North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Security Practices question
- From: just me
- Date: Thu Oct 03 17:10:10 2002
On 2 Oct 2002, Michael Lamoureux wrote:
But the real answer is:
The same way you maintain everything else on the same 4000 machines.
I assume if you're running 4000 machines you have some cookie-cutter
secured baseline OS load that gets installed on them all when they're
loaded, and then something like home-grown perl scripts wrapped around
rdist or rsync, or a specific tool for the purpose like cfengine or
synctree to push out changes and keep them all under control. I would
assume that the sudoers file could be pushed out with the same
mechanism. Or am I missing some implied complexity in your situation?
If the implication is that you have 4000 one-off machines, I retract
my next statement. ;-)
I was assuming a more complex configuration than the wide-open one
advocated by Barb, which seems to add little to no security benefit.
I'm sorry I wasn't clear on this point; of course pushing out a single
file to n machines shouldn't be a problem.
BTW, I really envy "just me". I have yet to work anywhere where every
[insert position here] is actually interchangable. Must be nice.
We're talking best practices here, right?
Flowers on the razor wire/I know you're here/We are few/And far
between/I was thinking about her skin/Love is a many splintered
thing/Don't be afraid now/Just walk on in. #include <disclaim.h>