| 1 |
Michael Cook <mcook <at> mackal.net> writes: |
| 2 |
|
| 3 |
|
| 4 |
> >> [1] https://coreos.com/blog/ |
| 5 |
|
| 6 |
> > Does this mean we need to do anything to improve the security of our |
| 7 |
systems? |
| 8 |
|
| 9 |
|
| 10 |
It's going to depend, but surely a wide audience needs to poke at this... |
| 11 |
|
| 12 |
> I tried logging in as operator with any password, it did not work for |
| 13 |
> me. Unsure if that's because of my SSH set up or not though. The blog |
| 14 |
> post does however mention reverting their SSSD change did fix the issue, |
| 15 |
> so I assume if you set up SSSD the same way they did you would have |
| 16 |
> issues. With that being said, maybe it would be a good idea for the |
| 17 |
> gentoo pam team to set up pambase to support SSSD and not cause issues. |
| 18 |
> (Currently if you want to set up SSSD you are left to do it manually) |
| 19 |
|
| 20 |
|
| 21 |
I simple went looking for a pam<*>.conf file to make a simple edit and |
| 22 |
then test. It took me on a journey, so I posted here, figuring one |
| 23 |
of the others had already ferreted out the details.... |
| 24 |
|
| 25 |
|
| 26 |
Oddly, I was looking at DPI (deep packet inspection) tools readily |
| 27 |
available for gentoo, to test some protocols, including ssh*. |
| 28 |
|
| 29 |
|
| 30 |
I found nDPI and libndpi in overlays and suricata, which purports to |
| 31 |
be able to perform deep packet inspections and is Netfilter compatible. |
| 32 |
Since dpi can be a big drain on resources (of a single host), I was |
| 33 |
hoping somebody had already migrated a dpi family of codes to a gentoo |
| 34 |
cluster of some sort. Naddah. Ziltchen. Verboten! Since much of routing and |
| 35 |
network engines have move to clusters (sdn, nvf, etc) dpi is king |
| 36 |
of the hill for hot analytics..... |
| 37 |
|
| 38 |
|
| 39 |
Those folks deeply into penetration (professional assessment types) means |
| 40 |
are the best source for understanding dpi semantics. Every thing I have |
| 41 |
found where folks are migrating dpi to clusters, these companies, projects |
| 42 |
and experts are being snapped up by large corps, agencies and otherwise |
| 43 |
going 'off grid'. I'm not too sure what to make of all of this, but the pam |
| 44 |
issue is only the tip of the berg.....ymmv. |
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
hth, |
| 49 |
James |
Archives