people1 needs to be able to communicate with noc1 to enable our audit-driven prelude IDS.
It'll need to talk to noc1:5553 for a one-time registration. It will then need to be able to connect to port 4690 to send prelude messages.
The vpn allows tcp/4690 from people1 to noc1. tcp/5553 isn't allowed right now, though. How much still needs to be done on this ticket? Is the one-time registration done? Is prelude already collecting from people1?
The ports are configured as open in puppet (manifests/servergroups/noc.pp), but prelude doesn't appear to be listening on tcp/5553, so we can't test. Something does appear to be listening on tcp/4690.
In discussion with lmacken, prelude got put on hold for a while. The listener on tcp/5553 requires running the prelude-admin registration by hand.
Since the work for this ticket appears to be done, I'm closing it.
Log in to comment on this ticket.