2618
Comment:
|
1542
second version
|
Deletions are marked like this. | Additions are marked like this. |
Line 5: | Line 5: |
== Security Guideline for central supported Linux Notebooks in Zeuthen with Scientific Linux Version 4 == | == Security Guideline for DESY Notebooks centrally supported by DV Zeuthen with Scientific Linux Version 4 == |
Line 8: | Line 8: |
There are a lot of advantages to run a central supported Linux on your DESY notebook. | There are a lot of advantages to run a centrally supported Linux on your DESY notebook. |
Line 11: | Line 11: |
* Upgrade to the DV supported version. Please contact uco-zn@desy.de | You have to upgrade to the DV supported version (SL4). Please contact uco-zn@desy.de |
Line 13: | Line 13: |
* Please do not disable the automatic package updates which works anywhere you have a network connection. | |
Line 15: | Line 14: |
An extract of the Release Notes (S. Wiesand, November 19, 2005): {{{ Security The setup should be reasonably secure unless it has been tampered with. Security is however a joke if someone you don't trust has physical access to the device. On the other hand, this fact allows us to keep the account management simple and omit password management altogether. |
Before traveling and always when your notebook is attached to the network: |
Line 24: | Line 16: |
Each time a network interface is started, an automated check for available updates is performed in the background. If any are found, the user is presented with a pop-up window allowing to either perform all updates, exclude certain packages from being updated, or not to perform any updates at this time. Usually, all updates should be applied as soon as possible. Certain critical packages will have the "exclude" box checked by default although even kernel and glibc updates should work without problems and have been tested successfully. Unless you're at the other end of the world and critically depend on your notebook before you can get to our support again, please uncheck all of them and click ok. A local firewall is now set up. It should not cause any problems, and obviously should be kept running at all times. |
* login with your acoount with an empty password (possible only in front of the notebook). If this is not possible use the guest account the first time. * Connect to the network by running the command using cable based interface with: lan start using the wireless interface: wlan start * Each time a network interface is started, an automated check for avalaible updates is performed in the background. There's nothing to be done but accepting the updates offered. * manually: nbctl sync * without DESY synchronization: nbctl yum * if you notice suspicious files or activities please contact uco-zn@desy.de |
Line 39: | Line 25: |
Keeping the notebook up to date Since an automatic check for updates runs every time a network interface is started, there's nothing to be done but accepting the updates offered. |
Recommendations: * Lock the screen with a special xlock-password for which you will be asked the first time * Arrange for secure password-less access to the notebook with ssh key authentication |
Line 44: | Line 29: |
nbctl sync can be run to trigger this manually. nbctl yum (or you, for backward compatibility) can be run to only update SL the packages, without running the DESY synchronization (for example, known accounts and software in /opt/products). }}} |
Please read the [file:///afs/ifh.de/project/linux/Notebook/SL4/RelNotes.html Release Notes] |
Security Guideline for DESY Notebooks centrally supported by DV Zeuthen with Scientific Linux Version 4
There are a lot of advantages to run a centrally supported Linux on your DESY notebook. The support is available for C400, D410, D600, X300 and X1.
You have to upgrade to the DV supported version (SL4). Please contact uco-zn@desy.de
See also [attachment:DZNB_DVSEM.pdf] Stephan Wiesand's Talk !
Before traveling and always when your notebook is attached to the network:
- login with your acoount with an empty password (possible only in front of the notebook). If this is not possible use the guest account the first time.
- Connect to the network by running the command
- using cable based interface with: lan start using the wireless interface: wlan start
- Each time a network interface is started, an automated check for avalaible updates is performed in the background. There's nothing to be done but accepting the updates offered.
- manually: nbctl sync
- without DESY synchronization: nbctl yum
if you notice suspicious files or activities please contact uco-zn@desy.de
Recommendations:
- Lock the screen with a special xlock-password for which you will be asked the first time
- Arrange for secure password-less access to the notebook with ssh key authentication
Please read the [file:///afs/ifh.de/project/linux/Notebook/SL4/RelNotes.html Release Notes]