Security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am an OSCE OSCP OSWP I can help with some security :)
On Wed, 2012-06-13 at 02:09 +0000,
infrastructure-request@xxxxxxxxxxxxxxxxxxxxxxx wrote:
> Send infrastructure mailing list submissions to
> 	infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://admin.fedoraproject.org/mailman/listinfo/infrastructure
> or, via email, send a message with subject or body 'help' to
> 	infrastructure-request@xxxxxxxxxxxxxxxxxxxxxxx
> 
> You can reach the person managing the list at
> 	infrastructure-owner@xxxxxxxxxxxxxxxxxxxxxxx
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of infrastructure digest..."
> 
> 
> Today's Topics:
> 
>    1. Re: Ticket #1084 Research/Updates (Kevin Fenzi)
>    2. mulling the idea of a Infrastructure Security FAD (fedora
>       activity	day) (Kevin Fenzi)
>    3. Re: mulling the idea of a Infrastructure Security FAD (fedora
>       activity day) (Jayson Rowe)
>    4. Re: mulling the idea of a Infrastructure Security FAD (fedora
>       activity	day) (Ricky Elrod)
>    5. Re: mulling the idea of a Infrastructure Security FAD (fedora
>       activity day) (Stephen John Smoogen)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Tue, 12 Jun 2012 13:56:21 -0600
> From: Kevin Fenzi <kevin@xxxxxxxxx>
> To: infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: Ticket #1084 Research/Updates
> Message-ID: <20120612135621.681a7a0d@xxxxxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="utf-8"
> 
> On Mon, 11 Jun 2012 20:40:08 -0400
> Jason Taylor <fedrhino42@xxxxxxxxx> wrote:
> 
> > 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >  
> > Hi Everyone,
> > 
> > After talking with nirik briefly about this ticket, poking around and
> > getting oriented a little it seems like starting with a high level
> > view working to a more detailed low level view is the way to go
> > updating/creating these docs. With that in mind the first item I am
> > looking at is:
> > 
> > http://fedoraproject.org/wiki/File:Infrastructure_Architecture_GlobalNetwork.png
> > 
> > A few questions:
> > 1. How attached are we to this specific image? Can I look around for a
> > different image to put this information on?
> 
> Not very. I'm happy with any image/setup that conveys how things are,
> with extra bonus for easy to add new things or change. 
> 
> > 2. With regard to the data on the image, do we still utilize both
> > ServerBeach locations? (I didn't run across any location
> > specifications regarding which serverbeach location in nagios or
> > puppet) 
> 
> Nope. All our serverbeach machines are in the same datacenter now. 
> 
> It's their San Antonio, TX datacenter. 
> 
> > 3. Are there any other locations that should be added? (e.g.
> > Internetx)
> 
> Yeah, internetx is also in Germany. Berlin I think. 
> 
> osuosl is in Corvallis, oregon, us. 
> 
> bodhost is in england (not sure exactly where). 
> 
> kevin
> 
> 
> 
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 836 bytes
> Desc: not available
> URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20120612/2f6ff8aa/attachment-0001.sig>
> 
> ------------------------------
> 
> Message: 2
> Date: Tue, 12 Jun 2012 17:03:48 -0600
> From: Kevin Fenzi <kevin@xxxxxxxxx>
> To: Fedora Infrastructure <infrastructure@xxxxxxxxxxxxxxxxxxxxxxx>
> Subject: mulling the idea of a Infrastructure Security FAD (fedora
> 	activity	day)
> Message-ID: <20120612170348.16cec5a0@xxxxxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="utf-8"
> 
> Greetings. 
> 
> I've been toying with the idea of a Fedora Infrastructure FAD (Fedora
> Activity Day) around getting our security tasks further along/mapped
> out, or just done. We can do all these things remotely, but sitting
> down with less distractions and getting things done or deciding on
> roadmaps may work faster/better in person. 
> 
> More information on FAD's: 
> http://fedoraproject.org/wiki/Fedora_Activity_Day_-_FAD
> 
> Some possible Goals:
> 
> * Put in place our 2 factor authentication solution. 
> 	- Enable globally for sudo. 
> 	- Come up with plan/roadmap for applications 2 factor
> 	  authentication.
> 	- enable more 2nd factors if we only have one working.
> 	  (yubikey, google authenticator, others?)
> * Revamp firewall rules to further restrict traffic between machines. 
> * Come up with a better plan for signing servers
> 	- In puppet or out of puppet? 
> 	- On demand vs always on
> 	- ssh access, console, 2factor? 
> * Hash out a roadmap or plans around git commit signing.
> 	- See if this is something we want to do
> * Work on FAS security enhancements
> 	- backup email address?
> 	- security questions? 
> 	- better gpg integration?
> 	- handling for 2 factor auth
> * Setup a simple IDS of some kind? 
