Closed Bug 799610 Opened 13 years ago Closed 13 years ago

rebuild or shelve the VM at hulmer-sandbox.stage.metrics.scl3.mozilla.com (Red Hat) and replace it with Ubuntu

Categories

(mozilla.org :: Security Assurance: Review Request, task)

Product:
mozilla.org
Component:
Security Assurance: Review Request
Platform:
x86
macOS
Type:
task
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: hulmer, Assigned: jstevensen)

Details

(Whiteboard: [needs infrasec review])

Spoke to ericz about this on IRC. Ubuntu makes life easier for the kind of scientific computing I hope to achieve, specifically having numpy / scipy / lapack / atlas set up with python 2.7. It is quite difficult to get these all playing nicely with Red Hat, whereas Ubuntu makes it trivially easy. I am hoping to keep all the same permissions as before (bugs 781036 and 786434).
Severity: normal → major
Assignee: server-ops → eziegenhorn
Needs infrasec review.
Assignee: eziegenhorn → nobody
Component: Server Operations → Security Assurance: Review Request
QA Contact: jdow
Whiteboard: [needs infrasec review]
Assignee: nobody → jstevensen
Hi - haven't heard back about this in a week. When might I expect the infrasec review to be finished?
What would you like us to review? The decision to use Ubuntu instead of RedHat?
:ericz put "needs infrasec review" in the comments. I'm assuming that this is necessary before I get the VM switched over to Ubuntu, since this is not a resolved bug (i.e. I don't have ubuntu on said VM yet).
:joes is there anything you need from my end on this one?
Hamilton, When IT deploys RedHat, a number of security controls and monitoring are put in place automatically, via puppet. These include: * auditd logging * syslog configuration * ossec host based intrusion detection * iptables management * infrasec user account to perform security checks and vulnerability scanning * ability to push software updates ...and other system configuration details so that systems and VMs can be managed in scalable and efficient way. Our ultimate goal is make sure all mozilla systems are compliant with the appropriate level of security defined in our system security policy, which can be found here: https://mana.mozilla.org/wiki/display/SECURITY/System+Security+Policy Until IT is ready to support Ubuntu in this way, we discourage test deployments and block production deployments of systems that we can't maintain and monitor. If it is absolutely essential that you run Ubuntu, we can spend some time with you to properly harden this server and get it monitored. However, this will not solve the issue of maintaining this server over time.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.