From Fedora Project Wiki

(27 intermediate revisions by 9 users not shown)
Line 8: Line 8:


* FAS Changes
* FAS Changes
** Fleshing out a [[FAD_Infrastructure_Security_2012/FAS_plan | detailed plan]] to replace this


** Enabling 2 factor / pin setup.  
** Enabling 2 factor / pin setup.  
Line 64: Line 65:
* Finish up keys.fedoraproject.org and announce it.  
* Finish up keys.fedoraproject.org and announce it.  


* Clean up selinux AVCs and move more things to enforcing.  
* Clean up selinux AVCs and move more things to enforcing.


== Detailed Work Items & Final Attendees ==
== Detailed Work Items & Final Attendees ==
Line 90: Line 91:
{| class="wikitable"
{| class="wikitable"
|-
|-
! Price updated? !! FAS Username !! Real Name !! Approx. Airfare Cost (in USD) to RDU  !! notes
! FAS Username !! Real Name !! Airfare cost to RDU  !! Roommate !! notes !! arrival 11/26 !! departure 11/29
|-
|-
| yes || kevin || Kevin Fenzi || $325 ||
| kevin || Kevin Fenzi || $356.69 || -- || rsuehle booked flight 10/24 || 5:30 PM || 12:25 PM
|-
|-
| no || codeblock || Ricky Elrod || ~$320 || The airfare costs I listed were for two days (e.g. leaving on Aug. 10 and returning on Aug. 12).
| herlo || Clint Savage || $593.20 || -- || herlo booked own flight || 7:05 PM || 6:30 PM
|-
|-
| no || whiterhino || Jason Taylor || ~$360 || The airfare costs listed are for the same as codeblock's two days.
| smooge || Stephen Smoogen || $0 || -- || smooge booked his own flight for partially personal purposes
|-
|-
| no || jaysonr || Jayson Rowe || ~$50 || No airfare needed to RDU - listing $50 for fuel.
| skottler || Sam Kottler || $298.60 || -- || rsuehle booked flight 10/24 || 2:37 PM || 3:30 PM
|-
|-
| yes || toshio || Toshio Kuratomi || $606 ||
| codeblock || Ricky Elrod || $330.20 || -- || rsuehle booked flight 11/1 || 6:53 PM || 12:50 PM
|-
|-
| yes || skvidal || Seth Vidal || Free - I live here || Beginning of sept is going to be not good for me date-wise
| nb || Nick Bebout || $459.20 || -- || lh booked flight 11/12 || 10:16 PM || 9:45 AM
|-
|-
| no || ausil || Dennis Gilmore || ~$350 + hotel  ||
| toshio || Toshio Kuratomi || $553 || -- || rsuehle booked flight 10/31 || 11:55PM (AA1902) || leaving 12/4
|-
|-
| yes || puiterwijk || Patrick Uiterwijk || Remote || Any date will work because of timezones but preferably on a friday. I will help remotely, as coming to the USA is not going to work out for me.
| <strike>whiterhino || Jason Taylor || ~$360</strike> || -- || Has not responded to emails; presumed not coming.
|-
|-
| no || icon || Konstantin Ryabitsev || || My airfare can probably be covered by LF. I can probably stay with someone in Durham, too. October and after.
| ausil || Dennis Gilmore || ~$350  || -- ||
|-
|-
| yes || pingou || Pierre-Yves Chibon || Remote || Any date will work because of timezones but preferably on a friday "I will help remotely, as coming to the USA is not going to work out for me."©puiterwijk
| icon || Konstantin Ryabitsev || 0 ||  n/a || Costs covered by LF || 11:05 AM (AC7974) || 2012-11-30 11:40 AM
|-
|-
| yes || nb || Nick Bebout || ~$480 ||
| skvidal || Seth Vidal || 0 || n/a || Lives locally
|-
|-
| yes || herlo || Clint Savage || ~$600 + hotel || Pretty open for schedule for me. Most any week should work.
| puiterwijk || Patrick Uiterwijk || 0 || n/a || Remote
|-
|-
| pingou || Pierre-Yves Chibon || 0 || n/a || Remote
|-
| ctria || Christos Triantafyllidis || 0 || n/a || Remote
|-
| laxathom || Xavier Lamien || 0 || n/a || remote
|}
|}
Note -- we may need someone(s) who can provide transportation
Five hotel rooms have been reserved at the Raleigh Marriott under Ruth Suehle. Total cost: $2350.85
= Interested Attendees =
The table should be pretty self-explanatory.


== Planning Prerequisites ==
== Planning Prerequisites ==
Line 166: Line 180:


== Budget ==
== Budget ==
'''If you want funding from Red Hat, ask the [[CommunityArchitecture|Community Architecture]] team. If you can find other ways to fund your FAD, that's great too!'''


{|
{|
Line 179: Line 191:
|}
|}


# '''Travel:'''  $A for airfare, bus, train, etc. funding needed to get attendees to the FAD
2246.4 2960 8884.4
# '''Housing:'''  $B for hotel, etc. needed to have attendees sleep during the FAD
 
#* link to hotel room booking website, if applicable
# '''Travel:'''  $3678 estimated in airfare above
# '''Space:''' $C for renting space to hack in, if applicable
# '''Housing:'''  $2246 estimate for five rooms (rsuehle will book)
#* address and travel details for the space
# '''Space:''' Red Hat
# '''Supplies:''' $D for anything else you may need
# '''Social event/food'''
#* item
#* item
#* item


''Total budget:  $A+B+C+D
''Total budget:  $A+B+C+D


[[Category:FAD]]
[[Category:FAD]]

Revision as of 18:53, 22 November 2012

This is the main page for The Fedora Infrastructure 2012 Security FAD, which is a FAD focused on Security.

