Tuesday, 2016-01-12

*** markvoelker has quit IRC00:20
*** winterIsLeaving has quit IRC00:21
*** winterIsLeaving has joined #openstack-security00:22
*** pdesai has quit IRC00:29
*** shakamunyi has quit IRC00:35
*** shakamunyi has joined #openstack-security00:35
*** bpokorny_ has joined #openstack-security00:45
*** bpokorny has quit IRC00:49
*** hyakuhei has joined #openstack-security00:56
*** barra204 has joined #openstack-security00:56
*** hyakuhei has quit IRC00:56
*** shakamunyi has quit IRC00:57
*** hyakuhei has joined #openstack-security00:59
*** jhfeng has joined #openstack-security01:01
*** austin987 has quit IRC01:10
*** barra204 has quit IRC01:14
*** shakamunyi has joined #openstack-security01:15
*** markvoelker has joined #openstack-security01:21
*** austin987 has joined #openstack-security01:22
*** markvoelker has quit IRC01:25
*** markvoelker has joined #openstack-security01:25
*** barra204 has joined #openstack-security01:31
*** shakamunyi has quit IRC01:32
*** shakamunyi has joined #openstack-security01:36
*** barra204 has quit IRC01:38
*** barra204 has joined #openstack-security01:38
*** shakamunyi has quit IRC01:39
*** shakamunyi has joined #openstack-security01:44
*** barra204 has quit IRC01:45
*** shakamunyi has quit IRC01:48
*** shakamunyi has joined #openstack-security01:48
*** shakamunyi has quit IRC01:54
*** shakamunyi has joined #openstack-security02:08
*** shakamunyi has quit IRC02:10
*** shakamunyi has joined #openstack-security02:12
*** bpokorny_ has quit IRC02:13
*** bpokorny has joined #openstack-security02:14
*** shakamunyi has quit IRC02:22
*** shakamunyi has joined #openstack-security02:23
*** bpokorny_ has joined #openstack-security02:30
*** shakamunyi has quit IRC02:32
*** bpokorny has quit IRC02:34
*** bpokorny_ has quit IRC02:35
*** salv-orlando has quit IRC02:47
*** hyakuhei has quit IRC02:56
*** salv-orlando has joined #openstack-security02:58
*** sigmavirus24_awa is now known as sigmavirus2403:22
*** salv-orl_ has joined #openstack-security04:10
*** pdesai has joined #openstack-security04:11
*** salv-orlando has quit IRC04:13
*** pdesai has quit IRC04:17
*** jhfeng has quit IRC04:36
*** jhfeng has joined #openstack-security04:49
*** markvoelker has quit IRC04:58
*** sigmavirus24 is now known as sigmavirus24_awa05:18
*** jhfeng has quit IRC05:27
*** markvoelker has joined #openstack-security05:59
*** edmondsw has quit IRC06:02
*** markvoelker has quit IRC06:06
*** salv-orl_ has quit IRC06:50
*** salv-orlando has joined #openstack-security06:50
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/26622906:53
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/26622907:08
*** salv-orl_ has joined #openstack-security08:01
*** salv-orlando has quit IRC08:05
*** salv-orl_ has quit IRC08:06
*** winterIsLeaving has quit IRC08:27
*** liverpooler has joined #openstack-security08:35
openstackgerritvenkatamahesh proposed openstack/security-doc: Fix rst markups  https://review.openstack.org/25884608:47
openstackgerritvenkatamahesh proposed openstack/security-doc: Fix rst markups  https://review.openstack.org/25884608:50
*** openstackgerrit has quit IRC09:17
*** openstackgerrit has joined #openstack-security09:17
*** salv-orlando has joined #openstack-security09:19
*** salv-orlando has quit IRC09:51
*** salv-orlando has joined #openstack-security09:57
*** markvoelker has joined #openstack-security10:02
*** markvoelker has quit IRC10:07
*** salv-orlando has quit IRC10:10
*** austin987 has quit IRC10:16
*** austin987 has joined #openstack-security10:17
*** salv-orlando has joined #openstack-security10:28
*** salv-orlando has quit IRC10:28
*** openstackgerrit has quit IRC11:17
*** openstackgerrit has joined #openstack-security11:17
*** salv-orl_ has joined #openstack-security11:49
*** markvoelker has joined #openstack-security12:03
*** Windir has quit IRC12:05
*** markvoelker has quit IRC12:08
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/26632612:16
