mulling the idea of a Infrastructure Security FAD (fedora activity day)

seth vidal skvidal at fedoraproject.org
Wed Jun 13 04:14:07 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 12 Jun 2012 22:54:54 -0500
Dennis Gilmore <dennis at ausil.us> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> El Tue, 12 Jun 2012 17:03:48 -0600
> Kevin Fenzi <kevin at scrye.com> escribió:
> > Greetings. 
> > 
> > I've been toying with the idea of a Fedora Infrastructure FAD
> > (Fedora Activity Day) around getting our security tasks further
> > along/mapped out, or just done. We can do all these things
> > remotely, but sitting down with less distractions and getting
> > things done or deciding on roadmaps may work faster/better in
> > person. 
> > 
> > More information on FAD's: 
> > http://fedoraproject.org/wiki/Fedora_Activity_Day_-_FAD
> > 
> > Some possible Goals:
> > 
> > * Put in place our 2 factor authentication solution. 
> > 	- Enable globally for sudo. 
> > 	- Come up with plan/roadmap for applications 2 factor
> > 	  authentication.
> > 	- enable more 2nd factors if we only have one working.
> > 	  (yubikey, google authenticator, others?)
> > * Revamp firewall rules to further restrict traffic between
> > machines. 
> > * Come up with a better plan for signing servers
> > 	- In puppet or out of puppet? 
> > 	- On demand vs always on
> > 	- ssh access, console, 2factor? 
> > * Hash out a roadmap or plans around git commit signing.
> > 	- See if this is something we want to do
> > * Work on FAS security enhancements
> > 	- backup email address?
> > 	- security questions? 
> > 	- better gpg integration?
> > 	- handling for 2 factor auth
> > * Setup a simple IDS of some kind? 
> > 	- Notice non standard traffic in our internal nets
> > * Finish up keys.fedoraproject.org and announce it. 
> > * Clean up selinux AVCs and move more things to enforcing. 
> > * Your brilliant Fedora Infrastructure security related idea here. 
> > 
> > Possible dates: 
> > 
> > last week of Aug, First week of Sept? 
> > (This puts us between the Alpha and Beta freezes, and is possibly
> > enough notice to get better airfair/etc rates). 
> > somewhere in 2012-08-27 to 2012-09-10
> 
> I am going to be in Australia July 22 - Sept 2  so this really doesnt
> work for me.
> 
> > 
> > First 2 weeks in Nov?
> > (After F18 is released, before thanksgiving)
> > somewhere in 2012-11-05 to 2012-11-16
> 
> would be better and probably a good time to get other folks to help. 
> 
> > Right before next Fudcon? 
> > 2013-01-15 to 2013-01-17?
> > 
> > Your exciting better dates here. 
> > 
> > Possible locations: 
> > 
> > Red Hat HQ in RDU?
> > 	pros: can probably get a room/network and pull in other RH
> > folks
> > 
> > Westford, MA
> > 	pros: could probably get a room/network and pull in other RH
> > 	engr folks. 
> I think westford would be preferable.  just because of more Red Hat
> engineers to pull in.
>

I think westford is not the best place, actually. We do not have much
in the way of systems folks in westford and there is an endless stream
of potential interruptions in westford - not least of which in the form
of many of our managers.


- -sv
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)

iD8DBQFP2BOT1Aj3x2mIbMcRAsDsAJ9Jqbe21ODRSb7i1H//9PaGbqabNACgl9b4
51z5nqCO0Q3K+zi4zMVeeh4=
=9rkT
-----END PGP SIGNATURE-----

More information about the infrastructure mailing list