======================================================================================================
#fedora-meeting: Security Team Meeting - Agenda:
https://fedoraproject.org/wiki/Security_Team_meetings
======================================================================================================
Meeting started by Sparks at 14:03:49 UTC. The full logs are available
at
http://meetbot.fedoraproject.org/fedora-meeting/2016-01-14/fedora_securit...
.
Meeting summary
---------------
* Roll Call (Sparks, 14:04:01)
* Follow up on last week's tasks (Sparks, 14:12:29)
* ACTION: pjp to give a status update on security policy in the wiki
(carried over) (Sparks, 14:12:46)
* ACTION: Sparks to figure out how FST members can get access to
Fedora security bugs (Sparks, 14:12:57)
* Fedora Security Team FAD (Sparks, 14:13:07)
* LINK:
http://whenisgood.net/8fshcdf/results/9czp49s (Sparks,
14:13:35)
* ACTION: Sparks to follow up on meeting locations to verify their
availability. (Sparks, 14:14:21)
* ACTION: Sparks to bring up the agenda topic on the list (Sparks,
14:18:26)
* Apprenticeship (Sparks, 14:18:35)
* LINK:
https://fedoraproject.org/wiki/Security_Team_Apprenticeship
(Sparks, 14:18:44)
* Outstanding BZ Tickets (Sparks, 14:20:42)
* Thursday's numbers: Critical 0 (0), Important 43 (+7), Moderate 429
(+5), Low 173 (+27), Total 645 (Sparks, 14:20:50)
* Open floor discussion/questions/comments (Sparks, 14:22:52)
* LINK:
https://twitter.com/phessler/status/687637446469771264
CVE-2016-0777 (Astradeus, 14:23:41)
* LINK:
http://docs.openstack.org/developer/openstack-ansible-security/
(mhayden, 14:29:51)
* LINK:
https://github.com/ameridea (linuxmodder, 14:39:06)
Meeting ended at 14:46:42 UTC.
Action Items
------------
* pjp to give a status update on security policy in the wiki (carried
over)
* Sparks to figure out how FST members can get access to Fedora security
bugs
* Sparks to follow up on meeting locations to verify their availability.
* Sparks to bring up the agenda topic on the list
Action Items, by person
-----------------------
* Sparks
* Sparks to figure out how FST members can get access to Fedora
security bugs
* Sparks to follow up on meeting locations to verify their
availability.
* Sparks to bring up the agenda topic on the list
* **UNASSIGNED**
* pjp to give a status update on security policy in the wiki (carried
over)
People Present (lines said)
---------------------------
* Sparks (51)
* linuxmodder (26)
* mhayden (21)
* Astradeus (10)
* zodbot (9)
14:03:49 <Sparks> #startmeeting Security Team Meeting - Agenda:
https://fedoraproject.org/wiki/Security_Team_meetings
14:03:49 <zodbot> Meeting started Thu Jan 14 14:03:49 2016 UTC. The chair is
Sparks. Information about MeetBot at
http://wiki.debian.org/MeetBot.
14:03:49 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link
#topic.
14:03:49 <zodbot> The meeting name has been set to 'security_team_meeting_-
_agenda:_https://fedoraproject.org/wiki/security_team_meetings'
14:03:52 <Sparks> #meetingname Fedora Security Team
14:03:52 <zodbot> The meeting name has been set to 'fedora_security_team'
14:03:55 <zodbot> Sparks: Error: Can't start another meeting, one is in
progress.
