diff options
-rw-r--r-- | docs/etc/conf.py | 1 | ||||
-rw-r--r-- | docs/opnfvsecguide/_static/temp | 0 | ||||
-rw-r--r-- | docs/opnfvsecguide/_templates/temp | 0 | ||||
-rw-r--r-- | docs/opnfvsecguide/compute.rst | 8 | ||||
-rw-r--r-- | docs/opnfvsecguide/compute/dacmaccontrols.rst | 3 | ||||
-rw-r--r-- | docs/opnfvsecguide/compute/trust.rst | 6 | ||||
-rw-r--r-- | docs/opnfvsecguide/contribution.rst | 41 | ||||
-rw-r--r-- | docs/opnfvsecguide/getting_started.rst | 37 | ||||
-rw-r--r-- | docs/opnfvsecguide/index.rst | 29 | ||||
-rw-r--r-- | docs/opnfvsecguide/introduction.rst | 12 | ||||
-rw-r--r-- | docs/opnfvsecguide/introduction/acknowledgements.rst | 3 | ||||
-rw-r--r-- | docs/opnfvsecguide/introduction/background.rst | 19 | ||||
-rw-r--r-- | docs/opnfvsecguide/network.rst | 8 | ||||
-rw-r--r-- | docs/opnfvsecguide/network/neutron.rst | 2 |
14 files changed, 169 insertions, 0 deletions
diff --git a/docs/etc/conf.py b/docs/etc/conf.py index 006603516..cff2d96da 100644 --- a/docs/etc/conf.py +++ b/docs/etc/conf.py @@ -17,6 +17,7 @@ source_suffix = '.rst' master_doc = 'index' pygments_style = 'sphinx' html_use_index = False +html_theme = 'sphinx_rtd_theme' pdf_documents = [('index', u'OPNFV', u'OPNFV Project', u'OPNFV')] pdf_fit_mode = "shrink" diff --git a/docs/opnfvsecguide/_static/temp b/docs/opnfvsecguide/_static/temp new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/docs/opnfvsecguide/_static/temp diff --git a/docs/opnfvsecguide/_templates/temp b/docs/opnfvsecguide/_templates/temp new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/docs/opnfvsecguide/_templates/temp diff --git a/docs/opnfvsecguide/compute.rst b/docs/opnfvsecguide/compute.rst new file mode 100644 index 000000000..ee8d782a7 --- /dev/null +++ b/docs/opnfvsecguide/compute.rst @@ -0,0 +1,8 @@ +Compute Security +---------------- + +.. toctree:: + :maxdepth: 2 + + compute/dacmaccontrols + compute/trust
\ No newline at end of file diff --git a/docs/opnfvsecguide/compute/dacmaccontrols.rst b/docs/opnfvsecguide/compute/dacmaccontrols.rst new file mode 100644 index 000000000..08cd7ee89 --- /dev/null +++ b/docs/opnfvsecguide/compute/dacmaccontrols.rst @@ -0,0 +1,3 @@ +DAC & MAC Controls +------------------ + diff --git a/docs/opnfvsecguide/compute/trust.rst b/docs/opnfvsecguide/compute/trust.rst new file mode 100644 index 000000000..50ee2a10e --- /dev/null +++ b/docs/opnfvsecguide/compute/trust.rst @@ -0,0 +1,6 @@ +Trusted Compute +--------------- + +Compute security relates to the compute nodes in an OPNFV deployment. Compute nodes host various componants such as the hypervisor itself KVM-QEMU, and its serving eco-system, such as Nova (which interacts with the hypervisor using libvirt driver). + +We also cover other aspects of what is considered compute security, such as trusted boot / pools, although of course, these can be extended to other actors such as neutron etworking nodes.