openstackgerritMerged openstack/security-doc: Updated from openstack-manuals  https://review.openstack.org/26632612:27
*** d0ugal has quit IRC12:42
*** d0ugal has joined #openstack-security12:43
*** d0ugal is now known as Guest5838512:43
*** salv-orl_ has quit IRC12:43
*** Guest58385 is now known as d0ugal12:45
*** d0ugal has quit IRC12:45
*** d0ugal has joined #openstack-security12:45
*** markvoelker has joined #openstack-security13:04
*** shakamunyi has joined #openstack-security13:04
*** markvoelker has quit IRC13:15
*** sigmavirus24_awa is now known as sigmavirus2413:31
*** edmondsw has joined #openstack-security13:32
*** markvoelker has joined #openstack-security13:35
*** liverpooler has quit IRC13:38
*** sigmavirus24 is now known as sigmavirus24_awa13:40
*** dslev has joined #openstack-security13:42
*** browne has joined #openstack-security13:47
*** browne has quit IRC13:52
*** dslev has quit IRC14:02
*** salv-orlando has joined #openstack-security14:11
*** jhfeng has joined #openstack-security14:27
*** dslev has joined #openstack-security14:39
*** pdesai has joined #openstack-security14:39
*** salv-orlando has quit IRC14:42
*** dslev has quit IRC14:49
*** jhfeng has quit IRC14:50
*** salv-orlando has joined #openstack-security14:54
*** liverpooler has joined #openstack-security14:54
*** salv-orlando has quit IRC14:56
*** salv-orlando has joined #openstack-security14:56
*** hyakuhei has joined #openstack-security14:56
*** dslev has joined #openstack-security14:58
*** salv-orl_ has joined #openstack-security15:05
*** salv-orlando has quit IRC15:05
*** ninag has joined #openstack-security15:09
*** salv-orl_ has quit IRC15:11
*** hyakuhei has quit IRC15:14
*** dave-mccowan has joined #openstack-security15:17
*** hyakuhei has joined #openstack-security15:18
*** dave-mcc_ has joined #openstack-security15:19
*** dave-mccowan has quit IRC15:22
*** Windir has joined #openstack-security15:26
*** hyakuhei has quit IRC15:30
*** hyakuhei has joined #openstack-security15:37
*** jhfeng has joined #openstack-security15:40
*** tmcpeak has joined #openstack-security15:44
*** pdesai has quit IRC15:49
*** hyakuhei has quit IRC15:51
*** hyakuhei has joined #openstack-security15:56
*** jhfeng has quit IRC15:58
*** liverpooler has quit IRC16:00
*** mvaldes has joined #openstack-security16:04
*** jhfeng has joined #openstack-security16:14
mhaydeni'm taking a few notes on the bottom of https://etherpad.openstack.org/p/security-mitaka-midcycle16:15
mhaydenfeel free to add16:15
elmikoif michaelxin is handing out stickers, make sure to save one for me!16:15
*** jhfeng has quit IRC16:15
mhaydenelmiko: haven't seen stickers, but he did bring in Dorito's16:16
elmikomhayden: nice, sounds like a good breakfast ;)16:17
elmikothe security presentation deck is looking really nice btw, +116:18
*** sigmavirus24_awa is now known as sigmavirus2416:18
michaelxinelmiko: send me your address at michael.xin@rackspace.com. I will mail you a couple of them next week.16:21
elmikomichaelxin: ooh, nice!16:21
michaelxinThey delayed our orders, we have not got them yet.16:21
elmikoah, no worries. i just saw the logo again on the presentation deck and remembered how fond i am of it ;)16:21
michaelxinOur order was delayed, I do not think that we will be able to get them on time.16:22
elmikothat's ok, i can wait16:22
michaelxinelmiko: we already miss you.16:22
elmikohaha, /me blushes16:22
elmikoi hope it's nice and warm there, we got several inches of snow =(16:23
