Project BA

(“BA” stands for “Bundesagentur für Arbeit”, which means “federal employment agency”)

I was hired to take over some basic Linux systems administration, with a special focus on their Ilias learning platform.

The BA was using ITIL processes implemented by T-Systems. The effect was that nothing could ever be done in less than three weeks (a VM took 9 weeks and 7 tickets). The work was limited to an isolated network segment where the learning platform was deployed, and the administration process was basically writing scripts as non-root user with two thousand granted sudo-permissions.

During the project I got assigned another project, which was designing a Puppet-based deployment automation for “the website” product, which basically hosted static websites for internal use.

I created a security incident because everything was done by tickets and took 3-7 weeks, which lead me to sit around hours a day doing basically nothing. So I wrote a 25 line shell script using the countless sudo-rights a “non-admin” had to elevate me and get things done without tickets. The story how I got “caught” is another one I might tell somewhere, but maybe not here.

Learnings:

  • BMC Remedy should be avoided, just like every other tool which is properly “Enterprise ITIL”
  • Puppet
  • ITIL (at least the basic concept, not the weird thing the BA had going)