mulling the idea of a Infrastructure Security FAD (fedora activity day)
Stephen John Smoogen
smooge at gmail.com
Wed Jun 13 02:09:26 UTC 2012
On 12 June 2012 17:03, Kevin Fenzi <kevin at scrye.com> wrote:
> Greetings.
>
> I've been toying with the idea of a Fedora Infrastructure FAD (Fedora
> Activity Day) around getting our security tasks further along/mapped
> out, or just done. We can do all these things remotely, but sitting
> down with less distractions and getting things done or deciding on
> roadmaps may work faster/better in person.
>
> More information on FAD's:
> http://fedoraproject.org/wiki/Fedora_Activity_Day_-_FAD
>
> Some possible Goals:
>
> * Put in place our 2 factor authentication solution.
> - Enable globally for sudo.
> - Come up with plan/roadmap for applications 2 factor
> authentication.
> - enable more 2nd factors if we only have one working.
> (yubikey, google authenticator, others?)
I think this would be a good focus. We are looking at a 2 day
work-fest (meaning many people would be block out 4 days (2 to travel,
2 to work)) and I think that would take up most of that 2 days. The
next primary focus would be mapping what we have and how they talk to
each other. Getting to know what is around and how it talks to
everything is a time consuming task but once it is done, it makes
figuring out what is left out in the wind, what we care about and what
we don't much easier.
> * Revamp firewall rules to further restrict traffic between machines.
> * Come up with a better plan for signing servers
> - In puppet or out of puppet?
> - On demand vs always on
> - ssh access, console, 2factor?
> * Hash out a roadmap or plans around git commit signing.
> - See if this is something we want to do
> * Work on FAS security enhancements
> - backup email address?
> - security questions?
> - better gpg integration?
> - handling for 2 factor auth
> * Setup a simple IDS of some kind?
> - Notice non standard traffic in our internal nets
> * Finish up keys.fedoraproject.org and announce it.
> * Clean up selinux AVCs and move more things to enforcing.
> * Your brilliant Fedora Infrastructure security related idea here.
>
> Possible dates:
>
> last week of Aug, First week of Sept?
> (This puts us between the Alpha and Beta freezes, and is possibly
> enough notice to get better airfair/etc rates).
> somewhere in 2012-08-27 to 2012-09-10
>
> First 2 weeks in Nov?
> (After F18 is released, before thanksgiving)
> somewhere in 2012-11-05 to 2012-11-16
>
> Right before next Fudcon?
> 2013-01-15 to 2013-01-17?
>
> Your exciting better dates here.
>
> Possible locations:
>
> Red Hat HQ in RDU?
> pros: can probably get a room/network and pull in other RH folks
>
> Westford, MA
> pros: could probably get a room/network and pull in other RH
> engr folks.
>
> Other location here:
> must be cheap to fly to/stay at, and have a facility we could
> meet at and use.
>
> So, this is more a 'is there enough interest in this to peruse it' type
> of email.
>
> How many folks would be interested in going to something like this?
>
> What dates or places would you prefer?
>
> Is there another topic that would be a better thing to do than
> Security? I can think of several more topics if we would prefer
> something else (Fixing our application logging could be it's own FAD by
> itself).
>
> Thoughts?
>
> kevin
>
> _______________________________________________
> infrastructure mailing list
> infrastructure at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
--
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me." —James Stewart as Elwood P. Dowd
More information about the infrastructure
mailing list