michaelxinFor anyone who want stickers, please send me an email with your address and I will mail them to you once they are here. my email is michael.xin@rackspace.com.16:23
michaelxinYes, it will be 64 today.16:23
elmikoooh, nice16:23
michaelxinsunny outside.16:24
mhaydenperhaps he can toss in a bag of chips along with the sticker16:24
elmikolol, nice!16:24
michaelxinWe can use google hangout, if you are intersted.16:24
elmikoi don't want to bog things down, but i'll be here, just ping me if i can help16:25
*** jhfeng has joined #openstack-security16:27
michaelxinFor anyone is interested.16:27
michaelxinfeel free to  join google hangout for mid-cycle meeting.16:28
*** jamielennox is now known as jamielennox|away16:37
sigmavirus24tmcpeak: hyakuhei is the Anchor sticky going to include Anchor in DevStack? As a requests core, I'm interested in helping make sure this work will be easier with how ingrained requests is for servers and clients alike16:39
tmcpeaksigmavirus24: I think so...16:40
sigmavirus24This also ties into https://github.com/kennethreitz/requests/issues/296616:41
elmikosigmavirus24: that seems like a good chunk of work, re: full cross-platform trust stores16:42
sigmavirus24elmiko: yeah it's terrifying at the same time16:42
sigmavirus24We moved away from that pre-1.0 because it was absolutely ridiculous to manage all the different distros' variants on where trust stores live16:43
sigmavirus24Also Windows is a gigantic pain in the neck (as you might understand from that thread)16:43
elmikoyea, i can't imagine the compat. matrix for that work16:43
mhaydenmichaelxin: you have a ton of tabs open :)16:43
sigmavirus24mhayden: not enough tabs16:43
elmikocan't believe you put me on the projector...16:44
sigmavirus24elmiko: you're welcome16:44
*** hockeynut_afk is now known as hockeynut16:45
*** browne has joined #openstack-security16:47
*** austin987 has quit IRC16:48
sigmavirus24elmiko: you're the cause of and solution to all of life's problems16:52
sigmavirus24elmiko: where are you again?16:52
elmikosigmavirus24: haha, i'm in detroit16:53
elmiko(wel, just outside the city)16:53
sigmavirus24Got it16:53
sigmavirus24It was -8 when I left MSN16:53
elmikoooph, much colder than here16:54
sigmavirus24I'm the person in the redshirt with his back to you16:54
elmikoi kinda figured =)16:54
*** pdesai has joined #openstack-security17:00
*** dslev has quit IRC17:01
*** salv-orlando has joined #openstack-security17:03
*** austin987 has joined #openstack-security17:04
*** bpokorny has joined #openstack-security17:10
*** hyakuhei has quit IRC17:10
elmiko+1 for better threat analysis stuff, i still think there is value in creating some examples of this per-project17:12
*** jhfeng has quit IRC17:14
*** hyakuhei has joined #openstack-security17:18
elmikohyakuhei: has there been any talk of security related tags from the TC?17:23
hyakuheiIn what context?17:24
elmikolistening to the discussion about increasing the visbility/involvement of ossp in various projects, i'm specifically wondering about tags like "bandit" or "syntribos" aware type tags. like "hey, this project is using bandit"17:25
elmikoor, similar17:25
*** cjschaef has joined #openstack-security17:25
hyakuheiThat’s interesting17:26
elmikoright, "security-aware" or some such17:26
hyakuheiSo that’d be us pushing tags to the TC ?17:26
elmikoi think so17:26
elmikowe'd have to come up with some criteria and the propse it17:27
elmikoeven just signalling that a project has full engagement with the ossp, i'm not sure on the granularity here. just spit-balling17:28
hyakuheiBandit tag seems to have some weight17:28
hyakuheiCan you hear us on the mic elmiko ?17:28
elmikoi can just talk if it's easier17:29
elmikoif we did start producing threat analysis material, we could even have a tag that would signal "hey this project has a threat analysis"17:30