> 	- Notice non standard traffic in our internal nets
> * Finish up keys.fedoraproject.org and announce it. 
> * Clean up selinux AVCs and move more things to enforcing. 
> * Your brilliant Fedora Infrastructure security related idea here. 
> 
> Possible dates: 
> 
> last week of Aug, First week of Sept? 
> (This puts us between the Alpha and Beta freezes, and is possibly
> enough notice to get better airfair/etc rates). 
> somewhere in 2012-08-27 to 2012-09-10
> 
> First 2 weeks in Nov?
> (After F18 is released, before thanksgiving)
> somewhere in 2012-11-05 to 2012-11-16
> 
> Right before next Fudcon? 
> 2013-01-15 to 2013-01-17?
> 
> Your exciting better dates here. 
> 
> Possible locations: 
> 
> Red Hat HQ in RDU?
> 	pros: can probably get a room/network and pull in other RH folks
> 
> Westford, MA
> 	pros: could probably get a room/network and pull in other RH
> 	engr folks. 
> 
> Other location here: 
> 	must be cheap to fly to/stay at, and have a facility we could
> 	meet at and use. 
> 
> So, this is more a 'is there enough interest in this to peruse it' type
> of email. 
> 
> How many folks would be interested in going to something like this? 
> 
> What dates or places would you prefer?
> 
> Is there another topic that would be a better thing to do than
> Security? I can think of several more topics if we would prefer
> something else (Fixing our application logging could be it's own FAD by
> itself). 
> 
> Thoughts?
> 
> kevin
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 836 bytes
> Desc: not available
> URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20120612/4ab3bc81/attachment-0001.sig>
> 
> ------------------------------
> 
> Message: 3
> Date: Tue, 12 Jun 2012 20:55:00 -0400
> From: Jayson Rowe <jayson.rowe@xxxxxxxxx>
> To: Fedora Infrastructure <infrastructure@xxxxxxxxxxxxxxxxxxxxxxx>
> Subject: Re: mulling the idea of a Infrastructure Security FAD (fedora
> 	activity day)
> Message-ID:
> 	<CAKNS325+dPj-Kp3j0nkQHCFMN2=kXNiNSgv9dZj1cJXK73mp4w@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> On Tue, Jun 12, 2012 at 7:03 PM, Kevin Fenzi <kevin@xxxxxxxxx> wrote:
> > Greetings.
> >
> > I've been toying with the idea of a Fedora Infrastructure FAD (Fedora
> > Activity Day) around getting our security tasks further along/mapped
> > out, or just done. We can do all these things remotely, but sitting
> > down with less distractions and getting things done or deciding on
> > roadmaps may work faster/better in person.
> >
> > More information on FAD's:
> > http://fedoraproject.org/wiki/Fedora_Activity_Day_-_FAD
> >
> > Some possible Goals:
> >
> > * Put in place our 2 factor authentication solution.
> >        - Enable globally for sudo.
> >        - Come up with plan/roadmap for applications 2 factor
> >          authentication.
> >        - enable more 2nd factors if we only have one working.
> >          (yubikey, google authenticator, others?)
> > * Revamp firewall rules to further restrict traffic between machines.
> > * Come up with a better plan for signing servers
> >        - In puppet or out of puppet?
> >        - On demand vs always on
> >        - ssh access, console, 2factor?
> > * Hash out a roadmap or plans around git commit signing.
> >        - See if this is something we want to do
> > * Work on FAS security enhancements
> >        - backup email address?
> >        - security questions?
> >        - better gpg integration?
> >        - handling for 2 factor auth
> > * Setup a simple IDS of some kind?
> >        - Notice non standard traffic in our internal nets
> > * Finish up keys.fedoraproject.org and announce it.
> > * Clean up selinux AVCs and move more things to enforcing.
> > * Your brilliant Fedora Infrastructure security related idea here.
> >
> > Possible dates:
> >
> > last week of Aug, First week of Sept?
> > (This puts us between the Alpha and Beta freezes, and is possibly
> > enough notice to get better airfair/etc rates).
> > somewhere in 2012-08-27 to 2012-09-10
> >
> > First 2 weeks in Nov?
> > (After F18 is released, before thanksgiving)
> > somewhere in 2012-11-05 to 2012-11-16
> >
> > Right before next Fudcon?
> > 2013-01-15 to 2013-01-17?
> >
> > Your exciting better dates here.
> >
> > Possible locations:
> >
> > Red Hat HQ in RDU?
> >        pros: can probably get a room/network and pull in other RH folks
> >
> > Westford, MA
> >        pros: could probably get a room/network and pull in other RH
> >        engr folks.
> >
> > Other location here:
> >        must be cheap to fly to/stay at, and have a facility we could
> >        meet at and use.
> >
> > So, this is more a 'is there enough interest in this to peruse it' type
> > of email.
