From Fedora Project Wiki

Revision as of 03:14, 8 August 2012 by Kevin (talk | contribs) (add some more details and flesh things out some)

This is the main page for The Fedora Infrastructure 2012 Security FAD, which is a FAD focused on Security.


In this FAD we will focus on some security related projects to get them done and deployed.

  • primary goal: Finish implementation and deployment of 2 factor authentication for sudo on all machines.
  • FAS Changes
    • Enabling 2 factor / pin setup.
    • Way to reset when 2 factor is lost/stolen/broken
    • backup codes?
    • figure out which backends are supported. (googleauth? yubikey?)
    • See if web apps can be made easily 2 factor aware.
    • way to enforce 2 factor for some groups?
  • Infrastructure setup
    • setup server/cgi on fas machines
    • setup backends
    • setup pam module / confirm sudo working
  • Extra Credit
    • Enable 2 factor for ssh (optional ability for packagers to use for commits)
    • Enable 2 factor for web apps
    • Enable 2 factor for hosted / nagios / misc

In addition, we may attempt to complete the following secondary goals as time allows:

  • secondary goal(s):
  • Revamp firewall rules to further restrict traffic between machines.
  • Come up with a better plan for signing servers

- In puppet or out of puppet? - On demand vs always on - ssh access, console, 2factor?

  • Hash out a roadmap or plans around git commit signing.

- See if this is something we want to do

  • Work on FAS security enhancements

- backup email address? - security questions? - better gpg integration? - handling for 2 factor auth

  • Setup a simple IDS of some kind?

- Notice non standard traffic in our internal nets

  • Finish up and announce it.
  • Clean up selinux AVCs and move more things to enforcing.

Detailed Work Items & Final Attendees


People needed to get primary objective done:

  • FAS developers - code needed fas changes. toshio, relrod, ricky, mmcgrath, etc
  • Sysadmins - deploy server and pam changes. skvidal, kevin, etc
  • Developers - fix issues with pam or cgi parts, help integrate with backends/fas. pam devs, mricon for cgi server side, folks who know about security code.

Planning Prerequisites

See the How to organize a FAD list; you can keep your to-do list here.

  • Work out budget
  • Decide on Dates and Location
  • Arrange Facilities
  • List Resources
  • Arrange Lodging
  • Arrange Refreshments
  • Arrange a Social Event


  1. Location:
  2. Date:
  3. Schedule
    • Participants arrive at THIS_TIME_AND_DATE
    • Schedule item
    • Schedule item
    • Schedule item
    • Participants leave at THIS_TIME_AND_DATE
  4. Important skills (one or more)
    • skill
    • skill
    • skill
  5. Personnel (people who might fit the bill)
    • Name (location, role) Confirmed? (Y/N)
    • Name (location, role) Confirmed? (Y/N)
    • Name (location, role) Confirmed? (Y/N)
    • others?
  6. Other considerations
    • Contributor V can offer a living room for evening social gatherings.
    • Contributor W has a car and is willing to do airport pick-ups.
    • Contributor X needs as much advance notice as possible.
    • Contributor Y has a schedule that is better on Fridays than on Tuesdays, and prefers weekend times after 4:28 AM.
    • Contributor Z is allergic to peanuts.


Snacks/Beverages: Details go here.

Lunch: Details go here.

Dinner: Details go here.


If you want funding from Red Hat, ask the Community Architecture team. If you can find other ways to fund your FAD, that's great too!

Contributor Dept Arrv Dept Arrv Cost
Name Travel to FAD, departure Travel to FAD, arrival Travel from FAD, departure Travel from FAD, arrival Ticket cost
Name Travel to FAD, departure Travel to FAD, arrival Travel from FAD, departure Travel from FAD, arrival Ticket cost
Name Travel to FAD, departure Travel to FAD, arrival Travel from FAD, departure Travel from FAD, arrival Ticket cost
  1. Travel: $A for airfare, bus, train, etc. funding needed to get attendees to the FAD
  2. Housing: $B for hotel, etc. needed to have attendees sleep during the FAD
    • link to hotel room booking website, if applicable
  3. Space: $C for renting space to hack in, if applicable
    • address and travel details for the space
  4. Supplies: $D for anything else you may need
    • item
    • item
    • item

Total budget: $A+B+C+D