack-neutron about this? (i'm curious if this is intended behavior)15:09
georgem1and I couldn't find a way to block the traffic with iptables from outside the namespace, I would preferably block all traffic that comes over the public facing NIC on port 9697, but it doesn't work15:09
elmikoseems like there should be a way to block that traffic15:10
georgem1hence here I am, in the security channel :)15:10
elmikowish i could help more, but this is at the edge of my neutron knowledge :/15:11
georgem1elmiko: thanks, I'll try in #openstack-neutron15:12
elmikogl!15:12
*** security-admin has joined #openstack-security15:19
*** dwyde has joined #openstack-security15:21
*** bpokorny has joined #openstack-security15:23
*** security-admin has quit IRC15:31
*** security-admin has joined #openstack-security15:31
*** security-admin has quit IRC15:36
*** sdake_ has joined #openstack-security15:48
*** sdake has quit IRC15:48
*** salv-orlando has joined #openstack-security15:58
*** aswadr has joined #openstack-security16:02
*** georgem1 has quit IRC16:09
*** elo has quit IRC16:20
*** singlethink has joined #openstack-security16:22
*** singleth_ has quit IRC16:25
*** sdake_ is now known as sdae16:35
*** sdae is now known as sdake16:39
*** georgem1 has joined #openstack-security16:45
*** singlethink has quit IRC16:55
*** georgem1 has quit IRC17:01
*** aswadr has quit IRC17:07
*** salv-orl_ has joined #openstack-security17:08
*** salv-orlando has quit IRC17:11
*** singlethink has joined #openstack-security17:11
*** security-admin has joined #openstack-security17:19
*** georgem1 has joined #openstack-security17:20
*** browne has quit IRC17:22
*** elo has joined #openstack-security17:23
*** security-admin has quit IRC17:24
*** security-admin has joined #openstack-security17:24
*** security-admin has quit IRC17:29
*** deepika has joined #openstack-security17:31
*** security-admin has joined #openstack-security17:31
*** shohel has joined #openstack-security17:52
*** browne has joined #openstack-security17:59
*** security-admin has quit IRC18:00
*** georgem1 has quit IRC18:01
*** georgem1 has joined #openstack-security18:01
*** singleth_ has joined #openstack-security18:05
*** singlethink has quit IRC18:08
*** georgem1 has quit IRC18:11
*** salv-orl_ has quit IRC18:22
*** georgem1 has joined #openstack-security18:28
*** georgem1 has quit IRC18:29
*** security-admin has joined #openstack-security18:33
*** georgem1 has joined #openstack-security18:34
*** sdake has quit IRC18:36
*** georgem1 has quit IRC18:38
*** georgem1 has joined #openstack-security18:38
*** georgem1 has quit IRC18:49
*** salv-orlando has joined #openstack-security18:49
*** dlitz has quit IRC18:51
*** sdake has joined #openstack-security18:52
*** georgem1 has joined #openstack-security18:52
*** georgem1 has quit IRC18:56
*** georgem1 has joined #openstack-security18:56
*** sdake_ has joined #openstack-security18:56
*** sdake has quit IRC19:00
*** georgem11 has joined #openstack-security19:01
*** georgem1 has quit IRC19:01
*** singlethink has joined #openstack-security19:04
*** singleth_ has quit IRC19:07
*** dlitz has joined #openstack-security19:07
openstackgerritPriti Desai proposed openstack/security-specs: Setup Security Specs Repo  https://review.openstack.org/19773519:09
*** jelle has left #openstack-security19:26
*** jelle has joined #openstack-security19:26
*** jelle has left #openstack-security19:26
*** jelle has joined #openstack-security19:26
*** bdpayne has joined #openstack-security19:28
*** singleth_ has joined #openstack-security19:29
*** singlet__ has joined #openstack-security19:30
*** singlethink has quit IRC19:33
*** singleth_ has quit IRC19:34
*** security-admin has quit IRC19:35
*** security-admin has joined #openstack-security19:35
openstackgerritDave Walker proposed openstack/security-doc: Document cinder wiping behavior with LVM backend  https://review.openstack.org/19923119:37
