Skip to content

Commit

Permalink
[ci skip] Autodoc commit for ab1b45e.
Browse files Browse the repository at this point in the history
  • Loading branch information
@oscwiag
oscwiag committed Jul 17, 2024
1 parent 50f6647 commit b584133
Show file tree
Hide file tree
Showing 13 changed files with 38 additions and 17 deletions.
2 changes: 2 additions & 0 deletions latest/_sources/customizations.rst.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -395,6 +395,8 @@ Note that this will limit the download size for all users of the Open OnDemand i

Values like ``1000M`` or ``20G`` will not be accepted and may cause errors.

.. _set-file-allowlist:

Block or Allow Directory Access
-------------------------------

Expand Down
15 changes: 12 additions & 3 deletions latest/_sources/security.rst.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,19 @@ Limitations

- **HTTP Traffic to Origin Servers**: Traffic to backend services, including computational resources like Jupyter servers, is currently over HTTP, which is unencrypted. Plans are underway to upgrade this to HTTPS to ensure encryption of data in transit, thereby bolstering security.

Security Controls
-----------------
Controls
^^^^^^^^

- **Monitoring and Logging**: Comprehensive logging mechanisms are integral for security audits and incident response. Detailed guidelines and settings for these features can be found at :ref:`logging`.
These are things the the out of the box OnDemand installation will provide
that some centers may want to change or disable altogether.

- **File Access**: OnDemand lets users navigate the file system. While file permissions
limit what a user can view and navigate to, some centers may want to limit this even further.
One option is to :ref:`set-file-allowlist` to limit what directories users may navigate to.


Additional Information
----------------------

- **Vulnerability Management**: Active management of security weaknesses includes regular updates and patches. Detailed processes and current security advisories are available at :ref:`vulnerability-management`.

Expand Down
2 changes: 1 addition & 1 deletion latest/authentication/overview.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@
<li class="toctree-l1 current"><a class="reference internal" href="../security.html">Security</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../security.html#introduction">Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="../security.html#considerations">Considerations</a></li>
<li class="toctree-l2"><a class="reference internal" href="../security.html#security-controls">Security Controls</a></li>
<li class="toctree-l2"><a class="reference internal" href="../security.html#additional-information">Additional Information</a></li>
<li class="toctree-l2"><a class="reference internal" href="../security.html#conclusion">Conclusion</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../security.html#relevant-references">Relevant References</a><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="../security/vulnerability-management.html">Vulnerability Management</a></li>
Expand Down
2 changes: 1 addition & 1 deletion latest/authentication/overview/configure-authentication.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@
<li class="toctree-l1 current"><a class="reference internal" href="../../security.html">Security</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../../security.html#introduction">Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security.html#considerations">Considerations</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security.html#security-controls">Security Controls</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security.html#additional-information">Additional Information</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security.html#conclusion">Conclusion</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../../security.html#relevant-references">Relevant References</a><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="../../security/vulnerability-management.html">Vulnerability Management</a></li>
Expand Down
2 changes: 1 addition & 1 deletion latest/authentication/overview/configure-logout.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@
<li class="toctree-l1 current"><a class="reference internal" href="../../security.html">Security</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../../security.html#introduction">Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security.html#considerations">Considerations</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security.html#security-controls">Security Controls</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security.html#additional-information">Additional Information</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security.html#conclusion">Conclusion</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../../security.html#relevant-references">Relevant References</a><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="../../security/vulnerability-management.html">Vulnerability Management</a></li>
Expand Down
2 changes: 1 addition & 1 deletion latest/authentication/overview/map-user.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@
<li class="toctree-l1 current"><a class="reference internal" href="../../security.html">Security</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../../security.html#introduction">Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security.html#considerations">Considerations</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security.html#security-controls">Security Controls</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security.html#additional-information">Additional Information</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security.html#conclusion">Conclusion</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../../security.html#relevant-references">Relevant References</a><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="../../security/vulnerability-management.html">Vulnerability Management</a></li>
Expand Down
4 changes: 2 additions & 2 deletions latest/customizations.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,7 @@
<li class="toctree-l1 current"><a class="reference internal" href="security.html">Security</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="security.html#introduction">Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="security.html#considerations">Considerations</a></li>
<li class="toctree-l2"><a class="reference internal" href="security.html#security-controls">Security Controls</a></li>
<li class="toctree-l2"><a class="reference internal" href="security.html#additional-information">Additional Information</a></li>
<li class="toctree-l2"><a class="reference internal" href="security.html#conclusion">Conclusion</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="security.html#relevant-references">Relevant References</a><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="security/vulnerability-management.html">Vulnerability Management</a></li>
Expand Down Expand Up @@ -1173,7 +1173,7 @@ <h2>Set Download Limits<a class="headerlink" href="#set-download-limits" title="
</div>
</div>
<div class="section" id="block-or-allow-directory-access">
<h2>Block or Allow Directory Access<a class="headerlink" href="#block-or-allow-directory-access" title="Permalink to this headline"></a></h2>
<span id="set-file-allowlist"></span><h2>Block or Allow Directory Access<a class="headerlink" href="#block-or-allow-directory-access" title="Permalink to this headline"></a></h2>
<p>By default, all directories are open and accessible through Open OnDemand (barring POSIX file permissions. Open OnDemand
can never read files the user cannot read).</p>
<p>By setting a colon delimited <cite>OOD_ALLOWLIST_PATH</cite> environment variable, the Job Composer, File Editor, and Files app
Expand Down
2 changes: 1 addition & 1 deletion latest/how-tos/monitoring/logging.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@
<li class="toctree-l1 current"><a class="reference internal" href="../../security.html">Security</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../../security.html#introduction">Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security.html#considerations">Considerations</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security.html#security-controls">Security Controls</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security.html#additional-information">Additional Information</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security.html#conclusion">Conclusion</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../../security.html#relevant-references">Relevant References</a><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="../../security/vulnerability-management.html">Vulnerability Management</a></li>
Expand Down
2 changes: 1 addition & 1 deletion latest/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -390,7 +390,7 @@ <h2>Special Thanks<a class="headerlink" href="#special-thanks" title="Permalink
<li class="toctree-l1"><a class="reference internal" href="security.html">Security</a><ul>
<li class="toctree-l2"><a class="reference internal" href="security.html#introduction">Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="security.html#considerations">Considerations</a></li>
<li class="toctree-l2"><a class="reference internal" href="security.html#security-controls">Security Controls</a></li>
<li class="toctree-l2"><a class="reference internal" href="security.html#additional-information">Additional Information</a></li>
<li class="toctree-l2"><a class="reference internal" href="security.html#conclusion">Conclusion</a></li>
<li class="toctree-l2"><a class="reference internal" href="security.html#relevant-references">Relevant References</a></li>
</ul>
Expand Down
Binary file modified latest/objects.inv
View file
Binary file not shown.
2 changes: 1 addition & 1 deletion latest/searchindex.js
View file