elmikoi'm trying to think about tags that would help operators or potential end-users select projects based on their security "features"17:30
hyakuheiYeah I like that idea17:31
hyakuheiSpeak up dude :)17:31
elmikoso, like "voting-bandit-gate" "threat-analysis" etc17:31
elmikohyakuhei: +1, exactly!17:36
elmiko"pen tested, ossp approved" ;)17:37
mvaldeslike Life cereal "elmiko likes it"17:40
elmikomvaldes: you get it ;)17:40
chair6"certified 100% no 0days"17:41
elmikoawesome, chair6++17:44
elmikohyakuhei: a tag for indicate that a project has a chapter in the sec guide17:45
elmikoa tag to indicate that a project has an ossp liaison17:46
tmcpeakelmiko: is there a link to join that hangout? how did you get on17:50
hyakuheiLets add these to the etherpad17:50
elmikotmcpeak: michaelxin shared it17:50
tmcpeakmichaelxin: ^17:50
elmikotmcpeak: https://talkgadget.google.com/hangouts/_/gz43wqtwiit4lu7uupm55yd3oma17:50
tmcpeakelmiko: than you17:51
hyakuheiAdded all the ones I can remember17:53
sigmavirus24elmiko: how do you pronounce your screenname? el-me-ko or el-my-ko?17:58
tmcpeak^ +118:03
elmikosigmavirus24: i take no authoritative stance on pronounciation ;)18:03
elmikoit's open source18:04
*** dave-mcc_ has quit IRC18:04
sigmavirus24elmiko: lol18:06
elmikotmcpeak: just let bandit tweet about all the things it finds >.<18:08
sigmavirus24Not sure if bandit wants to do that work itself18:08
tmcpeak+1 and instagram18:08
sigmavirus24Or if we want the gate job to do that18:08
sigmavirus24tmcpeak: omg yes18:08
elmikohaha, yes for instagram18:08
sigmavirus24tmcpeak: steganographic instagram pictures18:08
elmikohyakuhei: teach a man to fish....18:10
elmikocrazy random idea, what about a pwn-to-own style compo for openstack?18:11
sigmavirus24https://hackerone.com/ for interested parties18:15
browne+1 Slack bug bounty program uses hackerone18:15
elmikotmcpeak: what type of content you looking for? (re: blog posts)18:16
tmcpeakanything about the work we do, things to improve security, summaries of current state, etc18:16
elmikoack, cool18:18
elmikoi'm curious to get involved, might need to discuss a little more about what to write though18:18
tmcpeakelmiko: cool, I think we're doing a separate bit on that now18:22
gmurphyregarding bug bounties - openstack was mistakenly listed on bugcrowd and the only thing that ever happened was haxors reporting xss bugs in the openstack wiki18:26
gmurphyit took a lot for us to get off that list18:26
elmikolol, ouch...18:26
gmurphyit could be a cool idea though if done right.18:26
elmikoso... is there a Hot Topic at the rackspace castle >.<18:28
elmikoand does it actually look like an old mal inside?18:29
elmikobbl, getting some lunch18:32
*** ibravo has quit IRC18:43
*** ibravo has joined #openstack-security18:43
openstackgerritDoug Chivers proposed openstack/security-doc: Adding documentation for security threat analysis  https://review.openstack.org/22071218:46
*** bpokorny_ has joined #openstack-security19:00
*** bpokorny has quit IRC19:04
*** bpokorny_ has quit IRC19:15
*** bpokorny has joined #openstack-security19:15
*** salv-orlando has quit IRC19:17
*** salv-orlando has joined #openstack-security19:18
*** hyakuhei has quit IRC19:21
*** yarkot has joined #openstack-security19:22
*** hyakuhei has joined #openstack-security19:23
*** yarkot has quit IRC19:25
*** dave-mccowan has joined #openstack-security19:36
openstackgerritDoug Chivers proposed openstack/security-doc: Adding documentation for security threat analysis  https://review.openstack.org/22071219:37