> >
> > How many folks would be interested in going to something like this?
> >
> > What dates or places would you prefer?
> >
> > Is there another topic that would be a better thing to do than
> > Security? I can think of several more topics if we would prefer
> > something else (Fixing our application logging could be it's own FAD by
> > itself).
> >
> > Thoughts?
> >
> > kevin
> >
> > _______________________________________________
> > infrastructure mailing list
> > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> > https://admin.fedoraproject.org/mailman/listinfo/infrastructure
> 
> I would absolutely love to come to something like this. Due to
> finances, and not having to buy a plane ticket, RDU would be best for
> me (I could drive...I'm about a 3.5hr drive away), and I'm almost sure
> I could swing it, especially if I could split a room w/ someone. Dates
> aren't as big of a deal for me. How many days of the week would it
> involve? I'd have to make sure I have extra vacation time at work to
> spare.
> 
> -- 
> -jayson
> 
> 
> ------------------------------
> 
> Message: 4
> Date: Tue, 12 Jun 2012 20:55:10 -0400
> From: Ricky Elrod <codeblock@xxxxxxxx>
> To: infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: mulling the idea of a Infrastructure Security FAD (fedora
> 	activity	day)
> Message-ID: <4FD7E4EE.3050903@xxxxxxxx>
> Content-Type: text/plain; charset="utf-8"
> 
> So, I really like this idea. I think it would be a really fun and
> productive time.
> 
> I think security is a good topic, but it'll be good to see if anyone
> else has other ideas. I think we have quite a few things we could cover
> in the security realm though, like you listed.
> 
> I'd prefer to stay away from the last week of August/first week of
> September, because for me (and possibly others -- Ian?) classes will
> just have started back up. I'd vote for earlier, maybe the end of July?
> Or the first week or two of August? Beyond that us college-goers will
> probably be getting ready for the semester.
> 
> I don't have a lot of preference on location, either of your ideas are
> about the same distance from me, personally.
> 
> But yes, I'm very interested in this, I think it would be a lot of fun,
> and I think we could get a lot done.
> 
> -re
> 
> On 06/12/2012 07:03 PM, Kevin Fenzi wrote:
> > Greetings. 
> > 
> > I've been toying with the idea of a Fedora Infrastructure FAD (Fedora
> > Activity Day) around getting our security tasks further along/mapped
> > out, or just done. We can do all these things remotely, but sitting
> > down with less distractions and getting things done or deciding on
> > roadmaps may work faster/better in person. 
> > 
> > More information on FAD's: 
> > http://fedoraproject.org/wiki/Fedora_Activity_Day_-_FAD
> > 
> > Some possible Goals:
> > 
> > * Put in place our 2 factor authentication solution. 
> > 	- Enable globally for sudo. 
> > 	- Come up with plan/roadmap for applications 2 factor
> > 	  authentication.
> > 	- enable more 2nd factors if we only have one working.
> > 	  (yubikey, google authenticator, others?)
> > * Revamp firewall rules to further restrict traffic between machines. 
> > * Come up with a better plan for signing servers
> > 	- In puppet or out of puppet? 
> > 	- On demand vs always on
> > 	- ssh access, console, 2factor? 
> > * Hash out a roadmap or plans around git commit signing.
> > 	- See if this is something we want to do
> > * Work on FAS security enhancements
> > 	- backup email address?
> > 	- security questions? 
> > 	- better gpg integration?
> > 	- handling for 2 factor auth
> > * Setup a simple IDS of some kind? 
> > 	- Notice non standard traffic in our internal nets
> > * Finish up keys.fedoraproject.org and announce it. 
> > * Clean up selinux AVCs and move more things to enforcing. 
> > * Your brilliant Fedora Infrastructure security related idea here. 
> > 
> > Possible dates: 
> > 
> > last week of Aug, First week of Sept? 
> > (This puts us between the Alpha and Beta freezes, and is possibly
> > enough notice to get better airfair/etc rates). 
> > somewhere in 2012-08-27 to 2012-09-10
> > 
> > First 2 weeks in Nov?
> > (After F18 is released, before thanksgiving)
> > somewhere in 2012-11-05 to 2012-11-16
> > 
> > Right before next Fudcon? 
> > 2013-01-15 to 2013-01-17?
> > 
> > Your exciting better dates here. 
> > 
> > Possible locations: 
> > 
> > Red Hat HQ in RDU?
> > 	pros: can probably get a room/network and pull in other RH folks
> > 
> > Westford, MA
> > 	pros: could probably get a room/network and pull in other RH
> > 	engr folks. 
> > 
> > Other location here: 
> > 	must be cheap to fly to/stay at, and have a facility we could
> > 	meet at and use. 
> > 
> > So, this is more a 'is there enough interest in this to peruse it' type
> > of email. 
