With respect to servers, including leased physical and virtual servers and cloud-based servers, owned, operated, shared, or otherwise used by the government for all platforms and protocols, broken down by department: (a) what operating system and kernel version is the server using, including, for all unix-variant systems, the output of "uname -a"; (b) in what datacenter is the server physically located; (c) who owns, provides, and operates the server; (d) what is the purpose of the server; (e) for each service provided by the server, what is the name, type, software used, protocol, and listening ports of the service; (f) what security compromises have been detected in each service provided by the server, broken down by (i) the nature of the security compromise (privilege escalation, rooting or rootkits, sniffed packets, compromised passwords, worms, viruses, trojans, lost data storage devices, unauthorised use of information by otherwise authorised users, etc.), (ii) the details of any information accessed without proper authority, damaged, or lost, (iii) the classification and designation of the compromise and the information compromised, (iv) measures taken to prevent further security compromises, (v) date the security compromise was detected, (vi) date the security compromise was believed or found to have taken place, (vii) date the security compromise was resolved; (g) of the security compromises identified in (f), what are the file numbers of any correspondence or government records related to any such security compromises, broken down by (i) relevant file numbers, (ii) correspondence or file type, (iii) subject, (iv) date, (v) purpose, (vi) origin, (vii) intended destination, other officials copied or involved; and (h) on what dates have any threat risk assessments been conducted that affected or involved the server or its surrounding infrastructure, stored data, use, or relevant department?
In the House of Commons on January 26th, 2015. See this statement in context.