14:03:58 <Sparks> #meetingname Fedora Security Team
14:03:58 <zodbot> The meeting name has been set to 'fedora_security_team'
14:04:01 <Sparks> #topic Roll Call
14:04:02 * Sparks
14:05:48 * linuxmodder
14:06:20 <linuxmodder> .fas corey84
14:06:21 <zodbot> linuxmodder: corey84 'Corey Sheldon'
<sheldon.corey(a)gmail.com>
14:07:35 * Sparks gives everyone a few more minutes
14:09:39 <Astradeus> .fas astra
14:09:39 <zodbot> Astradeus: rustomafs 'Rustom Irani'
<rustom(a)acefastrack.com>
- netman 'Andrey Krasukov' <netman(a)astratel.ru> - astralstorm 'Radosław
Szkodziński' <astralstorm(a)gmail.com> - astratik 'Alexandre
Stratikopoulos'
<ale.stratik(a)gmail.com> - astra 'David Kaufmann' <astra(a)ionic.at> -
astrawin
'Dick Chapman' <astrawin(a)rogers.com> - ambyte 'Sergey Gulyaev'
<astraway(a)gmail.com> - sabroso 'Luis Alberto Pelaez' (3 more messages)
14:09:54 <Astradeus> ah, no, that was the wrong one^^
14:10:03 <Astradeus> .hello astra
14:10:04 <zodbot> Astradeus: astra 'David Kaufmann' <astra(a)ionic.at>
14:11:16 <linuxmodder> scarce on folks today :(
14:11:45 <Sparks> Okay, lets get started
14:12:29 <Sparks> #topic Follow up on last week's tasks
14:12:37 * Sparks notes pjp isn't here
14:12:46 <Sparks> #action pjp to give a status update on security policy in
the wiki (carried over)
14:12:57 <Sparks> #action Sparks to figure out how FST members can get access
to Fedora security bugs
14:13:07 <Sparks> #topic Fedora Security Team FAD
14:13:35 <Sparks> #link
http://whenisgood.net/8fshcdf/results/9czp49s
14:13:56 <Sparks> It appears we've narrowed down our available time to a
couple of Fridays in March.
14:14:21 <Sparks> #action Sparks to follow up on meeting locations to verify
their availability.
14:14:46 <Sparks> We also need to get a solid agenda together. We need a list
of things we want to accomplish.
14:15:41 <Sparks> Anyone?
14:15:48 <Astradeus> sounds good?
14:16:23 <Astradeus> don't have much fst experience, so i can't really
contribute to an agenda
14:18:26 <Sparks> #action Sparks to bring up the agenda topic on the list
14:18:35 <Sparks> #topic Apprenticeship
14:18:44 <Sparks> #link
https://fedoraproject.org/wiki/Security_Team_Apprenticeship
14:19:03 <linuxmodder> Sounds good to me, any plans to do a intro session
at FAD ? or similar like a lab day
14:19:04 <linuxmodder> not necessarily a pen lab but a basics lab ( help
get everyone acquainted with each other | skills and best mentors in each
skill)
14:19:05 <Sparks> I think we're still working on this but this should be
something we work on at the FAD.
14:19:27 <Sparks> linuxmodder: Yes!
14:20:18 <linuxmodder> I am more than willing to help with the security for
dummies |noobs lab (like the 010 -0200 courses)
14:20:26 <Sparks> ack
14:20:27 <linuxmodder> firewalls |acls etc
14:20:35 <Sparks> Okay, we'll move on along...
14:20:42 <Sparks> #topic Outstanding BZ Tickets
14:20:50 <Sparks> #info Thursday's numbers: Critical 0 (0), Important 43 (+7),
Moderate 429 (+5), Low 173 (+27), Total 645
14:20:57 <Sparks> +Tickets by Severity-+-------+---------+
14:20:57 <Sparks> | Severity | Tickets | Owned | Unowned |
14:20:57 <Sparks> +----------+---------+-------+---------+
14:20:57 <Sparks> | medium | 429 | 40 | 389 |
14:20:57 <Sparks> | low | 173 | 13 | 160 |
14:21:00 <Sparks> | high | 43 | 21 | 22 |
14:21:01 <linuxmodder> getting some lag here on my end apoligzes for any
odd relay delays
14:21:02 <Sparks> +----------+---------+-------+---------+
14:21:35 <linuxmodder> glad to see critical back at 0
14:21:44 <Sparks> much agreed.
14:21:54 <Sparks> Now if we could just get rid of the highs.
14:22:33 <linuxmodder> I'll take another look tonight or tomorrow at the
high list see if I can help squash a few
14:22:52 <Sparks> #topic Open floor discussion/questions/comments
14:22:57 <linuxmodder> everything under 20 would be a nice improvement
14:22:57 <Sparks> Okay, anyone have anything?
