Half Day Tutorial covering advanced security for SysAdmins.
This class takes an unconventional approach to advanced security for system administrators. The approach is based on the idea that we can usually figure out how to secure something once we know what needs securing, but the difficulty is usually in enumerating the things that require security.
In this class, you will learn how to perform a comprehensive evaluation of your workplace security. This encompasses any organizational policies, applicable government regulations effecting system administration, network topology, personnel involved, systems, and other areas requiring evaluation to understand the full spectrum of security issues at a particular workplace.
The goal is for you to take home a detailed list of questions to answer and risks to evaluate, as well as the tools to answer those questions, evaluate those risks, and propose solutions to meet the security needs of your organization.
How to use open source tools to create a completely (or nearly so) automated deployment system.
Having worked at a couple of very large Linux installations (one of them having four thousand servers across three data centers, and one having about six hundred across two), and having built one of these environments completely from scratch, it becomes obvious very quickly that normal manual deployment processes, such as using a CDROM or other physical boot media, simply do not scale. Add to that configuration for different server roles and application deployment, it becomes obvious that an automated end-to-end deployment system becomes the only way forward.
This talk will cover creating and end-to-end deployment system with little to no manual intervention, using only open source tools. The open source tools involved are:
- RT/AT (Asset Tracker)
- dhcpd (and the pros and cons of using your own integration script)
I will discuss how to turn these tools into a deployment system which will allow you, once configured, to quickly and easily set up as many servers at a time as you have SSH sessions available, and even ways to not have to use SSH sessions and kick the build off programmatically, using expect and other such tools, and to do so using different configuration and application profiles, all controlled from a central information source.
How we are booting millions of Linux kernels with KVM and Lguest
As part of our efforts to study botnets and their effect on Internets, we are booting millions of Linux kernels. To make this scale work, the Linux images must be small (16 MB or less). Observation is also an issue; even tiny information streams, scaled to 10 million, can be overwhelming. In this talk I will discuss our work and the systems we are using for the actual runs.
Users of the git revision control system discuss tips, configuration and tools for using it effectively.
Major free software projects including Linux, Samba,
and X are relying on git, and software collaboration
sites including GitHub, Gitorious, and Sourceforge
support it. But more than any other revision control
system, git has spawned a bewildering array of hacks,
hooks, and alternate workflows.
This panel discussion will bring together a variety of
git users--who use it for tasks such as open-source
and in-house software projects, a public web site,
system administration, a wiki, and small-scale
individual projects. As panel moderator, I'll
coordinate the panelists to discuss deploying
and managing software with git, how to implement
policy and workflow (including how to use git as a
centralized revision control system), and the ultimate
git hook: a git-backed wiki.
The panel should inform Linux users who just want to
follow the latest version of their favorite software
or track down a bug with "git bisect," help webmasters
and sysadmins who want something more than rsync,
and of course give software developers some ideas
about productive ways to work together.