PRJ: Linux Research (Xianming Ding)

Project Summary

Project

Enterprise Linux 802.1X — EAP-TLS Standardization

Priority

P0 — Critical (CISO priority)

Status

Active — partial deployment, standardization needed

Owner

Evan Rosado

Requestor

Xianming Ding (Research), Shahab (Research)

Runbook

domus-ise-linux: runbooks/linux-eaptls-deployment-runbook.adoc

Exports

PDF, HTML, DOCX in runbooks/output/

Deployment Status

Workstation Domain Join Cert Wired 802.1X WiFi 802.1X

modestus-razer (Evan)

modestus-p16g (Evan)

P50 (Shahab)

❌ (packages installed, not joined)

N/A

AW (Ding)

What’s Done

  • Full runbook (1,109 lines, 6 phases) with rollback and troubleshooting

  • Razer fully operational — wired + wireless EAP-TLS, Vault PKI cert

  • P16g WiFi EAP-TLS operational (Phase 8b of P16g deploy)

  • ISE policy set configured: Domus-Wired 802.1X, Domus-Secure 802.1X

  • dACLs: onboard, compliant, quarantine

  • Authorization profiles and rules active

  • netapi automation (Phase 6 of runbook)

  • PDF/HTML/DOCX exports via build-adoc.sh with YAML-based dark theme

What’s Remaining

  • P16g: domain join, Vault PKI cert, wired 802.1X nmcli profile

  • P50 (Shahab): complete domain join, configure wired 802.1X

  • AW (Ding): full deployment — packages, cert, NM config, wired + wireless

  • Zabbix monitoring agent on all workstations

  • Host firewall (supplementary to ISE dACL)

  • Posture assessment (ClamAV)

  • Standardize deployment procedure for future Linux workstations

  • Management review of runbook and deployment status

Related Documentation

  • infra-ops::runbooks/certificate-deployment.adoc[Certificate Deployment Runbook]

Sub-Pages

Notes

  • This project directly feeds into MSCHAPv2 migration (Wave 3 - Linux workstations)

  • Reference domus home lab EAP-TLS configuration as validated design

  • UFW integration is novel - may become reference architecture for other orgs

Metadata

Field Value

PRJ ID

PRJ-CHLA-LINUX-RESEARCH

Author

Evan

Date Created

2026-03-25

Last Updated

2026-03-25

Status

Behind

Next Review

2026-04-08