elmikohyakuhei: https://bugs.launchpad.net/openstack-manuals/+bugs?field.searchtext=&orderby=-importance&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&field.status%3Alist=TRIAGED&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&assignee_option=none&field.assignee=&field.bug_reporter=&field.bug_commenter=&field.subscriber=&field.structural_subscriber=&field.tag=sec-guide+&field.tags_combina19:38
elmikothat's our open buglist19:38
*** jhfeng has joined #openstack-security19:38
elmikoer, link to19:38
elmikoif any of those bugs look interesting to folks, we'd be happy to accept patches =)19:39
*** jhfeng has quit IRC19:39
*** tkelsey has joined #openstack-security19:40
*** sicarie has joined #openstack-security19:41
*** jhfeng has joined #openstack-security19:43
*** aheczko-mirantis has joined #openstack-security19:49
*** aheczko-mirantis has quit IRC19:50
* mhayden snags his first security guide bug https://bugs.launchpad.net/openstack-manuals/+bug/145982019:52
openstackLaunchpad bug 1459820 in openstack-manuals "OpenStack Security Guide - Mandatory Access Control policy guidance" [Medium,Triaged] - Assigned to Major Hayden (rackerhacker)19:52
*** tkelsey has quit IRC19:53
*** jhfeng has quit IRC19:53
elmikomhayden: \o/19:53
*** hyakuhei has quit IRC19:54
mhaydenelmiko: i wonder if this bug could be closed... apparmor/selinux are discussed thoroughly in the guide already19:54
*** tkelsey has joined #openstack-security19:55
*** aheczko-mirantis has joined #openstack-security19:58
* elmiko takes another look20:00
elmikosicarie: take a look at that one20:01
sigmavirus24elmiko: mhayden is in the room. You two can talk over video if you wanted to20:01
elmikoit seems so peaceful in there though...20:02
sigmavirus24it is20:02
sigmavirus24silent hum of centrail hvac20:02
elmikoeveryone is slowing nodding off into the post lunch food coma20:02
sigmavirus24not me20:02
mhaydenwhy talk when there's IRC20:03
sigmavirus24why talk when there's american sign language?20:04
elmikoanyways, i think since sicarie opened that bug we should get his input20:04
mvaldesi'm looking at https://bugs.launchpad.net/openstack-manuals/+bug/144122920:13
openstackLaunchpad bug 1441229 in openstack-manuals "Chapter 7. Dashboard in OpenStack Security Guide - Add best practice around pw managers" [Medium,Confirmed]20:13
elmikomvaldes: great!20:13
mvaldesthe initial comments mention password mgmt, but someone else mentions password policy type stuff20:13
* elmiko looks at the bug20:14
*** jhfeng has joined #openstack-security20:15
elmikomvaldes: i think idealls we could have a small section on passwords with 2 subsections; password managment, and password quality20:15
mvaldesi see20:15
elmikoso, a paragraph or two discussing both. i think sicarie's original idea was to talk about using password managers to aid with the process of storing credentials for the dashboard, so something like keepassx20:16
elmikodannyh's comment about password strength is nice, and it might be worth adding a small note about that. policy is tricky as it might be superseeded by the guidelines of an openstack installer20:17
mvaldesright. i thought keystone had some password policy capabilities20:17
elmikoi'm not sure about that20:18
mvaldesbut could definitely be wrong20:18
mvaldesit could make sense to include password quality in the identity authentication section20:19
elmikogood idea20:19
elmikoit's probably worth noting somewhere20:20
mvaldesmaybe it's the same info in both sections..20:20
mvaldesor a link from one to the other anyway20:20
elmiko+1 for a link20:20
mvaldesok. i think i can handle this. the requirements seem pretty generic :)20:21
*** dslev has joined #openstack-security20:22
*** jhfeng has quit IRC20:25
*** dslev has quit IRC20:25
sigmavirus24elmiko: where's your helmet? http://img1.wikia.nocookie.net/__cb20121008105956/lotr/images/e/ec/Gimli_-_FOTR.png20:35
elmikosigmavirus24: it's with my axe ;)20:37
