April 13th, 2017 Meeting Minutes
Notes taken by mobyte in emacs
35 people in attendance, including: rush, leech, strongth, dolphin, stringy, cpg, kell, mobyte, flay, mind, kami, zurek
6:00 PM, On a Thursday, 2225 Kohrman Hall
Yakko Server Status
- For the last two weeks, the Computer Club yakko server has not had access to Western Michigan University's network.
- Earlier today there was a meeting with Jason Johnson about the conditions needed for yakko to be re-added to the network.
- stringy, typo, sphinx, flay, hellbacon, and kami were our representatives at the meeting.
- There were some requirements set for the server to be reconnected to the network (These rules will apply to all servers in the Computer Science network).
- Jason Johnson will have a sudo account with all privileges.
- This condition has already been met and he now has a local sudo account.
- Logging will be used on the server.
- Due to missing logs at the time of the incident, we would need to make sure logging is working in order for the Computer Science department network to remain secure.
- A list of all sudoers on yakko with phone numbers and contact information will be supplied to Jason Johnson.
- This list will be required to always be up to date.
- This is to test for security on a weekly basis.
- A list of ports and services used by the server will be supplied.
- A formal document describing the requirements for this policy will be available soon.
- This policy will be given to us and to all other server owners on the Computer Science network in order for the department to keep their network secure.
- This policy was put in place to prevent any similar situations from happening in the future.
- The reason the investigation details were not known at first was because information could not be risked to be given to the person that was responsible for the server security issues.
- It is hopeful that very soon the server will be brought back online after all of these requests are properly met.
- We would like to thank the support of Computer Club members, Dr. Trenary, and Dr. Carr for helping us get through this situation.
Why the Server Was Down
- As it turns out, the actions of giggles accidently caused yakko to be temporarily removed from the Western Michigan University network.
- It started when giggles was fired from his job at the Geosciences department without being given a chance to transfer administrator accounts to his replacement on the 31st of March.
- In an attempt to resolve this issue, giggles accessed the Geosciences servers through an established ssh connection from yakko to transfer information to College of Arts and Sciences Technology Services on the 2nd of April.
- Due to an Active Directory Administrator password being changed by Geosciences, their entire file server was rendered inaccessible. The open ssh connection to yakko was noticed which led to a security emergency and OIT contacted the Computer Science department to ask for yakko to be removed from the network on the 3rd of April.
- giggles had a meeting with the Director of IT at the College of Arts and Sciences and was told that two of the passwords he gave were incorrect due to them accidentally being swapped.
- giggles was then able to help them reaccess their file servers on April 5th.
- The OIT investigation was extended because yakko was misconfigured and did not have logs at the time of the investigation.
- The full report written by giggles can be found at: https://gist.github.com/blakewrege/0da98dc1ed1b58efdbc47af820d48633.
- Before we started the nominations, kami has made a suggestion for the future officers to create an Alumni Ambassador position which could act as a mediator between alumni and students.
- President Nominations: sgtsarcasm, kahrl, dolphin, cpg, and leech.
- Vice President Nominations: zurek, dolphin, mobyte, sgtsarcasm, leech, and hellbacon.
- Treasurer Nominations: tank, dolphin, twitch, mobyte, yillivs, and kharl.
- VP of Finance Nominations: leech and kahrl.
- Secretary Nominations: mobyte, hellbacon, and cookie.
- At next week's meeting, the elections will be held.
- If you would like to submit an absentee vote, please try to contact a Computer Club officer through Facebook, the backup IRC server, or Slack.
- Each candidate will present a speech at the elections as usual and there will be a discussion before voting for each position.
- Good luck to all of the nominees!
Meeting ends at 6:58 PM