As we bid farewell to 2023, it’s once again time to reflect on the milestones and progress we’ve made throughout the year. This year is especially significant because it marks 30 years since CFEngine’s birth. From its humble beginnings at the University of Oslo to the thousands of implementations across the world and counting, CFEngine has not only weathered the twists and turns of life, but has thrived in an industry where many have come and gone.
It’s that time of year again where we reflect & recap all things new with CFEngine from this year. You may recall from the 2021 retrospective that our focus for 2022 would be on collaboration, ease of use, and community engagement. I’m proud to summarize our progress below in these key areas for 2022’s Retrospective and give you a sneak peek at what’s to come in 2023.
Revamped documentation CFEngine is a powerful, flexible, and complex piece of software, but we are committed to make it as easy to use as possible, and are looking at all ways we can improve the new user experience. The documentation is an important tool for both new and experienced users to find the information they need. We identified multiple areas for improvement in terms of structure, navigation, search, and content, we decided to completely overhaul it in 2022. The new documentation was launched this fall, and includes several new improvements:
For the holiday season gift yourself an improved infrastructure security posture.
Join Craig, Cody, and Nick as they wrap up 2022 and the 20th episode of “The agent is in” reviewing CFEngines’ 2022 Holiday Security Calendar which has advice picked straight from industry standard security hardening guides like the OpenSCAP Security Policies and Security Technical Implementation Guides (STIGs). Craig demos new modules like maintainers-in-motd, file-permissions, enable-aslr, highlights guidance on writing your own security policies and more.
Thank you for following along with our security themed holiday calendar. Today, we summarize the last half of the calendar, in case you missed some days.
Part 1 recap (12/25) A couple of weeks ago, on the 12th of December, we posted a recap of the first 12 days:
cfengine.com/blog/2022/security-holiday-calendar-part-1
File integrity monitoring with CFEngine (13/25) On the 13th, we took a look at how you can use File Integrity monitoring in CFEngine for similar functionality to AIDE:
As it was well received last year, we decided to do another security-focused holiday calendar this year. The concept was roughly the same, but instead of only adding security hardening modules, we’ve also added in some other security advice and blog posts to improve the variety. Now that we’re halfway through to 24 (or 25), let’s recap the first half of the calendar.
The problematic remote shell (rsh) (1/25) Remote shell (rsh) allows you to log in and send commands to another computer over the network. It is notoriously insecure, sending traffic in an unencrypted manner. In some implementations of rsh, passwords are also sent over the network in plaintext. rsh should no longer be used, as much more secure alternatives exist, such as ssh. This module helps you uninstall rsh:
For halloween this year, we wanted to share some scary scenarios along with security recommendations to help avoid them. All the names, companies and characters are made up, but the events and experiences are based on things which could happen, or have happened in the real world.
1. Horrors of the logging library Mary the sysadmin looks over at her monitoring system, noticing an increase in requests with special characters. She recognizes the strings as log4shell vulnerability exploit attempts. Months earlier, when the vulnerability first appeared, she concluded they were safe, since the vulnerability was in a Java library. She was wrong. One machine goes offline, then another. She tries to look online for scanners, but it’s already too late. Slowly, one by one, the attackers succeed, they are remotely executing code and bringing down her entire datacenter.
Saint Patrick’s Day makes us think of the color green. Spring is coming. Plants are starting to sprout amongst the dead grass and leaves from Fall/Winter:
Earth Day is just around the corner on April 22nd.
This reminds us of our commitment to the environment and ecosystems that surround us. As we at Northern.tech state in our corporate social responsibilities:
We have set an ambitious company-objective to “Become a net-zero carbon business by the end of 2022”.
(This is a blog post to celebrate Chinese New Year for our Chinese-speaking users.) 作为年前的最后一篇文章,并延续我们的传统,我们想回顾一下CFEngine在这一年中取得的所有成就,并对新的一年我们的计画做一个简要的介绍。
For our final blog post of 2021 and continuing our tradition, we’d like to reflect on all the CFEngine accomplishments throughout the year and provide a sneak peak of what to expect in 2022.
Modernized Mission Portal UI In CFEngine Enterprise 3.18.0 LTS, released in June, we overhauled the web user interface. You can read about the changes in our blog post on the subject. We will continue to make meaningful design changes within Mission Portal next year with the goal of making it more intuitive and user friendly.
This is the final summary of our 2021 security hardening holiday calendar. We wanted to provide educational, useful, and actionable security advice, and we’re really pleased with the reception! Thank you for reading and following along.
Week 1-3 summary (1-21/25) We posted summaries for the 3 first weeks of the calendar:
