UNIX ADMINISTRATORS MEETING
December 6, 2005

The second meeting of Unix Administrators this semester brought out over 30 members. Basil Kmech of New Brunswick Computing Services led the meeting. The following is a summary of the meeting summary:

Beth Binde of IPS is organizing an OS Hardening Workshop scheduled during Spring Break next semester. Eric Cole, a leading network security expert will conduct the workshop. The first day (Tuesday, March 14th) will focus upon hardening the Debian Linux operating system. The second day (Wednesday, March 15th) will focus on Windows. Each attendee will be encouraged to bring a laptop that they can use to image and have hands on training for the course. Beth will be sending out a more detailed announcement soon.

Chuck Hedrick spoke about the SSN Transition project. Under new NJ state law, the university cannot use a person's SSN as an identifier. This requirement goes into full force by January 26, 2006. Everyone who now has SSNs as their indetifier will have new "RutgersID" number issued to them. The length of the number will remain the same as the SSN but be derived out of a range of numbers that are not used as SSNs. Students will be issued new ID cards first and then faculty/staff will come later. All ESS feeds and databases will use the RutgersID as the primary key. ESS intends to take down their systems for the weekend of February 11th, do the conversion and then bring them back up Monday AM. The field names will be RUID, the SSN field will be their previous ID number, and the SSN field will become RealSSN. People already getting ESS feeds should have already been contacted about this. For the most part, ESS feeds will no longer carry the SSN field unless you absolutely require it. If that is the situation, you need to make veyr compellingb case to ESS. The RUID will be treated as private but will be considered public. A tangential issue here is that if your unit currently maintains SSN and credit card #s stored electronically, you should consider removing that data if at all possible. The security requirements for having that level of information online are becoming much tighter.

Kevin Conover of NBCS discussed SMTP Authentication. In February, faculty/staff accounts will be required to use SMTP authentication internal and external to Rutgers; Students will be required come March. For machines that generate automatic emails (e.g., printers, servers, etc.), a whitelist will be available to you. For those who operate their own mailservers, your systems can conitnue as you currently have them configured, however it is important to note that programs like vacation and simple forwards are being targeted as SPAM. It is relatively easy for a system to be "blacklisted" these days.

James Tuan of NBCS discussed the impending transition from listserv to mailman. Mailman has very significant performance and managability improvements over listserv. The migration will proceed by having list owners recreate their lists in mailman. The users under each list will be migrated over by NBCS once a like list has been created in mailman. The transition should occur in April. NBCS will email owners of lists about the changes. If list owners do not migrate their lists, NBCS will email the actual lists to see if the list needs to be migrated. If list is not converted by the changeover date (TBD), the list will be removed. Annual emails to list owners will commence so that NBCS has some mechnaism to remove old lists.

Aaron Richton of CCF led a discussion on the procedures surrounding NIS -> LDAP migration. In some ways, this is being advanced because Sun is intending to remove NIS from its operatings systems. LDAP is being considered the replacement. RFC 2307 (http://www.faqs.org/rfcs/rfc2307.html) defines format, fields, etc of the file equivalent. The company www.padl.com has several worthwhile tools to use for migration. The remainder of the discussion focused upon different OS implementations.

A general discussion call was made for people to volunteer the types of firewalls they use. Wei Li's group in EOHSI is looking for a solution. Alex Podchaski announced that TD will begin giving local IT staff access to the ACLs on their RUNet 2K switches into order to emulate some of the benefits firewalls provide. TD will provide the preamble (settings based upon established policy) and still retain the ability manage the overall switch configuration. Resources in learning how to do all of this will be web-based documentation backed up by TD's helpdesk.

The next meeting is scheduled for February at 1:30PM. Location is TBD at this point.