Large diffs are not rendered by default.

18 changes: 14 additions & 4 deletions latest/security.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,9 +131,10 @@
<li class="toctree-l2"><a class="reference internal" href="#considerations">Considerations</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#advantages">Advantages</a></li>
<li class="toctree-l3"><a class="reference internal" href="#limitations">Limitations</a></li>
<li class="toctree-l3"><a class="reference internal" href="#controls">Controls</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="#security-controls">Security Controls</a></li>
<li class="toctree-l2"><a class="reference internal" href="#additional-information">Additional Information</a></li>
<li class="toctree-l2"><a class="reference internal" href="#conclusion">Conclusion</a></li>
<li class="toctree-l2"><a class="reference internal" href="#relevant-references">Relevant References</a><ul>
<li class="toctree-l3"><a class="reference internal" href="security/vulnerability-management.html">Vulnerability Management</a></li>
Expand Down Expand Up @@ -235,11 +236,20 @@ <h3>Limitations<a class="headerlink" href="#limitations" title="Permalink to thi
<li><p><strong>HTTP Traffic to Origin Servers</strong>: Traffic to backend services, including computational resources like Jupyter servers, is currently over HTTP, which is unencrypted. Plans are underway to upgrade this to HTTPS to ensure encryption of data in transit, thereby bolstering security.</p></li>
</ul>
</div>
<div class="section" id="controls">
<h3>Controls<a class="headerlink" href="#controls" title="Permalink to this headline"></a></h3>
<p>These are things the the out of the box OnDemand installation will provide
that some centers may want to change or disable altogether.</p>
<ul class="simple">
<li><p><strong>File Access</strong>: OnDemand lets users navigate the file system. While file permissions
limit what a user can view and navigate to, some centers may want to limit this even further.
One option is to <a class="reference internal" href="customizations.html#set-file-allowlist"><span class="std std-ref">Block or Allow Directory Access</span></a> to limit what directories users may navigate to.</p></li>
</ul>
</div>
</div>
<div class="section" id="security-controls">
<h2>Security Controls<a class="headerlink" href="#security-controls" title="Permalink to this headline"></a></h2>
<div class="section" id="additional-information">
<h2>Additional Information<a class="headerlink" href="#additional-information" title="Permalink to this headline"></a></h2>
<ul class="simple">
<li><p><strong>Monitoring and Logging</strong>: Comprehensive logging mechanisms are integral for security audits and incident response. Detailed guidelines and settings for these features can be found at <a class="reference internal" href="how-tos/monitoring/logging.html#logging"><span class="std std-ref">Logging</span></a>.</p></li>
<li><p><strong>Vulnerability Management</strong>: Active management of security weaknesses includes regular updates and patches. Detailed processes and current security advisories are available at <a class="reference internal" href="security/vulnerability-management.html#vulnerability-management"><span class="std std-ref">Vulnerability Management</span></a>.</p></li>
<li><p><strong>Security Audits</strong>: The platform undergoes periodic security audits by Trusted CI, the NSF Cybersecurity Center of Excellence. Summaries of these audits are available, with the latest report accessible <a class="reference external" href="https://openondemand.org/sites/default/files/documents/Trusted%20CI%20Open%20OnDemand%20Engagement%20Final%20Report%20-%20REDACTED%20FOR%20PUBLIC%20RELEASE%20210712_0.pdf">here</a>.</p></li>
</ul>
Expand Down
2 changes: 1 addition & 1 deletion latest/security/vulnerability-management.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@
<li class="toctree-l1 current"><a class="reference internal" href="../security.html">Security</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../security.html#introduction">Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="../security.html#considerations">Considerations</a></li>
<li class="toctree-l2"><a class="reference internal" href="../security.html#security-controls">Security Controls</a></li>
<li class="toctree-l2"><a class="reference internal" href="../security.html#additional-information">Additional Information</a></li>
<li class="toctree-l2"><a class="reference internal" href="../security.html#conclusion">Conclusion</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../security.html#relevant-references">Relevant References</a><ul class="current">
<li class="toctree-l3 current"><a class="current reference internal" href="#">Vulnerability Management</a><ul>
Expand Down

0 comments on commit b584133

Please sign in to comment.