[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: umce.linu agenda items




I'd like to discuss radmind security and open ssh sessions at the meeting. I brought it up via email to a murmur of agreement that it's a problem, etc, but we couldn't agree on an action (social v. technical).


'Word on the street' is that peer pressure is ineffective in getting people to deal with their su'd sessions responsibly. We could mail nightly to umce.linux, Kitty and the hacker community the users with sessions over one day, and populate a dart board with their likenesses. Or I could hijack the gpcc-linux pool from someone's open session and change the MOTD to choice observations about their mama(s). Maybe tshirts with "UMCE Linux: No rootkit required" could be ordered ;-)

We share the radmind server and we've made a lot of progress in trust in the UMCE. If the users who may want to keep open sessions can vouch for the security of their desktops then that will be fine, but I didn't hear from any of them after my first message, and a quick 'w' and 'last | grep \+ | head' tells me the situation isn't resolved. How secure is a locking screensaver on a solaris desktop? I don't know, but I hope they do.

In summary, I'd like 15-20 minutes on the agenda to discuss this.

Gabrielle


On Apr 4, 2005, at 3:52 PM, Katarina Lukaszewicz wrote:


Please submit items for Wednesday meeting at 3pm,  meeting
will be in the corner conference room,  around the corner from
2525.

Katarina Lukaszewicz
part of Blackops oncall and technical administrative support
for UMCE services