Ubuntu Documentation at Install

John Richard Moser nigelenki at comcast.net
Tue Mar 28 05:31:17 BST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just got back from getting owned hard at the first collegiate cyber
defense competition, we had a fedora core 4 box and win2k win2k3 FC3.
We had most services migrated to FC4 eventually.  These were default
everything installs of every OS and we had little control over what was
there; all default settings were in effect.

We did not get buffer overflowed or heap injected or whatever you want
to think.  Our pain was configuration errors.  EVERYTHING the red cell
used was configuration.  First order of business was adam owning our
CISCO 2600 router because SNMP was still on and they could change the
configuration.

You know what we need?  We need something that tracks configuration
changes.  After install, the entire configuration of a system is stored
in an encrypted database.  After upgrade, the changes are stored in
encrypted database.  Install new programs, changes stored in encrypted
database.  Change configuration, have a tool sweep known config paths,
changes re stored in an encrypted database.  Give us a tool to pull this
up, decrypt it, and print, and we're all happy.

Any changes that are detectable and manageable should be represented
with information about them.  If Apache is installed, the entire
.htaccess and .htauth for everything should be reflected in the report
in human readable terms.  If apache has mod_auth_root and gives
http://mysite.com:8081/ as a PHP script that gives a root shell with
user:password apache:defult, this should be in the configuration file
after install time.

When someone changes something, they should be able to put notes in the
database attached to ANY part of it.  If I change that apache:default to
simmons:vooHah#4o and the configuration manager can't tell, I should be
able to look at the report; click that bit of info; and enter in:

 - Default account was removed.
 - Account 'simmons' was created with password 'vooHah#4o'

This entry will be datestamped and stored.

That's all I have for you today.

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

    Creative brains are a valuable, limited resource. They shouldn't be
    wasted on re-inventing the wheel when there are so many fascinating
    new problems waiting out there.
                                                 -- Eric Steven Raymond

    We will enslave their women, eat their children and rape their
    cattle!
                                     -- Evil alien overlord from Blasto
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBRCi8Ews1xW0HCTEFAQI6uxAAn66kg2SRkoE0+A44O67izGUS1dIJH2Sv
4B0WDI9Emtzh9SDGq/y2b13n568dOgfG3knGTrMUhYUSu3dIYmf4KAbtnzeagZXV
qHF6pQ2DBZKu2q9E3BNPyXQyqmmSNAv/37sWSmWBB163ewRd1GK9Mdrgv8iSpg8C
XWATye/0SeDilX9I9KTtk4tN31ilEopuHahaZAo3kr9xFSfz8FVRPkFVPNxCYw0q
zrOGHuO4S1VQf37BDVSt7kXHCmbegcIPd7+QoqXVfc41S0jH9M1RPsAWM9cUM9nM
Imk5YHvVi8wpAdKXTh/5Tl/ttaqG09mBn/QEhhX0my0JOkpoo+3/+DwNDMhZ7Os3
6EuXSf5orLiZ2rCm9Uw5AFFR6JFgh6zbMonBSa7J+LQhI7PtZ37trlWvm6IifkgO
8eMbfEYaf9E46IoZUilVjEiI8hovw9j+dYN/MRRtqej0YZRI1xVgzs/yJJufy4Vj
Ax3O2CgmUYTrsDfrp3sgMKCSvWTOlDrogjhwcvHGLlMt77hlDaptawPV5i1/W9MA
aJEpqMczN+qTCkTQPm7GStI/JDIkMtrzo/luuzZi8iRv4Nsz3jCWCISAe6a44Dpg
Xn58jL4QlMfi/fG18bu7SrhK8EuZHaKI0nPo52QwMpdPPzEsyMdZrvCqKzwV6vdD
NpZeRYjD3hs=
=mBPY
-----END PGP SIGNATURE-----

More information about the ubuntu-devel mailing list