<The CFEngine Blog

Badlock Reporting and Remediation

Posted by Nick Anderson
April 19, 2016

By now you have probably heard about the Badlock vulnerability (CVE-2016-2118)in DCE/RPC-based SAMR and LSA protocols used in the Microsoft Windows ActiveDirectory infrastructure as well as other critical security flows in Samba. With CFEngine Enterprise you can simply tag any variable or class and MissionPortals Inventory reporting interface will be automatically extended with the new attributes. This makes it easy to identify vulnerable hosts. inventory_report_vulnerable_cves inventory_report_vulnerable_cves_chart Dashboard alerts can be created to alert on vulnerable hosts for specific subsets of infrastructure. define_alert alert_status_vulnerable_hosts Dashboard alerts can be integrated with other systems. For example you could automatically open an issue in Jira when vulnerable hosts are found. If you would like to use CFEngine to detect, repair and report on Badlock in your infrastructure, we have prepared some policies you can use: - Badlock reporting and remediation policy - Implementation Tutorial

Try CFEngine Enterprise for free

Sign up for CFEngine Enterprise and connect up to 25 hosts for free. No credit card required. Get started in minutes.

Try enterprise for free