1 |
Michael Cook <mcook <at> mackal.net> writes: |
2 |
|
3 |
|
4 |
> >> [1] https://coreos.com/blog/ |
5 |
|
6 |
> > Does this mean we need to do anything to improve the security of our |
7 |
systems? |
8 |
|
9 |
|
10 |
It's going to depend, but surely a wide audience needs to poke at this... |
11 |
|
12 |
> I tried logging in as operator with any password, it did not work for |
13 |
> me. Unsure if that's because of my SSH set up or not though. The blog |
14 |
> post does however mention reverting their SSSD change did fix the issue, |
15 |
> so I assume if you set up SSSD the same way they did you would have |
16 |
> issues. With that being said, maybe it would be a good idea for the |
17 |
> gentoo pam team to set up pambase to support SSSD and not cause issues. |
18 |
> (Currently if you want to set up SSSD you are left to do it manually) |
19 |
|
20 |
|
21 |
I simple went looking for a pam<*>.conf file to make a simple edit and |
22 |
then test. It took me on a journey, so I posted here, figuring one |
23 |
of the others had already ferreted out the details.... |
24 |
|
25 |
|
26 |
Oddly, I was looking at DPI (deep packet inspection) tools readily |
27 |
available for gentoo, to test some protocols, including ssh*. |
28 |
|
29 |
|
30 |
I found nDPI and libndpi in overlays and suricata, which purports to |
31 |
be able to perform deep packet inspections and is Netfilter compatible. |
32 |
Since dpi can be a big drain on resources (of a single host), I was |
33 |
hoping somebody had already migrated a dpi family of codes to a gentoo |
34 |
cluster of some sort. Naddah. Ziltchen. Verboten! Since much of routing and |
35 |
network engines have move to clusters (sdn, nvf, etc) dpi is king |
36 |
of the hill for hot analytics..... |
37 |
|
38 |
|
39 |
Those folks deeply into penetration (professional assessment types) means |
40 |
are the best source for understanding dpi semantics. Every thing I have |
41 |
found where folks are migrating dpi to clusters, these companies, projects |
42 |
and experts are being snapped up by large corps, agencies and otherwise |
43 |
going 'off grid'. I'm not too sure what to make of all of this, but the pam |
44 |
issue is only the tip of the berg.....ymmv. |
45 |
|
46 |
|
47 |
|
48 |
hth, |
49 |
James |