Open jasonfleming opened 2 years ago
Sounds good; I will produce an audit with this information plus some initial recommendations.
@jasonfleming one thing that I think will make this difficult to some degree is that we use run.properties
as a communication medium - i.e., any time a called script reads run.properties
and gets values from it. This needs to be addressed I think before we can treat run.properties as a sink for sanitized data. Any thoughts or questions on? For this case, I'll sanitize what I can safely.
Quick list of run.properties
that contain $USER
:
config.file
operator
path.adcircdir
path.scriptdir
path.inputdir
path.outputdir
path.scratchdir
monitoring.rmqmessaging.script
monitoring.rmqmessaging.scriptrp
monitoring.rmqmessaging.ncohome
monitoring.logging.file.syslog
post.file.sshkey
archive.path.archivebase
archive.path.archivedir
path.rundir
path.cycledir
path.scenariodir
monitoring.logging.file.cyclelog
monitoring.logging.file.scenariolog
asgs.path.advisdir
asgs.path.stormdir
path.advisdir
path.stormdir
directory
hpc.job.prep15.file.qscripttemplate
hpc.job.prep15.joblog
Email addresses are exposed in:
notification.opendap.email.opendapnotify
notification.email.asgsadmin
@jasonfleming and @carolakaiser - can you both look at the above list of run.properties
values, and tell me if redacting them (e.g., sanitizing $USER
and email addresses) would break anything downstream of the ADCIRC results?
@wwlwpd I went through the list and it seems that CERA would not be affected by any changes to these key/value pairs. Thanks.
Hey @wwlwpd, the slide deck is the only downstream app that I can really check, I will do that now (it does use the run.properties
file). The other use for posting the full run.properties
file is for real time troubleshooting and peer review, although those are manual processes, and are not critical. I like the idea of a private run.properties
file that is used internally by ASGS that gets filtered/redacted before being posted for opendap service.
@wwlwpd I had a look at the list of properties above, and went through the slide deck workflow. It does not use any of those properties, which is great. However, we do not have a defined list of properties (i.e., a documented interface or "contract") with data consumers. Or an SOP for changing such an interface. I am in favor of redacting the properties you've listed whenever you are ready, but at a minimum, we should also announce it as publicly as possible, e.g., send an email to asgs-operators
to give a heads up.
I agree, maybe we can slate this for post-season?
I agree.
I think the best result out of this issue is to:
Simply listing these things and doing our best here, coupled with making users aware of the very public nature of this repo and activity sounds sufficient to me.
This does not seem to be resolved. I think it is resolved in the status files but not the run.properties
.
Yeah, this is a very hard to define target. I think doing it by file (like run.properties
) and just making it a best effort is all we can do.
I added run.properties
as the target for this, maybe once this is done we can identify another file to clean up.
We produce and post a lot of information to open thredds servers that could be exploited to negatively affect our people, processes, systems, services, and products. This information should be reviewed to facilitate to identify and correct the leakage of sensitive information.