Show posts tagged:
modules

CFEngine 3.23 released - Anniversary

Today, we are pleased to announce the release of CFEngine 3.23.0! This is a non-LTS (non-supported) release, where we introduce new features for users to test and give feedback on, allowing us to polish before the next LTS. (CFEngine 3.24 LTS is scheduled to release summer 2024). The codename for this release is anniversary, as this year is CFEngine’s 30th anniversary. CFEngine was initially released in 1993, and to mark this special occasion we’ve created a limited edition anniversary coin:

December 6, 2023

Show notes: The agent is in - Episode 26 - Demo of CFEngine 3.22

Have you seen what’s new in CFEngine 3.22.0? Ole Herman Elgesem, CFEngine Product Manager joins Cody, Craig and Nick to give a tour of the changes in recently released CFEngine 3.22.0 Mission Portal. See how filters have been improved and how the new Groups feature makes it easier to affect change across your infrastructure and enforce package compliance with a new module, packages-allowlist-snapshot from CFEngine Build. Video The video recording is available on YouTube:

Posted by Nick Anderson
June 29, 2023

CFEngine 3.22 released - Coordination

Today, we are pleased to announce the release of CFEngine 3.22.0! The focus of this new version has been coordination. This is a non-LTS (non-supported) release, where we introduce new features for users to test and give feedback on, allowing us to polish before the next LTS. (CFEngine 3.24 LTS is scheduled to release summer 2024). What’s new New host filters The host filter from inventory reports have been upgraded. You can now add rules based on classes, such as linux, windows, redhat, ubuntu, xen, policy_server, cfengine_3_21, ipv4_172_31, etc:

June 16, 2023

Show notes: The agent is in - Episode 25 - Migrating to cfbs

Been a CFEngine user for a while? Have you migrated to a cfbs managed policy set yet? Live from the Northern.tech Summit in Castell de Sant Mori1! Cody, Craig and Nick walk through the process of migrating a policy set to cfbs management. Go through the process yourself following the detailed Migrating to cfbs blog post. Video The video recording is available on YouTube: At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion.

Posted by Nick Anderson
May 25, 2023

Improved software compliance with packages-allowlist

Having a list of software that is allowed to be installed on a host is a strategy to prevent and fix security gaps and maintain compliance with operational guidelines. This zero-trust methodology ensures that only explicitly permitted applications are allowed to be present on a host unlike package block-listing which enumerates an explicit list of software that is not allowed to be present. In fact, with a software allow-list, you are essentially block-listing everything except the software you allow.

Posted by Nick Anderson
April 6, 2023

Security holiday calendar - Part 2

Thank you for following along with our security themed holiday calendar. Today, we summarize the last half of the calendar, in case you missed some days. Part 1 recap (12/25) A couple of weeks ago, on the 12th of December, we posted a recap of the first 12 days: cfengine.com/blog/2022/security-holiday-calendar-part-1 File integrity monitoring with CFEngine (13/25) On the 13th, we took a look at how you can use File Integrity monitoring in CFEngine for similar functionality to AIDE:

December 25, 2022

CFEngine 3.21 LTS released - Unification

Today, we are pleased to announce the release of CFEngine 3.21.0! The focus of this new version has been unification. Across our websites and UI, you should see that it’s a much more modern and unified experience, whether you’re reading this blog post on cfengine.com, browsing the new documentation site, looking for modules on the CFEngine Build website, or adding input to modules within Build in Mission Portal. This release also marks an important event, the beginning of the 3.21 LTS series, which will be supported for 3 years.

December 21, 2022

Track maintainers and purpose for hosts in your infrastructure

When something goes wrong or looks fishy for a particular host in your infrastructure how do you know who to ask about it? In an infrastructure managed by many and used by many it is also helpful to know what each hosts’ purpose is. In this article we show how to add maintainer and purpose information to individual hosts in your infrastructure via the CMDB feature of Mission Portal. We will also add a Build Module to add this information to the /etc/motd file for each associated host.

Posted by Craig Comstock
December 14, 2022

Security holiday calendar - Part 1

As it was well received last year, we decided to do another security-focused holiday calendar this year. The concept was roughly the same, but instead of only adding security hardening modules, we’ve also added in some other security advice and blog posts to improve the variety. Now that we’re halfway through to 24 (or 25), let’s recap the first half of the calendar. The problematic remote shell (rsh) (1/25) Remote shell (rsh) allows you to log in and send commands to another computer over the network. It is notoriously insecure, sending traffic in an unencrypted manner. In some implementations of rsh, passwords are also sent over the network in plaintext. rsh should no longer be used, as much more secure alternatives exist, such as ssh. This module helps you uninstall rsh:

December 12, 2022

Building a Compliance Report based on inventory modules

In CFEngine Enterprise we collect information from each system in the infrastructure as inventory. Some inventory is available by default, and more can be added using modules or writing policy. You can use inventory information to create a Compliance Report with checks that determine if the information complies with your security requirements. In this blog post, we will use some modules from CFEngine Build which provide inventory data, and build a Compliance Report on top of those.

Posted by Craig Comstock
December 9, 2022