*** security-admin has quit IRC19:49
*** security-admin has joined #openstack-security19:49
*** security-admin has quit IRC19:53
*** georgem11 has quit IRC19:54
*** bpokorny has quit IRC20:02
*** georgem1 has joined #openstack-security20:02
*** bpokorny has joined #openstack-security20:02
*** security-admin has joined #openstack-security20:05
*** singlethink has joined #openstack-security20:10
*** bdpayne has quit IRC20:12
*** singlet__ has quit IRC20:12
*** singleth_ has joined #openstack-security20:18
*** georgem1 has quit IRC20:19
*** bdpayne has joined #openstack-security20:19
*** salv-orlando has quit IRC20:20
*** singlethink has quit IRC20:22
*** JAHoagie has joined #openstack-security20:29
openstackgerritTim Kelsey proposed stackforge/bandit: Removing statement buffer  https://review.openstack.org/19924920:29
openstackgerritTim Kelsey proposed stackforge/bandit: Removing statement buffer  https://review.openstack.org/19924920:33
openstackgerritTim Kelsey proposed stackforge/bandit: Removing statement buffer  https://review.openstack.org/19924920:37
openstackgerritTim Kelsey proposed stackforge/bandit: Removing statement buffer  https://review.openstack.org/19924920:38
*** jamielennox is now known as jamielennox|away20:41
openstackgerritTim Kelsey proposed stackforge/bandit: Removing statement buffer  https://review.openstack.org/19924920:48
openstackgerritNathaniel Dillon proposed openstack/security-doc: Adding hypervisor and issue handling section to compute chapter  https://review.openstack.org/19620020:49
*** jamielennox|away is now known as jamielennox20:52
*** dlitz has quit IRC21:14
*** dlitz has joined #openstack-security21:17
*** sdake_ is now known as sdake21:20
*** salv-orlando has joined #openstack-security21:22
*** dlitz has quit IRC21:23
*** dlitz has joined #openstack-security21:26
*** salv-orlando has quit IRC21:29
*** salv-orlando has joined #openstack-security21:30
*** deepika has quit IRC21:41
*** singlethink has joined #openstack-security21:43
*** browne has quit IRC21:44
*** singleth_ has quit IRC21:47
*** singlethink has quit IRC21:47
*** sdake_ has joined #openstack-security21:48
*** sdake has quit IRC21:52
*** dlitz has quit IRC21:53
*** localloop127 has quit IRC21:54
*** dlitz has joined #openstack-security21:56
*** security-admin has quit IRC21:56
*** JAHoagie has quit IRC22:00
*** JAHoagie has joined #openstack-security22:02
openstackgerritMerged openstack/security-specs: Setup Security Specs Repo  https://review.openstack.org/19773522:06
*** security-admin has joined #openstack-security22:11
*** security_ has joined #openstack-security22:20
*** bpokorny_ has joined #openstack-security22:21
*** security-admin has quit IRC22:23
*** bpokorny has quit IRC22:24
*** shohel has quit IRC22:26
*** bknudson has quit IRC22:31
*** edmondsw has quit IRC22:33
*** browne has joined #openstack-security22:37
*** security_ has quit IRC22:43
*** security-admin has joined #openstack-security22:43
*** dwyde has quit IRC22:44
openstackgerritDave Walker proposed openstack/security-doc: Document cinder wiping behavior with LVM backend  https://review.openstack.org/19923122:48
*** sicarie has quit IRC22:55
*** dlitz has quit IRC22:56
*** dlitz has joined #openstack-security22:59
*** voodookid has quit IRC23:01
*** security-admin has quit IRC23:20
*** security-admin has joined #openstack-security23:21
*** salv-orlando has quit IRC23:26
*** JAHoagie has quit IRC23:27
*** JAHoagie has joined #openstack-security23:43
*** bdpayne has quit IRC23:58
« Monday, 2015-07-06 Index Wednesday, 2015-07-08 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!