14:23:01 <Astradeus> maybe
14:23:13 <linuxmodder> Astradeus, shoot
14:23:27 <Astradeus> in the next two hours there seems to be an upcoming CVE
for ssh
14:23:41 <Astradeus>
https://twitter.com/phessler/status/687637446469771264
CVE-2016-0777
14:24:03 <linuxmodder> Astradeus, link ? haven't seen that (albeit a bit
out of pocket this week helping a client)
14:24:15 <Astradeus> not sure if it's something, but just came in
14:24:39 <Astradeus> don't have more information, just saw it few minutes ago
14:25:01 <linuxmodder> added to list of followed tweets
14:25:58 <linuxmodder> Sparks, any current appliance or method for
recruiting | training say CS students at the local level for FST or just
the Apprenticeship
14:26:24 <Sparks> linuxmodder: Not yet but we should. We need to get our
training figured out first so we're ready.
14:28:08 <Sparks> Anyone have anything else?
14:28:49 <linuxmodder> Sparks, fully agree
14:28:56 * mhayden is here
14:29:12 <Sparks> mhayden: Oh good, right before we're planning on closing!
14:29:13 <Sparks> :)
14:29:14 <linuxmodder> have anything for open floor mhayden
14:29:23 <mhayden> oof :P
14:29:44 <mhayden> i'm considering adapting openstack-ansible-security for
Fedora
14:29:51 <mhayden>
http://docs.openstack.org/developer/openstack-ansible-security/
14:30:12 <Sparks> mhayden: Tell us more!
14:30:13 <mhayden> TL;DR - apply STIG hardening standards w/ansible so that
it's easy to roll into other playbooks/roles
14:30:35 <mhayden> right now it takes the RHEL 6 STIG and translates it to
Ubuntu 14.04 (which is not terribly fun) ;)
14:30:44 <mhayden> but another company is adapting it for Debian 7/8
14:30:53 <mhayden> and i plan to get it working on F23 soon if i can get some
tie
14:31:06 <mhayden> s/tie/time/
14:31:17 <Sparks> mhayden++
14:31:25 <linuxmodder> mhayden, I can throw some testing time toward that
starting later this month
14:31:26 <mhayden> yes, one could use SCAP for this, but SCAP is a little
heavy at times
14:31:34 <mhayden> linuxmodder: woot
14:31:46 <mhayden> also, it's not easy to roll in scap w/ansible if you're
deploying new systems
14:31:49 <linuxmodder> have a STIG system on on personal lappy even
14:31:56 <mhayden> haha, indeed! :)
14:32:12 <linuxmodder> using a slightly modded Centos secure stig ks
14:32:35 <mhayden> gotcha
14:32:47 <linuxmodder> likely same one you referenced think it was 6.4 based
14:33:02 <mhayden> yeah, any idea on when the RHEL 7 stig might get released?
14:33:16 <mhayden> IIRC, some RHT folks contribute to that
14:33:39 <Sparks> mhayden: I think it all comes from RH.
14:33:51 <Sparks> mhayden: Maybe talk to Shawn Wells?
14:33:54 <linuxmodder> not seen any dates but can probe
14:34:34 <mhayden> Sparks: ah, that name sounds quite familiar
14:34:42 <mhayden> i think i was in one of his summit talks once
14:37:06 <mhayden> Sparks: that was about it for me
14:38:28 <Sparks> Okay, anyone have anything else?
14:38:48 <linuxmodder> anyone with any youth or outreach ideas feel free to
hit me up have a startup venture with laptop meant to be STIG complaint in
all variants and oyuth workshops
14:39:01 <Sparks> mhayden: Perhaps you could start a topic on the list
regarding Ansible?
14:39:06 <linuxmodder> #link
https://github.com/ameridea
14:39:26 <mhayden> Sparks: sure, in the context of the openstack-ansible-
security repository?
14:39:42 <linuxmodder> makes sense to go that route mhayden
14:39:57 * mhayden will do
14:40:15 <linuxmodder> feel free to use my github addy or corey84(a)fp.o ||
csheldon(a)ameridea.net
14:40:44 <Sparks> mhayden: Yes
14:44:35 <Sparks> Okay, anything else?
14:46:37 <Sparks> Okay, I'm hearing nothing else. Everyone have a good day!
14:46:42 <Sparks> #endmeeting