Purpose

In this FAD we will focus on some security related projects to get them done and deployed.

  • primary goal: Finish implementation and deployment of 2 factor authentication for sudo on all machines.
    • Enabling 2 factor / pin setup.
    • Way to reset when 2 factor is lost/stolen/broken
    • backup codes?
    • figure out which backends are supported. (googleauth? yubikey?)
    • See if web apps can be made easily 2 factor aware.
    • way to enforce 2 factor for some groups?
  • Infrastructure setup
    • setup server/cgi on fas machines
    • setup backends
    • setup pam module / confirm sudo working
  • Extra Credit
    • Enable 2 factor for ssh (optional ability for packagers to use for commits)
    • Enable 2 factor for web apps
    • Enable 2 factor for hosted / nagios / misc

In addition, we may attempt to complete the following secondary goals as time allows:

  • secondary goal(s):
  • Redo koji ssl certs in a better way.
  • Revamp firewall rules to further restrict traffic between machines.
  • Come up with a better plan for signing servers

- In puppet or out of puppet? - On demand vs always on - ssh access, console, 2factor?

  • Hash out a roadmap or plans around git commit signing.

- See if this is something we want to do

  • Work on FAS security enhancements

- backup email address? - security questions? - better gpg integration? - handling for 2 factor auth

  • Setup a simple IDS of some kind?

- Notice non standard traffic in our internal nets

  • Finish up keys.fedoraproject.org and announce it.
  • Clean up selinux AVCs and move more things to enforcing.

Detailed Work Items & Final Attendees

Attendees

People needed to get primary objective done:

  • FAS developers - code needed fas changes. toshio, relrod, ricky, mmcgrath, etc
  • Sysadmins - deploy server and pam changes. skvidal, kevin, smooge, relrod etc
  • Developers - fix issues with pam or cgi parts, help integrate with backends/fas. pam devs, mricon for cgi server side, folks who know about security code.

People good to have to get other secondary objectives done:

  • Rel-eng - signing server security, cert rework. dgilmore.
  • Other folks who know IDSes, git commit signing, etc.

Attendees

The table should be pretty self-explanatory.

FAS Username Real Name Airfare cost to RDU Roommate notes arrival 11/26 departure 11/29
kevin Kevin Fenzi $356.69 -- rsuehle booked flight 10/24 5:30 PM 12:25 PM
herlo Clint Savage $593.20 -- herlo booked own flight 7:05 PM 6:30 PM
smooge Stephen Smoogen $0 -- smooge booked his own flight for partially personal purposes
skottler Sam Kottler $298.60 -- rsuehle booked flight 10/24 2:37 PM 3:30 PM
codeblock Ricky Elrod $330.20 -- rsuehle booked flight 11/1 6:53 PM 12:50 PM
nb Nick Bebout $459.20 -- lh booked flight 11/12 10:16 PM 9:45 AM
toshio Toshio Kuratomi $553 -- rsuehle booked flight 10/31 11:55PM (AA1902) leaving 12/4
whiterhino Jason Taylor ~$360 -- Has not responded to emails; presumed not coming.
ausil Dennis Gilmore ~$350 --
icon Konstantin Ryabitsev 0 n/a Costs covered by LF 11:05 AM (AC7974) 2012-11-30 11:40 AM
skvidal Seth Vidal 0 n/a Lives locally
puiterwijk Patrick Uiterwijk 0 n/a Remote
pingou Pierre-Yves Chibon 0 n/a Remote
ctria Christos Triantafyllidis 0 n/a Remote
laxathom Xavier Lamien 0 n/a remote

Note -- we may need someone(s) who can provide transportation

Five hotel rooms have been reserved at the Raleigh Marriott under Ruth Suehle. Total cost: $2350.85

Interested Attendees

The table should be pretty self-explanatory.

Planning Prerequisites

See the How to organize a FAD list; you can keep your to-do list here.

  • Work out budget
  • Decide on Dates and Location
  • Arrange Facilities
  • List Resources
  • Arrange Lodging
  • Arrange Refreshments
  • Arrange a Social Event

Plan

TBD

  1. Location: RDU
  2. Date: November 26-29, 2012
  3. Schedule
    • Participants arrive all day November 26, 2012
    • Schedule item
    • Schedule item
    • Schedule item
    • Participants leave at November 29, 2012
  4. Important skills (one or more)
    • skill
    • skill
    • skill
  5. Personnel (people who might fit the bill)
    • Name (location, role) Confirmed? (Y/N)
    • Name (location, role) Confirmed? (Y/N)
    • Name (location, role) Confirmed? (Y/N)
    • others?
  6. Other considerations
    • Contributor V can offer a living room for evening social gatherings.
    • Contributor W has a car and is willing to do airport pick-ups.
    • Contributor X needs as much advance notice as possible.
    • Contributor Y has a schedule that is better on Fridays than on Tuesdays, and prefers weekend times after 4:28 AM.
    • Contributor Z is allergic to peanuts.

Logistics

Snacks/Beverages: Details go here.

Lunch: Details go here.

Dinner: Details go here.

Budget

Contributor Dept Arrv Dept Arrv Cost
Name Travel to FAD, departure Travel to FAD, arrival Travel from FAD, departure Travel from FAD, arrival Ticket cost
Name Travel to FAD, departure Travel to FAD, arrival Travel from FAD, departure Travel from FAD, arrival Ticket cost
Name Travel to FAD, departure Travel to FAD, arrival Travel from FAD, departure Travel from FAD, arrival Ticket cost

2246.4 2960 8884.4

  1. Travel: $3678 estimated in airfare above
  2. Housing: $2246 estimate for five rooms (rsuehle will book)
  3. Space: Red Hat
  4. Social event/food

Total budget: $A+B+C+D