From Fedora Project Wiki

No edit summary
m (Added infrastructure category)
 
(40 intermediate revisions by 10 users not shown)
Line 5: Line 5:
In this FAD we will focus on some security related projects to get them done and deployed.  
In this FAD we will focus on some security related projects to get them done and deployed.  


* primary goal: Finish implementation and deployment of 2 factor authentication for sudo for all machines.  
* primary goal: Finish implementation and deployment of 2 factor authentication for sudo on all machines.
 
* FAS Changes
** Fleshing out a [[FAD_Infrastructure_Security_2012/FAS_plan | detailed plan]] to replace this
 
** Enabling 2 factor / pin setup.
 
** Way to reset when 2 factor is lost/stolen/broken
 
** backup codes?
 
** figure out which backends are supported. (googleauth? yubikey?)
 
** See if web apps can be made easily 2 factor aware.
 
** way to enforce 2 factor for some groups?
 
* Infrastructure setup
 
** setup server/cgi on fas machines
 
** setup backends
 
** setup pam module / confirm sudo working
 
* Extra Credit
 
** Enable 2 factor for ssh (optional ability for packagers to use for commits)
 
** Enable 2 factor for web apps
 
** Enable 2 factor for hosted / nagios / misc


In addition, we may attempt to complete the following '''secondary''' goals as time allows:
In addition, we may attempt to complete the following '''secondary''' goals as time allows:


* secondary goal(s):  
* secondary goal(s):  
* Redo koji ssl certs in a better way.
* Revamp firewall rules to further restrict traffic between machines.
* Come up with a better plan for signing servers
- In puppet or out of puppet?
- On demand vs always on
- ssh access, console, 2factor?
* Hash out a roadmap or plans around git commit signing.
- See if this is something we want to do
* Work on FAS security enhancements
- backup email address?
- security questions?
- better gpg integration?
- handling for 2 factor auth
* Setup a simple IDS of some kind?
- Notice non standard traffic in our internal nets
* Finish up keys.fedoraproject.org and announce it.
* Clean up selinux AVCs and move more things to enforcing.


== Detailed Work Items & Final Attendees ==
== Detailed Work Items & Final Attendees ==
[[FAD_Infrastructure_Security_2012/attendees | Attendees]]
 
[[FAD_Infrastructure_Security_2012#Attendees | Attendees]]
 
People needed to get primary objective done:
 
* FAS developers - code needed fas changes. toshio, relrod, ricky, mmcgrath, etc
 
* Sysadmins - deploy server and pam changes. skvidal, kevin, smooge, relrod etc
 
* Developers - fix issues with pam or cgi parts, help integrate with backends/fas. pam devs, mricon for cgi server side, folks who know about security code.
 
People good to have to get other secondary objectives done:
 
* Rel-eng - signing server security, cert rework. dgilmore.
 
* Other folks who know IDSes, git commit signing, etc.
 
=== Attendees ===
 
The table should be pretty self-explanatory.
 
{| class="wikitable"
|-
! FAS Username !! Real Name !! Airfare cost to RDU  !! Roommate !! notes !! arrival 11/26 !! departure 11/29
|-
| kevin || Kevin Fenzi || $356.69 || -- || rsuehle booked flight 10/24 || 5:30 PM || 12:25 PM
|-
| herlo || Clint Savage || $593.20 || -- || herlo booked own flight || 7:05 PM || 6:30 PM
|-
| smooge || Stephen Smoogen || $0 || -- || smooge booked his own flight for partially personal purposes
|-
| skottler || Sam Kottler || $298.60 || -- || rsuehle booked flight 10/24 || 2:37 PM || 3:30 PM
|-
| codeblock || Ricky Elrod || $330.20 || -- || rsuehle booked flight 11/1 || 6:53 PM || 12:50 PM
|-
| nb || Nick Bebout || $459.20 || -- || lh booked flight 11/12 || 10:16 PM || 9:45 AM
|-
| toshio || Toshio Kuratomi || $553 || -- || rsuehle booked flight 10/31 || 11:55PM (AA1902) || leaving 12/4
|-
| <strike>whiterhino || Jason Taylor || ~$360</strike> || -- || Has not responded to emails; presumed not coming.
|-
| ausil || Dennis Gilmore || ~$350  || -- ||
|-
| icon || Konstantin Ryabitsev || 0 ||  n/a || Costs covered by LF || 11:05 AM (AC7974) || 2012-11-30 11:40 AM
|-
| skvidal || Seth Vidal || 0 || n/a || Lives locally
|-
| puiterwijk || Patrick Uiterwijk || 0 ||  n/a || Remote
|-
| pingou || Pierre-Yves Chibon || 0 || n/a || Remote
|-
| ctria || Christos Triantafyllidis || 0 || n/a || Remote
|-
| laxathom || Xavier Lamien || 0 || n/a || remote
|}
 
