[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: umce.linu agenda items
I'd like to discuss radmind security and open ssh sessions at the
meeting. I brought it up via email to a murmur of agreement that it's a
problem, etc, but we couldn't agree on an action (social v. technical).
'Word on the street' is that peer pressure is ineffective in getting
people to deal with their su'd sessions responsibly. We could mail
nightly to umce.linux, Kitty and the hacker community the users with
sessions over one day, and populate a dart board with their likenesses.
Or I could hijack the gpcc-linux pool from someone's open session and
change the MOTD to choice observations about their mama(s). Maybe
tshirts with "UMCE Linux: No rootkit required" could be ordered ;-)
We share the radmind server and we've made a lot of progress in trust
in the UMCE. If the users who may want to keep open sessions can
vouch for the security of their desktops then that will be fine, but I
didn't hear from any of them after my first message, and a quick 'w'
and 'last | grep \+ | head' tells me the situation isn't resolved. How
secure is a locking screensaver on a solaris desktop? I don't know,
but I hope they do.
In summary, I'd like 15-20 minutes on the agenda to discuss this.
On Apr 4, 2005, at 3:52 PM, Katarina Lukaszewicz wrote:
Please submit items for Wednesday meeting at 3pm, meeting
will be in the corner conference room, around the corner from
part of Blackops oncall and technical administrative support
for UMCE services