14:03:49 <Sparks> #startmeeting Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings
14:03:49 <zodbot> Meeting started Thu Jan 14 14:03:49 2016 UTC. The chair is Sparks. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:03:49 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:03:49 <zodbot> The meeting name has been set to 'security_team_meeting_-_agenda:_https://fedoraproject.org/wiki/security_team_meetings'
14:03:52 <Sparks> #meetingname Fedora Security Team
14:03:52 <zodbot> The meeting name has been set to 'fedora_security_team'
14:03:55 <zodbot> Sparks: Error: Can't start another meeting, one is in progress.
14:03:58 <Sparks> #meetingname Fedora Security Team
14:03:58 <zodbot> The meeting name has been set to 'fedora_security_team'
14:04:01 <Sparks> #topic Roll Call
14:04:02 * Sparks
14:05:48 * linuxmodder
14:06:20 <linuxmodder> .fas corey84
14:06:21 <zodbot> linuxmodder: corey84 'Corey Sheldon' <sheldon.corey@gmail.com>
14:07:35 * Sparks gives everyone a few more minutes
14:09:39 <Astradeus> .fas astra
14:09:39 <zodbot> Astradeus: rustomafs 'Rustom Irani' <rustom@acefastrack.com> - netman 'Andrey Krasukov' <netman@astratel.ru> - astralstorm 'Radosław Szkodziński' <astralstorm@gmail.com> - astratik 'Alexandre Stratikopoulos' <ale.stratik@gmail.com> - astra 'David Kaufmann' <astra@ionic.at> - astrawin 'Dick Chapman' <astrawin@rogers.com> - ambyte 'Sergey Gulyaev' <astraway@gmail.com> - sabroso 'Luis Alberto Pelaez' �(3 more messages)�
14:09:54 <Astradeus> ah, no, that was the wrong one^^
14:10:03 <Astradeus> .hello astra
14:10:04 <zodbot> Astradeus: astra 'David Kaufmann' <astra@ionic.at>
14:11:16 <linuxmodder> scarce on folks today :(
14:11:45 <Sparks> Okay, lets get started
14:12:29 <Sparks> #topic Follow up on last week's tasks
14:12:37 * Sparks notes pjp isn't here
14:12:46 <Sparks> #action pjp to give a status update on security policy in the wiki (carried over)
14:12:57 <Sparks> #action Sparks to figure out how FST members can get access to Fedora security bugs
14:13:07 <Sparks> #topic Fedora Security Team FAD
14:13:35 <Sparks> #link http://whenisgood.net/8fshcdf/results/9czp49s
14:13:56 <Sparks> It appears we've narrowed down our available time to a couple of Fridays in March.
14:14:21 <Sparks> #action Sparks to follow up on meeting locations to verify their availability.
14:14:46 <Sparks> We also need to get a solid agenda together. We need a list of things we want to accomplish.
14:15:41 <Sparks> Anyone?
14:15:48 <Astradeus> sounds good?
14:16:23 <Astradeus> don't have much fst experience, so i can't really contribute to an agenda
14:18:26 <Sparks> #action Sparks to bring up the agenda topic on the list
14:18:35 <Sparks> #topic Apprenticeship
14:18:44 <Sparks> #link https://fedoraproject.org/wiki/Security_Team_Apprenticeship
14:19:03 <linuxmodder> Sounds good to me, any plans to do a intro session at FAD ? or similar like a lab day
14:19:04 <linuxmodder> not necessarily a pen lab but a basics lab ( help get everyone acquainted with each other | skills and best mentors in each skill)
14:19:05 <Sparks> I think we're still working on this but this should be something we work on at the FAD.
14:19:27 <Sparks> linuxmodder: Yes!
14:20:18 <linuxmodder> I am more than willing to help with the security for dummies |noobs lab (like the 010 -0200 courses)
14:20:26 <Sparks> ack
14:20:27 <linuxmodder> firewalls |acls etc
14:20:35 <Sparks> Okay, we'll move on along...
14:20:42 <Sparks> #topic Outstanding BZ Tickets
14:20:50 <Sparks> #info Thursday's numbers: Critical 0 (0), Important 43 (+7), Moderate 429 (+5), Low 173 (+27), Total 645
14:20:57 <Sparks> +Tickets by Severity-+-------+---------+
14:20:57 <Sparks> | Severity | Tickets | Owned | Unowned |
14:20:57 <Sparks> +----------+---------+-------+---------+
14:20:57 <Sparks> | medium | 429 | 40 | 389 |
14:20:57 <Sparks> | low | 173 | 13 | 160 |
14:21:00 <Sparks> | high | 43 | 21 | 22 |
14:21:01 <linuxmodder> getting some lag here on my end apoligzes for any odd relay delays
14:21:02 <Sparks> +----------+---------+-------+---------+
14:21:35 <linuxmodder> glad to see critical back at 0
14:21:44 <Sparks> much agreed.
