mulling the idea of a Infrastructure Security FAD (fedora activity day)

Jayson Rowe jayson.rowe at gmail.com
Wed Jun 13 00:55:00 UTC 2012 

On Tue, Jun 12, 2012 at 7:03 PM, Kevin Fenzi <kevin at scrye.com> wrote:
> Greetings.
>
> I've been toying with the idea of a Fedora Infrastructure FAD (Fedora
> Activity Day) around getting our security tasks further along/mapped
> out, or just done. We can do all these things remotely, but sitting
> down with less distractions and getting things done or deciding on
> roadmaps may work faster/better in person.
>
> More information on FAD's:
> http://fedoraproject.org/wiki/Fedora_Activity_Day_-_FAD
>
> Some possible Goals:
>
> * Put in place our 2 factor authentication solution.
>        - Enable globally for sudo.
>        - Come up with plan/roadmap for applications 2 factor
>          authentication.
>        - enable more 2nd factors if we only have one working.
>          (yubikey, google authenticator, others?)
> * Revamp firewall rules to further restrict traffic between machines.
> * Come up with a better plan for signing servers
>        - In puppet or out of puppet?
>        - On demand vs always on
>        - ssh access, console, 2factor?
> * Hash out a roadmap or plans around git commit signing.
>        - See if this is something we want to do
> * Work on FAS security enhancements
>        - backup email address?
>        - security questions?
>        - better gpg integration?
>        - handling for 2 factor auth
> * Setup a simple IDS of some kind?
>        - Notice non standard traffic in our internal nets
> * Finish up keys.fedoraproject.org and announce it.
> * Clean up selinux AVCs and move more things to enforcing.
> * Your brilliant Fedora Infrastructure security related idea here.
>
> Possible dates:
>
> last week of Aug, First week of Sept?
> (This puts us between the Alpha and Beta freezes, and is possibly
> enough notice to get better airfair/etc rates).
> somewhere in 2012-08-27 to 2012-09-10
>
> First 2 weeks in Nov?
> (After F18 is released, before thanksgiving)
> somewhere in 2012-11-05 to 2012-11-16
>
> Right before next Fudcon?
> 2013-01-15 to 2013-01-17?
>
> Your exciting better dates here.
>
> Possible locations:
>
> Red Hat HQ in RDU?
>        pros: can probably get a room/network and pull in other RH folks
>
> Westford, MA
>        pros: could probably get a room/network and pull in other RH
>        engr folks.
>
> Other location here:
>        must be cheap to fly to/stay at, and have a facility we could
>        meet at and use.
>
> So, this is more a 'is there enough interest in this to peruse it' type
> of email.
>
> How many folks would be interested in going to something like this?
>
> What dates or places would you prefer?
>
> Is there another topic that would be a better thing to do than
> Security? I can think of several more topics if we would prefer
> something else (Fixing our application logging could be it's own FAD by
> itself).
>
> Thoughts?
>
> kevin
>
> _______________________________________________
> infrastructure mailing list
> infrastructure at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure

I would absolutely love to come to something like this. Due to
finances, and not having to buy a plane ticket, RDU would be best for
me (I could drive...I'm about a 3.5hr drive away), and I'm almost sure
I could swing it, especially if I could split a room w/ someone. Dates
aren't as big of a deal for me. How many days of the week would it
involve? I'd have to make sure I have extra vacation time at work to
spare.

-- 
-jayson

More information about the infrastructure mailing list