Sysadmin:Security Todo

Monitoring services

 * Tripwire
 * Process accounting, especially on Kerberos and AFS servers
 * Other intrusion detection

Security Libraries

 * libpam-tmpdir
 * Check the wrapper scripts for php and cgi scripts

Configuration changes

 * Make cracklib work
 * Done Jdhutchin@ugcs.caltech.edu 00:02, 2 February 2008 (PST)

Policy Changes

 * Keep researching breaking vectors
 * Check login machine's auth.log to look for root accesses
 * Check core server login logs
 * Implement password expiration for sysadmins
 * Bootloader passwords
 * Done Jdhutchin@ugcs.caltech.edu 00:03, 2 February 2008 (PST)

SSH

 * Restrict root access with access.conf to logins from charon
 * Done Jdhutchin@ugcs.caltech.edu 22:16, 4 February 2008 (PST)
 * Disable ssh keys
 * Done Jdhutchin@ugcs.caltech.edu 22:16, 4 February 2008 (PST)