Show posts by author:
Nick Anderson

Show Notes: The Agent is In - Episode 24 - Pretty Printer (cffmt) Demo With Miek Gieben

Tired of hand crafting policy and arguing with people about spacing and alignment? Longing for regularity and easier scanning of your policy no matter who wrote it? Cody, Craig and Nick wrap up the second year of The Agent is In with Miek Gieben, CFEngine Community user and author of cffmt, a formatted written in go for CFEngine policy files. Check out the discussion about opinionated formatting, possible future developments and other tooling to improve qualify of life as a CFEngineer.

Posted by Nick Anderson
April 27, 2023

Improved software compliance with packages-allowlist

Having a list of software that is allowed to be installed on a host is a strategy to prevent and fix security gaps and maintain compliance with operational guidelines. This zero-trust methodology ensures that only explicitly permitted applications are allowed to be present on a host unlike package block-listing which enumerates an explicit list of software that is not allowed to be present. In fact, with a software allow-list, you are essentially block-listing everything except the software you allow.

Posted by Nick Anderson
April 6, 2023

Show Notes: The Agent is In - Episode 23 - Detecting Previously Hidden Malware With Invary & CFEngine

Can you trust the integrity of your base operating system runtime? Jason Rogers and Dr. Wesley Peck of Invary join Cody, Craig and Nick to chat about their Runtime Integrity technology. They discuss the challenges of Trust, Information Technology Knowledge Management, and how Invary fits in the SecOps, Systems Automation, Security and Compliance landscape. Nick shares an example of an early integration between CFEngine and the Invary RISe agent1 with reporting in Mission Portal and talks about the different ways to approach integration.

Posted by Nick Anderson
March 30, 2023

Show Notes: The Agent is In - Episode 22 - Hackathon: Termux Services

Have a burning desire to run sshd or another service on your VR headset? Cody, Craig and Nick do time-boxed live hackathon working on developing CFEngine services promise type support for Termux. Watch Nick and Craig race to implement basic services support before the timer buzzes. Video The video recording is available on YouTube: At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees.

Posted by Nick Anderson
February 23, 2023

Show Notes: The Agent is In - Episode 21 - Troubleshooting with cf-support

What’s the best way to collect information when troubleshooting something with CFEngine? Cody and Nick chat with Craig about cf-support a new tool shipping in the latest (and future) versions of CFEngine. Video The video recording is available on YouTube: At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion. Links Connect on LinkedIn w/ Cody, Craig, or Nick All Episodes cf-support is packaged as part of 3.

Posted by Nick Anderson
January 26, 2023

Show Notes: The Agent is In - Episode 20 - Reviewing the 2022 CFEngine Holiday Security Calendar

For the holiday season gift yourself an improved infrastructure security posture. Join Craig, Cody, and Nick as they wrap up 2022 and the 20th episode of The Agent is In reviewing CFEngines’ 2022 Holiday Security Calendar which has advice picked straight from industry standard security hardening guides like the OpenSCAP Security Policies and Security Technical Implementation Guides (STIGs). Craig demos new modules like maintainers-in-motd, file-permissions, enable-aslr, highlights guidance on writing your own security policies and more.

Posted by Nick Anderson
December 29, 2022

Change in behavior: Directories are now created with 700 instead of 755

In the upcoming release of CFEngine 3.21.0 there is a change in behavior with respect to default permissions of created directories. From 3.21.0 and later directories will be created with read, write, execute permissions only for the file owner. No permissions are granted for group or other. This change improves the default security posture to make sure that only the user executing cfengine (typically root) will have access to content in newly created directories.

Posted by Nick Anderson
December 16, 2022

File integrity monitoring with CFEngine

File integrity monitoring is an important aspect in managing your infrastructure. Tripwire and AIDE are often cited as necessary tools by compliance frameworks1,2,3. Of course CFEngine can manage a file to make sure it contains desired content, but did you know that CFEngine also has the capability to simply monitor a file for change? In this blog post we take a look at CFEngines’ changes attribute for files promises. File promises, changes body To monitor a file for change in CFEngine you must have a files promise with a changes body attached.

Posted by Nick Anderson
December 13, 2022

Show Notes: The Agent is In - Episode 19 - Sneak Peek at 3.21 LTS

The next LTS is coming … Join Cody Valle, Craig Comstock, Nick Anderson, and Ole Herman Elgesem for a preview of the coming in CFEngine 3.21. Video The video recording is available on YouTube: At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion. Links Connect on LinkedIn w/ Cody, Craig, Herman, or Nick All Episodes CFEngine 3.

Posted by Nick Anderson
November 22, 2022

November 2022: Severe vulnerabilities in OpenSSL 3

On October 25th 2022 the OpenSSL project team announced 1 the forthcoming release of OpenSSL version 3.0.7. From the announcement we know that a fix will be made available on Tuesday November 1st, 2022 for a CRITICAL security issue. Note: CVE-2022-3786 and CVE-2022-3602 (X.509 Email Address Buffer Overflows) have been published 2. CVE-2022-3602 originally assessed as CRITICAL was downgraded to HIGH after further review prior to being published. Affected versions The vulnerability is reported to affect version 3.

Posted by Nick Anderson
November 1, 2022
Get in touch with us
to discuss how we can help!
Contact us
Sign up for
our newsletter
By signing up, you agree to your email address being stored and used to receive newsletters about CFEngine. We use tracking in our newsletter emails to improve our marketing content.