Upcoming Events
Oct
16
Thu
2014
18:45 October Meeting 2014: Configurat...
October Meeting 2014: Configurat...
Oct 16 @ 18:45 – 22:45
This month, we will be covering configuration management. Scott will be discussing maintaining an infrastructure with Puppet. The talk will cover what configuration management is, why automation is a good idea, how puppet works, an[...]
Nov
20
Thu
2014
18:45 November Meeting 2014: Vulnerabi...
November Meeting 2014: Vulnerabi...
Nov 20 @ 18:45 – 22:45
This month we will be having a presentation on using metasploit for fun and profit. Jim will be presenting on his recent metasploit training and will give us usage cases, a run through of the[...]
Dec
18
Thu
2014
18:45 December Meeting 2014: Annual So...
December Meeting 2014: Annual So...
Dec 18 @ 18:45 – 22:45
This month will be our annual social. A location has been selected already, easy to get to for pretty much eneryone. More details will be provided once I have gotten the venue booked. This will[...]

View Calendar

Interesting Links

This was the first evening where we started the virtual server configuration for our mythical SMB type environment. We went over the text based install of CentOS 5.4 and initial package selection, as well as running services on the box.

After a few technical difficulties while looking up some packages (trousers and fipscheck) that were installed that had not been selected, the rest of the install was reviewed. During the ‘firstboot’ process, we went through the list of services, which was rather enlightening for all involved. It appears that a number of things that you do not normally think about are enabled by default, even when unnecessary.

TrouSerS is an implementation of the Trusted Computing Group’s Software
Stack (TSS) specification. You can use TrouSerS to write applications that
make use of your TPM hardware. TPM hardware can create, store and use RSA
keys securely (without ever being exposed in memory), verify a platform’s
software state using cryptographic hashes and more.

FIPSCheck is a library for integrity verification of FIPS validated
modules. The package also provides helper binaries for creation and
verification of the HMAC-SHA256 checksum files.

Links:

  • Installation and configuration of postfix
  • The kickstart file for our base install [download id="2"]
  • The list of services after configuration [download id="1"]
  • Configurations settings for the virtual machine [download id="3"]

During the time between now and the next meeting, we will be launching a forum section on the site to discuss the installation and address any questions, as well as try to establish some effective methodology (formerly “Best Practices”). This is a community effort and while I am willing to provide some guidelines and direction at the start, this is very much going to be a group effort, along with all that entails. We will document as we go and hopefully at the end we will have a useful set of procedures as well as lessons learned.

On a side note, to explain the “Best Practices” comment in the preceding paragraph, the term “Best Practices” is often used to convey the idea that this is the best method to do something. Without some unbiased way of judging the relative merits against all other implementations, this is just an opinion or a popular consensus as to methodology. In my opinion, it also predisposes you to think that this is THE WAY to do it and you stop thinking about ways to improve a process. It may very well be the best way, but there is no reason to be blind to other interpretations or be constrained to a particular implementation that doesn’t fit what you need just because it’s a “Best Practice”. Best practice for whom?

Current minimal resources for the project:

Comments are closed.