The latest updates about everything CFEngine

Building a Compliance Report based on inventory modules

In CFEngine Enterprise we collect information from each system in the infrastructure as inventory. Some inventory is available by default, and more can be added using modules or writing policy. You can use inventory information to create a Compliance Report with checks that determine if the information complies with your security requirements. In this blog post, we will use some modules from CFEngine Build which provide inventory data, and build a Compliance Report on top of those.

Posted by Craig Comstock
December 9, 2022

Updates, upgrades, and uptime

All software of any significant size has bugs, vulnerabilities, and other weaknesses. This includes the operating system (OS), libraries, command line tools, services and graphical applications. Across your infrastructure, you should have an overview of what operating systems and software you have installed. Additionally, automated ways of upgrading the OS, as well as packages are desirable. Finally, ways of highlighting problematic hosts (with old operating systems and software) and prioritizing them helps your efforts to upgrade and secure your machines.

December 2, 2022

Show Notes: The Agent is In - Episode 19 - Sneak Peek at 3.21 LTS

The next LTS is coming … Join Cody Valle, Craig Comstock, Nick Anderson, and Ole Herman Elgesem for a preview of the coming in CFEngine 3.21. Video The video recording is available on YouTube: At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion. Links Connect on LinkedIn w/ Cody, Craig, Herman, or Nick All Episodes CFEngine 3.

Posted by Nick Anderson
November 22, 2022

CFEngine Build System version 3

Our beloved cfbs CLI tool for working with CFEngine Build is rapidly evolving. At the time of writing, we are currently at version 3.2.1. Thus I would like to take this opportunity to talk a bit about the latest and greatest features; including support for users to manipulate input parameters in modules, as well as a couple of new build steps. If you haven’t yet got a hold of the latest version of cfbs, you can update it with pip using the following command:

Posted by Lars Erik Wik
November 15, 2022

CFEngine 3.15.7 and 3.18.3 released

We are pleased to announce two new patch releases for CFEngine, version 3.15.7 and 3.18.3! These releases mainly contain bug fixes and dependency updates. 3.15: Last release and end of life 3.15.7 is the last planned release for the 3.15 LTS series, which is supported until December 2022. Please reach out to support if you need help with upgrading or need to purchase extended support; on January 1st 2023, 3.15 is no longer supported.

November 14, 2022

November 2022: Severe vulnerabilities in OpenSSL 3

On October 25th 2022 the OpenSSL project team announced 1 the forthcoming release of OpenSSL version 3.0.7. From the announcement we know that a fix will be made available on Tuesday November 1st, 2022 for a CRITICAL security issue. Note: CVE-2022-3786 and CVE-2022-3602 (X.509 Email Address Buffer Overflows) have been published 2. CVE-2022-3602 originally assessed as CRITICAL was downgraded to HIGH after further review prior to being published. Affected versions The vulnerability is reported to affect version 3.

Posted by Nick Anderson
November 1, 2022

Scary stories you won't believe until they happen to you!

For halloween this year, we wanted to share some scary scenarios along with security recommendations to help avoid them. All the names, companies and characters are made up, but the events and experiences are based on things which could happen, or have happened in the real world. 1. Horrors of the logging library Mary the sysadmin looks over at her monitoring system, noticing an increase in requests with special characters. She recognizes the strings as log4shell vulnerability exploit attempts.

October 27, 2022

Show Notes: The Agent is In - Episode 18 - Policy Examples

Do you know how to use every function available in CFEngine? Join Cody, Craig, Herman to see how Nick uses org-mode, org-roam, and ob-cfengine3 to manage his personal collection of CFEngine Function Examples. Video The video recording is available on YouTube: At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion. Notes Live coded examples for the following functions:

Posted by Nick Anderson
October 27, 2022

Accessing CFEngine nightly packages

Did you know that nightly builds of CFEngine are available? cf-remote is the most convenient way to get nightly packages. If you’re not familiar with it, or if you need a refresher, check out our other blog posts about cf-remote. Listing packages By default cf-remote list will emit a list of available releases and the URLs for the newest CFEngine Enterprise LTS release. cf-remote list Available releases: master, 3.20.0, 3.18.x, 3.

Posted by Nick Anderson
October 12, 2022

Show Notes: The Agent is In - Episode 17 - Compliance

The good we secure for ourselves is precarious and uncertain until it is secured for all of us and incorporated into our common life. How often do you verify your compliance? Once or twice a year? Have you considered reporting on compliance continually? The usual suspects, Cody Valle (Head of community), Criag Comstock (Digger), and Nick Anderson (Doer of Things) see how CFEngine Enterprise can be used to implement and report on compliance, specifically the Ubuntu 20.

Posted by Nick Anderson
September 29, 2022
Get in touch with us
to discuss how we can help!
Contact us
Sign up for
our newsletter
By signing up, you agree to your email address being stored and used to receive newsletters about CFEngine. We use tracking in our newsletter emails to improve our marketing content.