\ No newline at end of file diff --git a/docs/opnfvsecguide/contribution.rst b/docs/opnfvsecguide/contribution.rst new file mode 100644 index 000000000..954c5785e --- /dev/null +++ b/docs/opnfvsecguide/contribution.rst @@ -0,0 +1,41 @@ +How to Contribute +----------------- + +Anyone is welcome to make additions, raise bugs, and fix issues within this Documentation. To do so, you will however need to first get an enviroment set up. + +Development Environment +####################### + +All project data such as formatting guidelines, and upstream mapping is documented via sphinx which uses reStructuredText + +It is recommended that you use a python virtualenv to keep things clean and contained. + +VirtualEnv +********** + +Use of a virtual environment is recommended, as not only is it a quick easy form of getting the needed modules in place, it isolates the module versions to a project. + +From within your inspector directory, set up a new virtualenv:: + + virtualenv venv + +Activate the new virtual environment:: + + source venv/bin/activate + +Install requirements:: + + pip install -r requirements.txt + +Sphinx Basics +************* + +To get started with sphinx, visit the main tutorial which will provide a primer `http://sphinx-doc.org/tutorial.html` + +Hack your changes into opnfv-security-guide/source + +To compile changes: + + make html + +From here you can run a basic python web server or just navigate to the file:///<repo>/opnfv-security-guide/build/html/index.html in your browser
\ No newline at end of file diff --git a/docs/opnfvsecguide/getting_started.rst b/docs/opnfvsecguide/getting_started.rst new file mode 100644 index 000000000..cfa8b2f6b --- /dev/null +++ b/docs/opnfvsecguide/getting_started.rst @@ -0,0 +1,37 @@ +Getting Started +--------------- + +Development Environment +####################### + +All project data such as formatting guidelines, and upstream mapping is documented via sphinx which uses reStructuredText + +VirtualEnv +********** + +Use of a virtual environment is recommended, as not only is it a quick easy form of getting the needed modules in place, it isolates the module versions to a project. + +From within your inspector directory, set up a new virtualenv:: + + virtualenv venv + +Activate the new virtual environment:: + + source venv/bin/activate + +Install requirements:: + + pip install -r requirements.txt + +Sphinx Basics +************* + +To get started with sphinx, visit the main tutorial which will provide a primer `http://sphinx-doc.org/tutorial.html` + +Hack your changes into opnfv-security-guide/source + +To compile changes: + + make html + +From here you can run a basic python web server or just navigate to the file:///<repo>/opnfv-security-guide/build/html/index.html in your browser
\ No newline at end of file diff --git a/docs/opnfvsecguide/index.rst b/docs/opnfvsecguide/index.rst new file mode 100644 index 000000000..cac474948 --- /dev/null +++ b/docs/opnfvsecguide/index.rst @@ -0,0 +1,29 @@ +.. OPNFV Security Guide documentation master file, created by + sphinx-quickstart on Tue Oct 27 19:30:29 2015. + You can adapt this file completely to your liking, but it should at least + contain the root `toctree` directive. + +Welcome to OPNFV Security Guide +================================================ + +This guide seeks to inform operators who to secure and maintain the security of the OPNFV Platform and its components. + +Contents: + +.. toctree:: + :maxdepth: 2 + + introduction + compute + network + contribution + + + +Indices and tables +================== + +* :ref:`genindex` +* :ref:`modindex` +* :ref:`search` + diff --git a/docs/opnfvsecguide/introduction.rst b/docs/opnfvsecguide/introduction.rst new file mode 100644 index 000000000..224b498a9 --- /dev/null +++ b/docs/opnfvsecguide/introduction.rst @@ -0,0 +1,12 @@ +Introduction +--------------- + +The OPNFV Security Guide is the collaborative work of many individuals, involved in both the OPNFV Security Group and the wider OPNFV community. + +The purpose of this guide is to provide the best practice security guidelines for deploying the OPNFV platfornm. It is a living document that is updated as new changes are merged into it's repository. + +.. toctree:: + :maxdepth: 2 + + introduction/background + introduction/acknowledgements
\ No newline at end of file diff --git a/docs/opnfvsecguide/introduction/acknowledgements.rst b/docs/opnfvsecguide/introduction/acknowledgements.rst new file mode 100644 index 000000000..60c687d05 --- /dev/null +++ b/docs/opnfvsecguide/introduction/acknowledgements.rst @@ -0,0 +1,3 @@ +Acknowledgements +---------------- + diff --git a/docs/opnfvsecguide/introduction/background.rst b/docs/opnfvsecguide/introduction/background.rst new file mode 100644 index 000000000..7766b36fa --- /dev/null +++ b/docs/opnfvsecguide/introduction/background.rst @@ -0,0 +1,19 @@ +Background +---------- + +Pre-virtualization security protection was largely centered on the network. Malicious attacks from hostile machines, would seek to exploit network based operating systems and applications, with the goal of compromising their target node. + +Physical security had always been a much simpler business, with most focus on the secure access of the data center hardware. +In-turn security was built up in layers (defense in depth) where machines would be daisy chained with network cables via security appliances to provide controlled segmentation and isolation. This form of security was built upon the principle of an ‘air gap’ being present, whereby machines were separate physical units, joined largely by the network stack. + +With the advent of virtualization (namely the hypervisor), new attack vectors have surfaced as the ‘air-gap’ is no longer key design aspect for security. Further to this elements orchestation nodes and network controllers lead to an even wider attack surface: + +* Guests breaking isolation of the hypervisor. + +* Unauthorized access and control of supporting orchestration nodes. + +* Unauthorized access and control of supporting overlay network control systems. + +The hypervisor and the overlay network have now become the ‘Achilles heel’ whereby all tenant data isolation is enforced within the hypervisor and its abstraction of hardware and the virtualized overlay network. + +This guide has been formulated, in order to assist users of the OPNFV platform in securing an Telco NFV / SDN environment.
\ No newline at end of file diff --git a/docs/opnfvsecguide/network.rst b/docs/opnfvsecguide/network.rst new file mode 100644 index 000000000..614e3c333 --- /dev/null +++ b/docs/opnfvsecguide/network.rst @@ -0,0 +1,8 @@ +Network Security +---------------- + + +.. toctree:: + :maxdepth: 2 + + network/neutron
\ No newline at end of file diff --git a/docs/opnfvsecguide/network/neutron.rst b/docs/opnfvsecguide/network/neutron.rst new file mode 100644 index 000000000..6eba4e3e1 --- /dev/null +++ b/docs/opnfvsecguide/network/neutron.rst @@ -0,0 +1,2 @@ +Neutron Security +----------------
\ No newline at end of file |