> > 
> > How many folks would be interested in going to something like this? 
> > 
> > What dates or places would you prefer?
> > 
> > Is there another topic that would be a better thing to do than
> > Security? I can think of several more topics if we would prefer
> > something else (Fixing our application logging could be it's own FAD by
> > itself). 
> > 
> > Thoughts?
> > 
> > kevin
> > 
> > 
> > 
> > _______________________________________________
> > infrastructure mailing list
> > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> > https://admin.fedoraproject.org/mailman/listinfo/infrastructure
> > 
> 
> 
> 
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 490 bytes
> Desc: OpenPGP digital signature
> URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20120612/9842323f/attachment-0001.sig>
> 
> ------------------------------
> 
> Message: 5
> Date: Tue, 12 Jun 2012 20:09:26 -0600
> From: Stephen John Smoogen <smooge@xxxxxxxxx>
> To: Fedora Infrastructure <infrastructure@xxxxxxxxxxxxxxxxxxxxxxx>
> Subject: Re: mulling the idea of a Infrastructure Security FAD (fedora
> 	activity day)
> Message-ID:
> 	<CANnLRdisY0Wpv+mcX2Ob5s87BfMja4WnUqWUQTEQkynyeJWTkg@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset=windows-1252
> 
> On 12 June 2012 17:03, Kevin Fenzi <kevin@xxxxxxxxx> wrote:
> > Greetings.
> >
> > I've been toying with the idea of a Fedora Infrastructure FAD (Fedora
> > Activity Day) around getting our security tasks further along/mapped
> > out, or just done. We can do all these things remotely, but sitting
> > down with less distractions and getting things done or deciding on
> > roadmaps may work faster/better in person.
> >
> > More information on FAD's:
> > http://fedoraproject.org/wiki/Fedora_Activity_Day_-_FAD
> >
> > Some possible Goals:
> >
> > * Put in place our 2 factor authentication solution.
> >        - Enable globally for sudo.
> >        - Come up with plan/roadmap for applications 2 factor
> >          authentication.
> >        - enable more 2nd factors if we only have one working.
> >          (yubikey, google authenticator, others?)
> 
> I think this would be a good focus. We are looking at a 2 day
> work-fest (meaning many people would be block out 4 days (2 to travel,
> 2 to work)) and I think that would take up most of that 2 days. The
> next primary focus would be mapping what we have and how they talk to
> each other. Getting to know what is around and how it talks to
> everything is a time consuming task but once it is done, it makes
> figuring out what is left out in the wind, what we care about and what
> we don't much easier.
> 
> > * Revamp firewall rules to further restrict traffic between machines.
> > * Come up with a better plan for signing servers
> >        - In puppet or out of puppet?
> >        - On demand vs always on
> >        - ssh access, console, 2factor?
> > * Hash out a roadmap or plans around git commit signing.
> >        - See if this is something we want to do
> > * Work on FAS security enhancements
> >        - backup email address?
> >        - security questions?
> >        - better gpg integration?
> >        - handling for 2 factor auth
> > * Setup a simple IDS of some kind?
> >        - Notice non standard traffic in our internal nets
> > * Finish up keys.fedoraproject.org and announce it.
> > * Clean up selinux AVCs and move more things to enforcing.
> > * Your brilliant Fedora Infrastructure security related idea here.
> >
> > Possible dates:
> >
> > last week of Aug, First week of Sept?
> > (This puts us between the Alpha and Beta freezes, and is possibly
> > enough notice to get better airfair/etc rates).
> > somewhere in 2012-08-27 to 2012-09-10
> >
> > First 2 weeks in Nov?
> > (After F18 is released, before thanksgiving)
> > somewhere in 2012-11-05 to 2012-11-16
> >
> > Right before next Fudcon?
> > 2013-01-15 to 2013-01-17?
> >
> > Your exciting better dates here.
> >
> > Possible locations:
> >
> > Red Hat HQ in RDU?
> >        pros: can probably get a room/network and pull in other RH folks
> >
> > Westford, MA
> >        pros: could probably get a room/network and pull in other RH
> >        engr folks.
> >
> > Other location here:
> >        must be cheap to fly to/stay at, and have a facility we could
> >        meet at and use.
> >
> > So, this is more a 'is there enough interest in this to peruse it' type
> > of email.
> >
> > How many folks would be interested in going to something like this?
> >
> > What dates or places would you prefer?
> >
> > Is there another topic that would be a better thing to do than
> > Security? I can think of several more topics if we would prefer
> > something else (Fixing our application logging could be it's own FAD by
> > itself).
> >
> > Thoughts?
> >
> > kevin
> >
> > _______________________________________________
> > infrastructure mailing list
> > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> > https://admin.fedoraproject.org/mailman/listinfo/infrastructure
> 
> 
> 


_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure



[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux