From Fedora Project Wiki

< FWN‎ | Beats
 
(20 intermediate revisions by 2 users not shown)
Line 8: Line 8:
Contributing Writer:  [[HuzaifaSidhpurwala|Huzaifa Sidhpurwala]]
Contributing Writer:  [[HuzaifaSidhpurwala|Huzaifa Sidhpurwala]]


=== Why Puppet uses config instead of configs ===
=== Intrusion update ===
[[MikeMcGrath| Mike McGrath]] sent a link <ref>https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.html</ref> to the list about the intrusion which was sent to the fedora-announce-list earlier.<ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00277.html</ref>


[[SusmitShannigrahi|susmit shannigrahi]] asked[1] on the @fedora-infrastructure-list asked why, in the fedora-infrastructure implementation of puppet when we add a new file, in the .pp file the path is written as puppet:///config where as the actual path of the file is in the configs directory. To this Jeroen van Meeuwen answered [2] by saying that the [config] fileserver mount may point to /path/to/configs which may allow this discrepancy to exist.
Mike said that he was waiting to discuss authentication mechanisms for the fedora-servers, Since passwords+ssh keys are not the most secure authentication mechanism. Also it seems that fedora does not have the budget for any RSA token like system for authentication.


[1] https://www.redhat.com/archives/fedora-infrastructure-list/2009-January/msg00084.html
There was a lot of discussion on this thread, with various people proposing different authentication mechanisms which could be used.


[2] https://www.redhat.com/archives/fedora-infrastructure-list/2009-January/msg00085.html
[[Dennis Gilmore|DennisGilmore]] started a similar thread about Auth Mechanims<ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00294.html</ref> on which he discussed using etoken or Yubikey for authentication.
It was a two factor authentication and therefore was more secure than passphrase or ssh keys.


=== Fedora Security Policy ===
<references/>
 
[[MikeMcGrath|Mike McGrath]] wrote[3] on the @fedora-infrastructure-list about the proposed Fedora Security Policy. Mike asked that he would like everyone in the sysadmin-* group to be compliant with this policy.
 
[3] https://www.redhat.com/archives/fedora-infrastructure-list/2009-January/msg00103.html
 
On this thread several people commented about changes they would propose in iptables[4] & [5]
 
 
[4] https://www.redhat.com/archives/fedora-infrastructure-list/2009-January/msg00105.html
 
[5] https://www.redhat.com/archives/fedora-infrastructure-list/2009-January/msg00107.html

Latest revision as of 04:36, 6 April 2009

Infrastructure

This section contains the discussion happening on the fedora-infrastructure-list

http://fedoraproject.org/wiki/Infrastructure

Contributing Writer: Huzaifa Sidhpurwala

Intrusion update

Mike McGrath sent a link [1] to the list about the intrusion which was sent to the fedora-announce-list earlier.[2]

Mike said that he was waiting to discuss authentication mechanisms for the fedora-servers, Since passwords+ssh keys are not the most secure authentication mechanism. Also it seems that fedora does not have the budget for any RSA token like system for authentication.

There was a lot of discussion on this thread, with various people proposing different authentication mechanisms which could be used.

DennisGilmore started a similar thread about Auth Mechanims[3] on which he discussed using etoken or Yubikey for authentication. It was a two factor authentication and therefore was more secure than passphrase or ssh keys.

  1. https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.html
  2. https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00277.html
  3. https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00294.html
Retrieved from "https://fedoraproject.org/w/index.php?title=FWN/Beats/Infrastructure&oldid=95341"