Plans for next generation linux desktop support.
Security Services/Features needed (based on SLAC MinSec):
- Anti-virus Software
- Install and configure ClamAV (optional, since not in moderate enclave)
- Application Patches
- Configure automatic updates for Applications via apt/yum config
- Authentication
- Requirements met for global accounts via Active Directory rules
- Use Chef Compliance to scan for and enabled insecure protocols
- Logging
- Configure syslog to log to central syslog server, and enable logging locally to /var/log/everything
- Network Services
- Check for inappropriate network services via Chef Compliance
- Operating System Patches
- Configure automatic updates for OS patches via apt/yum
- Passwords
Reference Documents:
Published SLAC Policies and Governance SLAC Controlled Documents page:
https://docs.slac.stanford.edu/sites/pub/Pages/SLAC_Policies.aspxMinimum Security Requirements for Computing
https://docs.slac.stanford.edu/sites/pub/Publications/701-I02-001-00_Min_Sec_Req_for_Comp.pdfConfiguration Management Procedures in the SCS twiki:
https://novel.slac.stanford.edu/twiki/bin/view/SCCS/ConfigurationManagement