sigmavirus24I thought when you got up just now you were either going to get your helmet or your axe20:37
elmikoclosest i have is this20:38
sigmavirus24A+ sir20:38
elmikoam i still up on the projector?20:38
mvaldesyum install hat20:38
sigmavirus24elmiko: how do you feel about selinux?20:38
sigmavirus24elmiko: you are20:38
sigmavirus24elmiko: setenforce=0, right?20:38
elmikopretty much20:38
mhaydeny'all are going to make dwalsh cry, you know20:39
elmikoyea... i know, but it's downright impossible to run devstack without doing that20:39
*** salv-orlando has quit IRC20:39
*** salv-orlando has joined #openstack-security20:40
mhaydensigmavirus24: http://stopdisablingselinux.com/20:42
elmikolol, hadn't seen that before20:42
openstackgerritMajor Hayden proposed openstack/security-doc: Adding link for SELinux policies  https://review.openstack.org/26656720:51
elmikomhayden: do you know if those fedora selinux policies are descended from a rhel or centos policy?20:54
mhayden fedora ones are more modern20:54
mhaydenfinding centos' upstream policies will be easier than RHT's20:55
elmikoi'm only asking because i think centos, or rhel, are probably better end user targets for production openstack20:55
mhaydenmy gut says they'll be somewhat similar, but i'll see what i can find centos-wise20:55
elmikoawesome, thanks for checking it out. otherwise, the PR lgtm20:55
mvaldeselmiko: this section references best practices from nist 800-118 http://docs.openstack.org/security-guide/identity/authentication-methods.html20:55
mvaldesis it worth summarizing the high points for inclusion in the security guide?20:56
elmikomvaldes: great, that's probably the best advice we can pass on20:56
elmikomvaldes: no, i think a link to that would be good enough20:56
elmikohmm, if there isn't a link to the draft for 800-118, then it might be worth it to summarize, but i hate to create something that just needs to be updated as the nist docs are updated20:57
mvaldesok.. i can make it a link then :) piece of cake20:59
sicarieelmiko and mvaldes: that looks pretty much like what I had been going for21:02
elmikosicarie: awesome =)21:02
sicarieThat bug was opened after a few articles on password managers (and after MOzilla had a bug where if you didnt' have the master set, it was trvial to access the pw store)21:03
elmikoah, interesting21:03
sicarieSo it was mainly intended to cover pw managers, but pw complexity should be addressed (though personally I'd say in a separate bug)21:03
mvaldessicarie: ah.. ok21:04
mvaldesi was basically going to reference the specific chapter in the doc for each subsection21:05
sicarieYeah, I'd say go for it - we can always re-open a bug if clarity is needed21:06
sicarieor create a new one21:06
*** dave-mccowan has quit IRC21:06
*** dave-mccowan has joined #openstack-security21:07
mvaldessounds good :) to be thorough, do we want a second but for the pw complexity?21:07
mvaldesbut = bug21:07
elmikoi dunno, since dannyh references it in the bug discussion i don't mind including it now21:08
*** hyakuhei has joined #openstack-security21:08
elmikosicarie: thoughts?21:08
*** jhfeng has joined #openstack-security21:10
mhaydenslides link for osas -> https://docs.google.com/presentation/d/1OnMIIC8863eGftp1zvsHjlP-7LKhqz0ENwX-mIMSUU4/edit?usp=sharing21:10
*** sigmavirus24 is now known as sigmavirus24_awa21:12
*** sigmavirus24_awa is now known as sigmavirus2421:13
openstackgerritEric Brown proposed openstack/security-doc: Add info about the VMware MKS console  https://review.openstack.org/26657621:17
openstackgerritEric Brown proposed openstack/security-doc: Add info about the VMware MKS console  https://review.openstack.org/26657621:19
sicarieelmiko: that seems more like a drive-by addition to me21:30
