MPU Meeting Friday 15th March 2013

SL6 Server Upgrades

There was some discussion of the final report for this project. Stephen will add a summary of our thoughts on which upgrades were essential and which could have been done over a longer timescale as part of the normal operational lifecycle of a service.

Security Enhancements

Stephen has mainly been focussing on writing his talk (Do bad guys work weekends?) for the FLOSS UK Spring Conference. This has given him some inspiration on ways in which we can monitor SSH login activity on a daily basis and spot the important issues with a minimal amount of effort. This work has also involved a lot more personal development related to learning Python.

Some work has been done on BuzzSaw. Stephen has added a new UserClassifier module which can classify the username into one of (root, nonperson, real, others). This makes it easier to run queries to find login failures which are likely to be malicious attacks. This module is a post-processor which works for all BuzzSaw filters which add a value for the userid field (currently SSH and Cosign).

Alastair read through the rkhunter docs, he noted that it would be very helpful to have notes on how to use the component to generate a new configuration file when the file is not stored locally on the machine.

Inventory

Nothing happened.

Login Logs Viewer

Nothing happened. Stephen will chase up George about the Data Protection statement.

Sleep Enhancements

Chris has written a basic BuzzSaw report which emails the list of all sleep events for the previous day. The first run of this had an issue which meant it sent out a list of all recorded events for the day (not just sleep related), Stephen will fix this by setting a sensible default for the tags to be queried.

We need to think carefully about how to roll out the new sleep behaviour without upsetting our users. We should get David Sterratt involved with writing the announcement. We need to focus on why doing this is a good thing and what it will achieve. Before it goes live we need to find a few more beta testers.

Virtual DICE Image

Chris has started looking at creating a virtual DICE image using virtualbox. He is using DIY DICE but has had some problems with installs using PXE. It is likely that this is because the VM does not have a static IP address and thus does not the necessary DHCP or PXE configuration. We should check that this still does all work correctly. It should be possible to install the VM using a static address and then at a later time switch to using a dynamic address.

With virtualbox it should be possible to create images which are suitable for various different virtualisation software on different platforms (i.e. Windows and MacOSX ).

Misc Devel

Not much other development work this week.

Operational

DIYDICE and SL6.2

We need to check that all the DIY DICE machines are using SL6.3, in particular we should look at Paul's HP machines.

samba issues

There were lots of dependency problems with the new version of samba which has been backported from SL6.4. This required an extra stable release to be pushed out to help external users (Alastair and MDP).

xorg update

There is a security fix for xorg packages. This notes that it introduces an ABI change that could affect graphics drivers which are not part of the SL distribution. Stephen will upgrade the nvidia and Catalyst drivers this week so that next week the xorg updates can be shipped.

fglrx and sleep

There are some problems with the Catalyst graphics driver (fglrx) and sleeping machines. The details are recorded in RT#61251. Stephen suggested just removing the definition of the DICE_OPTIONS_VIDEO_ATI macro from the LCFG profile, running updaterpms and then rebooting. In most cases we no longer require this driver to be installed. It was removed from all lab machines as part of the upgrade to SL6.3 but the office desktop machines were not done at that time.

MPU RT queue

Can MPU receive an email every time a ticket appears in the RT queue? Stephen will check with Alison.

Next stable release

Alastair will be making the stable release on Wednesday.

Project meeting

We will hold a meeting on Friday 22nd March at 2pm to discuss the next round of projects.

This Week

• Alastair
  • work out how many physical machines were virtualised -> add to SL6 report
  • read rkhunter, auditd and buzzsaw documentation. Couldn't find buzzsaw documentation
  • Read Chris's virtual DICE project proposal
  • Look at DIYDICE documentation
  • Educate individuals about inappropriate KVM guest sizes
  • Look at gconf component for reducing default time for monitor display turnoffReady to ship
  • Create an MPU KVM server header - finish off and deploy - too nervous about deploying on live servers
  • Reload inventory project into brain
  • Think about projects
  • RT tickets

• Chris
  • Poll for some more sleeping volunteers
  • Talk to David Sterratt about sleep rollout
  • Finish off sleep buzzsaw report
  • Work on virtual DICE image project
  • Fix DIYDICE to be SL6.3 -> check with Paul's HP machines first
  • Take SL6 report for signoff
  • UKUUG
  • Think about projects
  • RT tickets

• Stephen
  • Finish off buzzsaw docs
  • Finish off SL6 report
  • UKUUG
  • Think about projects
  • Ask Alison about RT email when tickets are assigned to MPU or created in MPU queue
  • RT tickets
  • Read Chris's virtual DICE project proposal

• Carol
  • carry out an audit to make sure that all guests are still required
    • to free up resources for new guests,
    • shouldn't leave unused, half-managed machines lying around

-- AlastairScobie - 15 Mar 2013