Site Reliability Engineering (SRE)

Stands for “Site Reliability Engineering.” SRE is a structured approach to software development that originated at Google. The goal of SRE is to create and maintain software applications that are reliable and scalable.

Persistent data in Atomic OSSEC

Atomic OSSEC hub servers stores critical data in multiple locations:

  1. Agent Keys: /var/ossec/etc/client.keys

  2. Logs: /var/ossec/logs

  3. FIM data: /var/ossec/queue

  4. AWP Hub services data: /var/awp/data

  5. AWP Configuration data: /var/awp/etc

SRE with NFS design

This approach employs Network File Services (NFS) to contain persistent data in an AEO hub configuration. It employs an NFS server at 192.168.100.188, and an Atomic OSSEC hub at 192.168.100.190.

NFS Server configuration (selinux in permissive mode):

/nfsfileshare/etc 192.168.100.190(rw,sync,no_root_squash) /nfsfileshare/logs 192.168.100.190(rw,sync,no_root_squash) /nfsfileshare/queue 192.168.100.190(rw,sync,no_root_squash) /nfsfileshare/awp 192.168.100.190(rw,sync,no_root_squash)

Hub Configuration NFS Shares are set to mount at boot time in /etc/fstab

#
# /etc/fstab
# Created by anaconda on Thu May  6 09:26:26 2021
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root /                      xfs    defaults        0 0
UUID=d090323e-dc79-4b46-8c8f-84b14b0a2218 /boot                  xfs    defaults        0 0
/dev/mapper/centos-swap swap                    swap    defaults        0 0
192.168.100.188:/nfsfileshare/etc    /var/ossec/etc    nfs    nosuid,rw,sync,hard,intr    0 0   
192.168.100.188:/nfsfileshare/logs    /var/ossec/logs    nfs    nosuid,rw,sync,hard,intr    0 0   
192.168.100.188:/nfsfileshare/queue    /var/ossec/queue    nfs    nosuid,rw,sync,hard,intr    0 0

Setup Notes on the Atomic OSSEC hub:

Step 1) Stop services and back up data

systemctl stop ossec-hids
mv /var/ossec/etc /var/ossec/orig.etc
mv /var/ossec/queue /var/ossec/orig.queue
mv /var/ossec/logs /var/ossec/orig.logs

Step 2) Create the new mount points, and update permissions

mkdir /var/ossec/{etc,logs,queue}
chown root.ossec /var/ossec/etc
chmod 770 /var/ossec/etc
chown ossec.ossec /var/ossec/logs
chmod 750 /var/ossec/logs
chown root.ossec /var/ossec/queue
chmod 550 /var/ossec/queue

Step 3) Mount the NFS shares to the new mount points

mount /var/ossec/etc
mount /var/ossec/logs
mount /var/ossec/queue

Step 4) Restore data to the Atomic OSSEC directories

cp -a /var/ossec/orig.etc/* /var/ossec/etc/
cp -a /var/ossec/orig.logs/* /var/ossec/logs/
cp -a /var/ossec/orig.queue/* /var/ossec/queue/