mulling the idea of a Infrastructure Security FAD (fedora activity day)

Ricky Elrod codeblock at elrod.me
Wed Jun 13 00:55:10 UTC 2012 

So, I really like this idea. I think it would be a really fun and
productive time.

I think security is a good topic, but it'll be good to see if anyone
else has other ideas. I think we have quite a few things we could cover
in the security realm though, like you listed.

I'd prefer to stay away from the last week of August/first week of
September, because for me (and possibly others -- Ian?) classes will
just have started back up. I'd vote for earlier, maybe the end of July?
Or the first week or two of August? Beyond that us college-goers will
probably be getting ready for the semester.

I don't have a lot of preference on location, either of your ideas are
about the same distance from me, personally.

But yes, I'm very interested in this, I think it would be a lot of fun,
and I think we could get a lot done.

-re

On 06/12/2012 07:03 PM, Kevin Fenzi wrote:
> Greetings. 
> 
> I've been toying with the idea of a Fedora Infrastructure FAD (Fedora
> Activity Day) around getting our security tasks further along/mapped
> out, or just done. We can do all these things remotely, but sitting
> down with less distractions and getting things done or deciding on
> roadmaps may work faster/better in person. 
> 
> More information on FAD's: 
> http://fedoraproject.org/wiki/Fedora_Activity_Day_-_FAD
> 
> Some possible Goals:
> 
> * Put in place our 2 factor authentication solution. 
> 	- Enable globally for sudo. 
> 	- Come up with plan/roadmap for applications 2 factor
> 	  authentication.
> 	- enable more 2nd factors if we only have one working.
> 	  (yubikey, google authenticator, others?)
> * Revamp firewall rules to further restrict traffic between machines. 
> * Come up with a better plan for signing servers
> 	- In puppet or out of puppet? 
> 	- On demand vs always on
> 	- ssh access, console, 2factor? 
> * Hash out a roadmap or plans around git commit signing.
> 	- See if this is something we want to do
> * Work on FAS security enhancements
> 	- backup email address?
> 	- security questions? 
> 	- better gpg integration?
> 	- handling for 2 factor auth
> * Setup a simple IDS of some kind? 
> 	- Notice non standard traffic in our internal nets
> * Finish up keys.fedoraproject.org and announce it. 
> * Clean up selinux AVCs and move more things to enforcing. 
> * Your brilliant Fedora Infrastructure security related idea here. 
> 
> Possible dates: 
> 
> last week of Aug, First week of Sept? 
> (This puts us between the Alpha and Beta freezes, and is possibly
> enough notice to get better airfair/etc rates). 
> somewhere in 2012-08-27 to 2012-09-10
> 
> First 2 weeks in Nov?
> (After F18 is released, before thanksgiving)
> somewhere in 2012-11-05 to 2012-11-16
> 
> Right before next Fudcon? 
> 2013-01-15 to 2013-01-17?
> 
> Your exciting better dates here. 
> 
> Possible locations: 
> 
> Red Hat HQ in RDU?
> 	pros: can probably get a room/network and pull in other RH folks
> 
> Westford, MA
> 	pros: could probably get a room/network and pull in other RH
> 	engr folks. 
> 
> Other location here: 
> 	must be cheap to fly to/stay at, and have a facility we could
> 	meet at and use. 
> 
> So, this is more a 'is there enough interest in this to peruse it' type
> of email. 
> 
> How many folks would be interested in going to something like this? 
> 
> What dates or places would you prefer?
> 
> Is there another topic that would be a better thing to do than
> Security? I can think of several more topics if we would prefer
> something else (Fixing our application logging could be it's own FAD by
> itself). 
> 
> Thoughts?
> 
> kevin
> 
> 
> 
> _______________________________________________
> infrastructure mailing list
> infrastructure at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
> 



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20120612/9842323f/attachment.sig>

More information about the infrastructure mailing list