sicarieI'm fine for including it - it should certainly be in Identity somewhere21:30
sicariebut I'd like to maintain bug scope21:30
elmikosicarie: fair, i'm ok with including or leaving it out if you want more resolution on the bugs21:30
sicarienot only does it look better on stackalytics, but really it's making sure that we don't just keep increasing workload on stuff that should be relativley minor21:31
sicariebut really, it's my stackalytics profile i'm going for :)21:31
elmikohehe, but yeah, i agree21:32
sicarieI figure if we get in the habit, then we can consistently ensure that we don't have someone new come in, pick up a bug, and suddenly get waylaid with extra sections that may/may not be over their head21:34
elmikoyup, makes good sense21:34
*** avarner has joined #openstack-security21:37
*** avarner_ has joined #openstack-security21:37
*** salv-orlando has quit IRC21:43
*** salv-orlando has joined #openstack-security21:44
elmikomhayden: thanks, that was very cool22:01
* elmiko is still an ansible noob, but wants to know more22:01
michaelxinelmiko: you can do it!22:02
mhaydenelmiko: thanks sir :)22:02
elmikomichaelxin: yea, i need to find some time... ;)22:02
elmikomhayden: you mentioned that this was host oriented and that you wanted to do some server-based work. would that be ansible scripts to secure server installs? (i couldn't quite hear the audio)22:03
mhaydenah, the role's goal is secure physical hosts22:04
mhaydenor virtual machines22:04
mhaydenit doesn't touch openstack services22:04
elmikoah, ok22:04
mhaydenso it configures things like auditd/nfs/sshd and such22:04
mhaydenbut not nova/cinder/swift22:05
mhaydenbut those changes were done carefully to ensure that a production openstack environment won't be affected22:05
mhaydenif the role does affect openstack environments, then you've found a bug :)22:05
elmikomichaelxin: i gotta drop, hopefully we can do this again tomorrow!22:06
elmikomhayden: thanks again for the extended explanation22:06
michaelxinelmiko: sure22:09
*** salv-orl_ has joined #openstack-security22:09
*** salv-orlando has quit IRC22:12
mhaydenah, so this works for getting data from ansible into a readable file: https://infrastructure.fedoraproject.org/cgit/ansible.git/plain/callback_plugins/logdetail.py22:15
mhaydenexample -> http://paste.openstack.org/raw/483669/22:16
mhaydenyou could use readlines() on that fairly easily... break on tabs22:16
*** jamielennox|away is now known as jamielennox22:17
michaelxinmhayden: Thanks for sharing.22:18
mhaydenmichaelxin: apparently that code is GPL'd22:21
* mhayden flips a table22:21
*** pdesai has quit IRC22:25
*** hyakuhei has quit IRC22:34
*** hyakuhei has joined #openstack-security22:35
*** austin987 has quit IRC22:44
*** austin987 has joined #openstack-security22:44
*** jhfeng has quit IRC22:52
*** avarner has quit IRC22:55
*** sigmavirus24 is now known as sigmavirus24_awa23:01
*** dave-mccowan has quit IRC23:15
*** cjschaef has quit IRC23:17
*** cjschaef has joined #openstack-security23:17
*** aheczko-mirantis has quit IRC23:22
*** winterIsLeaving has joined #openstack-security23:23
*** cjschaef has quit IRC23:25
*** hyakuhei has quit IRC23:27
*** hyakuhei has joined #openstack-security23:29
*** hyakuhei has quit IRC23:29
*** browne has quit IRC23:29
*** tkelsey has quit IRC23:33
*** mvaldes has quit IRC23:33
*** tmcpeak has quit IRC23:34
*** sigmavirus24_awa is now known as sigmavirus2423:38
*** sigmavirus24 is now known as sigmavirus24_awa23:47
*** sigmavirus24_awa is now known as sigmavirus2423:48
*** ninag has quit IRC23:50
*** ninag has joined #openstack-security23:51
*** bpokorny_ has joined #openstack-security23:55
*** bpokorny has quit IRC23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!