From ab1b45e5d5ff4761b8635e57e90f32091c551638 Mon Sep 17 00:00:00 2001 From: Jeff Ohrstrom Date: Wed, 17 Jul 2024 10:17:28 -0400 Subject: [PATCH] add a controls section here (#987) reformat this a little bit to add a controls section for things folks can modify. --------- Co-authored-by: matt <57604545+matt257@users.noreply.github.com> --- source/customizations.rst | 2 ++ source/security.rst | 15 ++++++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/source/customizations.rst b/source/customizations.rst index 13f2b832..51e8329d 100644 --- a/source/customizations.rst +++ b/source/customizations.rst @@ -395,6 +395,8 @@ Note that this will limit the download size for all users of the Open OnDemand i Values like ``1000M`` or ``20G`` will not be accepted and may cause errors. +.. _set-file-allowlist: + Block or Allow Directory Access ------------------------------- diff --git a/source/security.rst b/source/security.rst index a8bce0d6..55214ba1 100644 --- a/source/security.rst +++ b/source/security.rst @@ -23,10 +23,19 @@ Limitations - **HTTP Traffic to Origin Servers**: Traffic to backend services, including computational resources like Jupyter servers, is currently over HTTP, which is unencrypted. Plans are underway to upgrade this to HTTPS to ensure encryption of data in transit, thereby bolstering security. -Security Controls ------------------ +Controls +^^^^^^^^ -- **Monitoring and Logging**: Comprehensive logging mechanisms are integral for security audits and incident response. Detailed guidelines and settings for these features can be found at :ref:`logging`. +These are things the the out of the box OnDemand installation will provide +that some centers may want to change or disable altogether. + +- **File Access**: OnDemand lets users navigate the file system. While file permissions + limit what a user can view and navigate to, some centers may want to limit this even further. + One option is to :ref:`set-file-allowlist` to limit what directories users may navigate to. + + +Additional Information +---------------------- - **Vulnerability Management**: Active management of security weaknesses includes regular updates and patches. Detailed processes and current security advisories are available at :ref:`vulnerability-management`.