Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Security Practices question

  • From: just me
  • Date: Thu Oct 03 17:10:10 2002

On 2 Oct 2002, Michael Lamoureux wrote:

  But the real answer is:

  The same way you maintain everything else on the same 4000 machines.
  I assume if you're running 4000 machines you have some cookie-cutter
  secured baseline OS load that gets installed on them all when they're
  loaded, and then something like home-grown perl scripts wrapped around
  rdist or rsync, or a specific tool for the purpose like cfengine or
  synctree to push out changes and keep them all under control.  I would
  assume that the sudoers file could be pushed out with the same
  mechanism.  Or am I missing some implied complexity in your situation?
  If the implication is that you have 4000 one-off machines, I retract
  my next statement.  ;-)

I was assuming a more complex configuration than the wide-open one
advocated by Barb, which seems to add little to no security benefit.

I'm sorry I wasn't clear on this point; of course pushing out a single
file to n machines shouldn't be a problem.

  BTW, I really envy "just me".  I have yet to work anywhere where every
  [insert position here] is actually interchangable.  Must be nice.

We're talking best practices here, right?

matto

--mghali@snark.net------------------------------------------<darwin><
   Flowers on the razor wire/I know you're here/We are few/And far
   between/I was thinking about her skin/Love is a many splintered
   thing/Don't be afraid now/Just walk on in. #include <disclaim.h>





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.