nanog mailing list archives
Re: Security Practices question
From: just me <matt () snark net>
Date: Thu, 3 Oct 2002 14:06:54 -0700 (PDT)
On 2 Oct 2002, Michael Lamoureux wrote: But the real answer is: The same way you maintain everything else on the same 4000 machines. I assume if you're running 4000 machines you have some cookie-cutter secured baseline OS load that gets installed on them all when they're loaded, and then something like home-grown perl scripts wrapped around rdist or rsync, or a specific tool for the purpose like cfengine or synctree to push out changes and keep them all under control. I would assume that the sudoers file could be pushed out with the same mechanism. Or am I missing some implied complexity in your situation? If the implication is that you have 4000 one-off machines, I retract my next statement. ;-) I was assuming a more complex configuration than the wide-open one advocated by Barb, which seems to add little to no security benefit. I'm sorry I wasn't clear on this point; of course pushing out a single file to n machines shouldn't be a problem. BTW, I really envy "just me". I have yet to work anywhere where every [insert position here] is actually interchangable. Must be nice. We're talking best practices here, right? matto --mghali () snark net------------------------------------------<darwin>< Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include <disclaim.h>
Current thread:
- Re: Security Practices question Scott Francis (Oct 02)
- Re: Security Practices question Scott Francis (Oct 02)
- <Possible follow-ups>
- Re: Security Practices question Scott Francis (Oct 02)
- Message not available
- Re: Security Practices question Scott Francis (Oct 02)
- Message not available
- Re: Security Practices question Scott Francis (Oct 02)
- Re: Security Practices question just me (Oct 02)
- Re: Security Practices question E.B. Dreger (Oct 02)
- Re: Security Practices question Michael Lamoureux (Oct 02)
- Re: Security Practices question just me (Oct 03)
- Message not available
- Re: Security Practices question Barb Dijker (Oct 03)
- Message not available
- Re: Security Practices question Jason Slagle (Oct 02)
- Re: Security Practices question Joel Baker (Oct 02)
- Re: Security Practices question Scott Walker (Oct 02)
- Re: Security Practices question Valdis . Kletnieks (Oct 03)
- Re: Security Practices question Scott Francis (Oct 03)
- Re: Security Practices question just me (Oct 03)
- Re: Security Practices question Scott Francis (Oct 03)
- Re: Security Practices question alex (Oct 03)
- Re: Security Practices question William Waites (Oct 03)