Note -- we may need someone(s) who can provide transportation
 
Five hotel rooms have been reserved at the Raleigh Marriott under Ruth Suehle. Total cost: $2350.85
 
= Interested Attendees =
 
The table should be pretty self-explanatory.


== Planning Prerequisites ==
== Planning Prerequisites ==
Line 27: Line 145:


== Plan ==
== Plan ==
# '''Location:'''
 
# '''Date:'''  
TBD
 
# '''Location:''' RDU
# '''Date:''' November 26-29, 2012
# '''Schedule'''
# '''Schedule'''
#* Participants arrive at THIS_TIME_AND_DATE
#* Participants arrive all day November 26, 2012
#* Schedule item
#* Schedule item
#* Schedule item
#* Schedule item
#* Schedule item
#* Schedule item
#* Participants leave at THIS_TIME_AND_DATE
#* Participants leave at November 29, 2012
# Important skills (one or more)
# Important skills (one or more)
#* skill
#* skill
Line 59: Line 180:


== Budget ==
== Budget ==
'''If you want funding from Red Hat, ask the [[CommunityArchitecture|Community Architecture]] team. If you can find other ways to fund your FAD, that's great too!'''


{|
{|
Line 72: Line 191:
|}
|}


# '''Travel:'''  $A for airfare, bus, train, etc. funding needed to get attendees to the FAD
2246.4 2960 8884.4
# '''Housing:'''  $B for hotel, etc. needed to have attendees sleep during the FAD
 
#* link to hotel room booking website, if applicable
# '''Travel:'''  $3678 estimated in airfare above
# '''Space:''' $C for renting space to hack in, if applicable
# '''Housing:'''  $2246 estimate for five rooms (rsuehle will book)
#* address and travel details for the space
# '''Space:''' Red Hat
# '''Supplies:''' $D for anything else you may need
# '''Social event/food'''
#* item
#* item
#* item


''Total budget:  $A+B+C+D
''Total budget:  $A+B+C+D


[[Category:FAD]]
[[Category:FAD]]
[[Category:Infrastructure]]

Latest revision as of 20:14, 13 February 2014

This is the main page for The Fedora Infrastructure 2012 Security FAD, which is a FAD focused on Security.

Purpose

In this FAD we will focus on some security related projects to get them done and deployed.

  • primary goal: Finish implementation and deployment of 2 factor authentication for sudo on all machines.
    • Enabling 2 factor / pin setup.
    • Way to reset when 2 factor is lost/stolen/broken
    • backup codes?
    • figure out which backends are supported. (googleauth? yubikey?)
    • See if web apps can be made easily 2 factor aware.
    • way to enforce 2 factor for some groups?
  • Infrastructure setup
    • setup server/cgi on fas machines
    • setup backends
    • setup pam module / confirm sudo working
  • Extra Credit
    • Enable 2 factor for ssh (optional ability for packagers to use for commits)
    • Enable 2 factor for web apps
    • Enable 2 factor for hosted / nagios / misc

In addition, we may attempt to complete the following secondary goals as time allows:

  • secondary goal(s):
  • Redo koji ssl certs in a better way.
  • Revamp firewall rules to further restrict traffic between machines.
  • Come up with a better plan for signing servers

- In puppet or out of puppet? - On demand vs always on - ssh access, console, 2factor?

  • Hash out a roadmap or plans around git commit signing.

- See if this is something we want to do

  • Work on FAS security enhancements

- backup email address? - security questions? - better gpg integration? - handling for 2 factor auth

  • Setup a simple IDS of some kind?

- Notice non standard traffic in our internal nets

  • Finish up keys.fedoraproject.org and announce it.
  • Clean up selinux AVCs and move more things to enforcing.

