For halloween this year, we wanted to share some scary scenarios along with security recommendations to help avoid them. All the names, companies and characters are made up, but the events and experiences are based on things which could happen, or have happened in the real world.
1. Horrors of the logging library Mary the sysadmin looks over at her monitoring system, noticing an increase in requests with special characters. She recognizes the strings as log4shell vulnerability exploit attempts.
The good we secure for ourselves is precarious and uncertain until it is secured for all of us and incorporated into our common life. How often do you verify your compliance? Once or twice a year? Have you considered reporting on compliance continually?
The usual suspects, Cody Valle (Head of community), Criag Comstock (Digger), and Nick Anderson (Doer of Things) see how CFEngine Enterprise can be used to implement and report on compliance, specifically the Ubuntu 20.
Since joining the CFEngine team in 2019 I’ve heard and read numerous times that the configuration management market is dying and becoming obsolete. While I and many others don’t personally adopt this line of thinking, I can understand why one would come to this conclusion being that we’re in an ever-changing industry and talking about solutions that have been around for decades. Configuration management solutions like CFEngine are certainly not a new concept, however there are many changes that are happening across the industry that will continue to drive usage and will ultimately pave the way for a new era in this market.
We are pleased to announce two new patch releases for CFEngine, version 3.15.6 and 3.18.2! These releases mainly contain bug fixes and dependency updates.
What’s new Some smaller features and improvements were added to 3.18.2. Most of these are centered around newer functionality, such as compliance reports.
Compliance report widgets and improved UI Compliance reports are one of our most powerful report types, allowing you to compile all your security and compliance requirements into one checklist, and easily see exactly how many hosts are failing and passing each check.
Looking to be more efficient writing CFEngine policy?
Michael Bolen (Founder, CISOfy and author of Lynis) gives us some history on Lynis (including how to pronounce it, spoiler it’s “lee nus”). Nick Anderson (Doer of Things, Northern.tech) shows off reporting Lynis scan findings with CFEngine Enterprise and the lynis CFEngine build module.
Video The video recording is available on YouTube:
At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees.
(This is a blog post to celebrate Chinese New Year for our Chinese-speaking users.) 作为年前的最后一篇文章,并延续我们的传统,我们想回顾一下CFEngine在这一年中取得的所有成就,并对新的一年我们的计画做一个简要的介绍。
For our final blog post of 2021 and continuing our tradition, we’d like to reflect on all the CFEngine accomplishments throughout the year and provide a sneak peak of what to expect in 2022.
Modernized Mission Portal UI In CFEngine Enterprise 3.18.0 LTS, released in June, we overhauled the web user interface. You can read about the changes in our blog post on the subject. We will continue to make meaningful design changes within Mission Portal next year with the goal of making it more intuitive and user friendly.
Looking for ways to improve the security of your infrastructure?
Craig (Digger) and Nick (Doer of Things) walk us through some of the policies shared during the 2021 CFEngine security holiday hardening calendar.
Video The video recording is available on YouTube:
At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion.
Links CFEngine security hardening holiday calendar week 1 CFEngine security hardening holiday calendar week 2 CFEngine security hardening holiday calendar week 3 CFEngine security hardening holiday calendar week 4 Connect on LinkedIn w/ Cody, Craig, or Nick All Episodes
This is the final summary of our 2021 security hardening holiday calendar. We wanted to provide educational, useful, and actionable security advice, and we’re really pleased with the reception! Thank you for reading and following along.
Week 1-3 summary (1-21/25) We posted summaries for the 3 first weeks of the calendar:
Week 1 Week 2 Week 3 Enforce specific list of allowed sudoers (22/25) As discussed previously, the root user and sudo tool provide a lot of access to the system, both in terms of making changes, and reading sensitive data.
This december, we are posting security advice and modules, every day until December 25th. Now, it’s December 21st, and we’ve gotten through most of the security hardening holiday calendar:
Week 1 & 2 summary (1-14/25) We posted summaries for the 2 first weeks of the calendar:
Week 1 Week 2 Disable prelinking (15/25) A technique called prelinking can be used to optimize programs, making them start up faster. As this feature will change the binary file, it interferes with security functionality such as checksumming and signatures.
