Linux Working Group

AGENDA LOCKED

Invitees - Attendees

• Adrian, Anthony (group leader), Clayton, Guoxiang, Lori, Fraser, Devon, Nathan, Todd, Omar

Review and accept previous meeting minutes.

• CsLWGMeeting20220223

Last meeting's tasks [10 minutes] (Lawrence, Dave not present)

• Lawrence - confirm with Daniel the maintenance of OpenDCIM
• Lawrence - work with Graham to update the OpenDCIM data
• Anthony - discuss OpenDCIM with Devon (including power management, etc)
  • OpenDCIM time consuming for wide varieties of hardware (need to define a template per unique piece)
  • Possibly simpler to build the functionality we want into Inventory (power tracking etc.), but this requires investing in Inventory
• Anthony/Adrian - work on new postfix recipe to have servers send mail out directly - RT#1204074
• Clayton - document process of adding hosts to AD and move to a generally accessible place * keytab work * 4.13 auto updates of Samba causing issues. Currently pinned.
• Lawrence / RSG - update jerusalem and graceland to mount new NFS share - RT#1194157
• Dave - put up Beta version of Virtual Host Index / Anthony to create a ticket - RT#1211603 -> working on it

Linux Kernel Security

• https://rt.uwaterloo.ca/Ticket/Display.html?id=1213217
  • https://ubuntu.com/security/CVE-2022-0847
  • Present from 5.8 onward, possibly on older kernels via backport
  • a2brenna/gxshen will update and reboot login servers
  • fhgunn: prudent to rebuild all login servers from scratch. O(hours) to rebulid all student login machines
  • ctucker: reasonable to replace keytab files, invalidate existing keytabs
  • Rebuild webservers and other container servers
  • Appetite for risk on rebuilding servers? Question for management
  • setuid binaries in user filesystems? Mount a survey (per term?). Set ACL on snapshots? https://rt.uwaterloo.ca/Ticket/Display.html?id=1213685
  • Run vulnerability check on questionable systems (eg. 5.4 kernels)
• omnafees to send an email on reboots (a2brenna create draft to cscfmgm)