The goal of this document is to educate prospective users of the trade-offs involved in having a self-managed Linux machine. The CLAS Linux team provides various levels of support for Linux machines. Full details can be found under the Linux Support Policy page.

To summarize, there are three tiers of support offered by the CLAS Linux team:

  • CLAS Linux team administered. CLAS Linux team has exclusive root/administrator privileges. CLAS Linux team is responsible for software updates, patching and maintenance.  Researchers can focus their time on research vs administering a system!
  • Self-administered with CLAS Linux Group load. CLAS Linux team to provide image-based initial load. Primary user must install and maintain all software (CLAS Linux team) may be requested to perform OS patching.
  • Self-administered. User responsible for OS load, user management, software, patches and warranty repairs.

What responsibility am I taking by choosing to self manage my machine?

  1. Administration. You are the administrator. User is responsible for OS load, user configuration and software.  Research and maintain OS patches to ensure the device is patched and rebooted (or choose a semi or fully managed support offering).  Comply with ALL of the UI Core Security Standards.
  2. Comply with the UI Backup and Recovery Policy.  Backup any applications, data or configuration data.
  3. Install and configure all hardware. Diagnose hardware compatibility issues and recover from hardware failures including data recovery.  Submit hardware warranty issues with the vendor.
  4. Ensure system does not become compromised and reload the machine should it become compromised including coordination with ITS on port re-enablement. This involves regularly reviewing your systems log files (syslog or windows event log).  Remediate any security issues the IT Security Office finds from their security scanning tool.
  5. All license agreements must be reviewed and approved by the technology review process.
    • Acquire, install, configure, and maintain all software applications and the OS. Acquire software from ITS software central site for the software. Licensing and configuration will be the user’s responsibility.
  6. Configure networking including name resolution (DNS) and default route. See Appendix 1 for details.  Configure the firewall and harden the system shutting off all unnecessary services, restricting access via IP. See Appendix 1 for details. Do this before you connect to the network otherwise there is a good chance your machine will be infected before you even finish the load if it is running a Windows operating system!
  7. Comply with Board of Regent guidelines on Log Retention  (minimum, & maximum per log type).
  8. Samba mount the file shares to access your home directory. See Appendix 1 for details.
  9. Optionally configure your mail client.
  10. Create/maintain print queues. See Appendix 1 for details.
  11. User account administration. Create and maintain user accounts for the system in accordance with the Enterprise Password Policy and Enterprise Authentication Policy

ITS has their own version of this document here.  Use it as a means of assessing your information security and to identify areas you can improve. More items completed translates to less institutional and personal risk.