14:21:54 <Sparks> Now if we could just get rid of the highs.
14:22:33 <linuxmodder> I'll take another look tonight or tomorrow at the high list see if I can help squash a few
14:22:52 <Sparks> #topic Open floor discussion/questions/comments
14:22:57 <linuxmodder> everything under 20 would be a nice improvement
14:22:57 <Sparks> Okay, anyone have anything?
14:23:01 <Astradeus> maybe
14:23:13 <linuxmodder> Astradeus, shoot
14:23:27 <Astradeus> in the next two hours there seems to be an upcoming CVE for ssh
14:23:41 <Astradeus> https://twitter.com/phessler/status/687637446469771264 CVE-2016-0777
14:24:03 <linuxmodder> Astradeus, link ? haven't seen that (albeit a bit out of pocket this week helping a client)
14:24:15 <Astradeus> not sure if it's something, but just came in
14:24:39 <Astradeus> don't have more information, just saw it few minutes ago
14:25:01 <linuxmodder> added to list of followed tweets
14:25:58 <linuxmodder> Sparks, any current appliance or method for recruiting | training say CS students at the local level for FST or just the Apprenticeship
14:26:24 <Sparks> linuxmodder: Not yet but we should. We need to get our training figured out first so we're ready.
14:28:08 <Sparks> Anyone have anything else?
14:28:49 <linuxmodder> Sparks, fully agree
14:28:56 * mhayden is here
14:29:12 <Sparks> mhayden: Oh good, right before we're planning on closing!
14:29:13 <Sparks> :)
14:29:14 <linuxmodder> have anything for open floor mhayden
14:29:23 <mhayden> oof :P
14:29:44 <mhayden> i'm considering adapting openstack-ansible-security for Fedora
14:29:51 <mhayden> http://docs.openstack.org/developer/openstack-ansible-security/
14:30:12 <Sparks> mhayden: Tell us more!
14:30:13 <mhayden> TL;DR - apply STIG hardening standards w/ansible so that it's easy to roll into other playbooks/roles
14:30:35 <mhayden> right now it takes the RHEL 6 STIG and translates it to Ubuntu 14.04 (which is not terribly fun) ;)
14:30:44 <mhayden> but another company is adapting it for Debian 7/8
14:30:53 <mhayden> and i plan to get it working on F23 soon if i can get some tie
14:31:06 <mhayden> s/tie/time/
14:31:17 <Sparks> mhayden++
14:31:25 <linuxmodder> mhayden, I can throw some testing time toward that starting later this month
14:31:26 <mhayden> yes, one could use SCAP for this, but SCAP is a little heavy at times
14:31:34 <mhayden> linuxmodder: woot
14:31:46 <mhayden> also, it's not easy to roll in scap w/ansible if you're deploying new systems
14:31:49 <linuxmodder> have a STIG system on on personal lappy even
14:31:56 <mhayden> haha, indeed! :)
14:32:12 <linuxmodder> using a slightly modded Centos secure stig ks
14:32:35 <mhayden> gotcha
14:32:47 <linuxmodder> likely same one you referenced think it was 6.4 based
14:33:02 <mhayden> yeah, any idea on when the RHEL 7 stig might get released?
14:33:16 <mhayden> IIRC, some RHT folks contribute to that
14:33:39 <Sparks> mhayden: I think it all comes from RH.
14:33:51 <Sparks> mhayden: Maybe talk to Shawn Wells?
14:33:54 <linuxmodder> not seen any dates but can probe
14:34:34 <mhayden> Sparks: ah, that name sounds quite familiar
14:34:42 <mhayden> i think i was in one of his summit talks once
14:37:06 <mhayden> Sparks: that was about it for me
14:38:28 <Sparks> Okay, anyone have anything else?
14:38:48 <linuxmodder> anyone with any youth or outreach ideas feel free to hit me up have a startup venture with laptop meant to be STIG complaint in all variants and oyuth workshops
14:39:01 <Sparks> mhayden: Perhaps you could start a topic on the list regarding Ansible?
14:39:06 <linuxmodder> #link https://github.com/ameridea
14:39:26 <mhayden> Sparks: sure, in the context of the openstack-ansible-security repository?
14:39:42 <linuxmodder> makes sense to go that route mhayden
14:39:57 * mhayden will do
14:40:15 <linuxmodder> feel free to use my github addy or corey84@fp.o || csheldon@ameridea.net
14:40:44 <Sparks> mhayden: Yes
14:44:35 <Sparks> Okay, anything else?
14:46:37 <Sparks> Okay, I'm hearing nothing else. Everyone have a good day!
14:46:42 <Sparks> #endmeeting