Detailed Work Items & Final Attendees

Attendees

People needed to get primary objective done:

  • FAS developers - code needed fas changes. toshio, relrod, ricky, mmcgrath, etc
  • Sysadmins - deploy server and pam changes. skvidal, kevin, smooge, relrod etc
  • Developers - fix issues with pam or cgi parts, help integrate with backends/fas. pam devs, mricon for cgi server side, folks who know about security code.

People good to have to get other secondary objectives done:

  • Rel-eng - signing server security, cert rework. dgilmore.
  • Other folks who know IDSes, git commit signing, etc.

Attendees

The table should be pretty self-explanatory.

FAS Username Real Name Airfare cost to RDU Roommate notes arrival 11/26 departure 11/29
kevin Kevin Fenzi $356.69 -- rsuehle booked flight 10/24 5:30 PM 12:25 PM
herlo Clint Savage $593.20 -- herlo booked own flight 7:05 PM 6:30 PM
smooge Stephen Smoogen $0 -- smooge booked his own flight for partially personal purposes
skottler Sam Kottler $298.60 -- rsuehle booked flight 10/24 2:37 PM 3:30 PM
codeblock Ricky Elrod $330.20 -- rsuehle booked flight 11/1 6:53 PM 12:50 PM
nb Nick Bebout $459.20 -- lh booked flight 11/12 10:16 PM 9:45 AM
toshio Toshio Kuratomi $553 -- rsuehle booked flight 10/31 11:55PM (AA1902) leaving 12/4
whiterhino Jason Taylor ~$360 -- Has not responded to emails; presumed not coming.
ausil Dennis Gilmore ~$350 --
icon Konstantin Ryabitsev 0 n/a Costs covered by LF 11:05 AM (AC7974) 2012-11-30 11:40 AM
skvidal Seth Vidal 0 n/a Lives locally
puiterwijk Patrick Uiterwijk 0 n/a Remote
pingou Pierre-Yves Chibon 0 n/a Remote
ctria Christos Triantafyllidis 0 n/a Remote
laxathom Xavier Lamien 0 n/a remote

Note -- we may need someone(s) who can provide transportation

Five hotel rooms have been reserved at the Raleigh Marriott under Ruth Suehle. Total cost: $2350.85

Interested Attendees

The table should be pretty self-explanatory.

Planning Prerequisites

See the How to organize a FAD list; you can keep your to-do list here.

  • Work out budget
  • Decide on Dates and Location
  • Arrange Facilities
  • List Resources
  • Arrange Lodging
  • Arrange Refreshments
  • Arrange a Social Event

Plan

TBD

  1. Location: RDU
  2. Date: November 26-29, 2012
  3. Schedule
    • Participants arrive all day November 26, 2012
    • Schedule item
    • Schedule item
    • Schedule item
    • Participants leave at November 29, 2012
  4. Important skills (one or more)
    • skill
    • skill
    • skill
  5. Personnel (people who might fit the bill)
    • Name (location, role) Confirmed? (Y/N)
    • Name (location, role) Confirmed? (Y/N)
    • Name (location, role) Confirmed? (Y/N)
    • others?
  6. Other considerations
    • Contributor V can offer a living room for evening social gatherings.
    • Contributor W has a car and is willing to do airport pick-ups.
    • Contributor X needs as much advance notice as possible.
    • Contributor Y has a schedule that is better on Fridays than on Tuesdays, and prefers weekend times after 4:28 AM.
    • Contributor Z is allergic to peanuts.

Logistics

Snacks/Beverages: Details go here.

Lunch: Details go here.

Dinner: Details go here.

Budget

Contributor Dept Arrv Dept Arrv Cost
Name Travel to FAD, departure Travel to FAD, arrival Travel from FAD, departure Travel from FAD, arrival Ticket cost
Name Travel to FAD, departure Travel to FAD, arrival Travel from FAD, departure Travel from FAD, arrival Ticket cost
Name Travel to FAD, departure Travel to FAD, arrival Travel from FAD, departure Travel from FAD, arrival Ticket cost

2246.4 2960 8884.4

  1. Travel: $3678 estimated in airfare above
  2. Housing: $2246 estimate for five rooms (rsuehle will book)
  3. Space: Red Hat
  4. Social event/food

Total budget: $A+B+C+D

Retrieved from "https://fedoraproject.org/w/index.php?title=FAD_Infrastructure_Security_2012&oldid=369844"