The goal of this document is to educate prospective users of the trade-offs involved in having a self-managed Linux machine. The CLAS Linux team provides various levels of support for Linux machines. Full details can be found under the Linux Support Policy page.

To summarize, there are three tiers of support offered by the CLAS Linux team:

  • CLAS Linux team administered. CLAS Linux team has exclusive root/administrator privileges. CLAS Linux team is responsible for software updates, patching and maintenance.  Researchers can focus on their time on research vs administering a system!
  • Self-administered with CLAS Linux Group load. CLAS Linux team to provide image-based initial load. Primary user must install and maintain all software (CLAS Linux team) may be requested to perform OS patching.
  • Self-administered. User does OS load, user installs and maintains software and patches.

What responsibility am I taking by choosing to self manage my machine?

  1. Administration. You are the administrator. Research and maintain OS patches to ensure the device is patched and rebooted (or choose a semi or fully managed support offering).  Comply with ALL of the UI Core Security Standards.
  2. Comply with the UI Backup and Recovery Policy. The easiest way to comply with this is to store all of your work on the CLAS Linux file server (See Appendix 1 for details). Otherwise, there are requirements for off site storage and minimum retention policies.  Backup any applications, data or configuration data. CLAS Linux Group does not perform client backups, though we can be contracted for this service.
  3. Install and configure all 3rd party hardware. Diagnose hardware compatibility issues and recover from hardware failures including data recovery.
  4. Ensure system does not become compromised and reload the machine should it become compromised including coordination with ITS on port re-enablement. This involves regularly reviewing your systems log files (syslog or windows event log). Remember, there is no firewall at the University. All systems and their TCP/IP ports are accessible from the Internet.  Remediate any security issues the IT Security Office finds from their security scanning tool.  
  5. All license agreements must be reviewed and approved by the technology review process.
    • Acquire, install, configure, and maintain all software applications and the OS. Acquire software from ITS software central site for the software. Licensing and configuration will be the user’s responsibility.
  6. Configure networking including name resolution (DNS) and default route. See Appendix 1 for details.  Configure the firewall and harden the system shutting off all unnecessary services, restricting access via IP. See Appendix 1 for details. Do this before you connect to the network otherwise there is a good chance your machine will be infected before you even finish the load if it is running a Windows operating system!
  7. Comply with Board of Regent guidelines on Log Retention  (minimum, & maximum per log type).
  8. Samba mount the file shares to access your home directory. See Appendix 1 for details.
  9. Optionally configure your mail client.
  10. Create/maintain print queues. See Appendix 1 for details.
  11. User account administration. Create and maintain user accounts for the system in accordance with the Enterprise Password Policy and Enterprise Authentication Policy

ITS has their own version of this document here.  Use it as a means of assessing your information security and to identify areas you can improve. More items completed translates to less institutional and personal risk.