<The CFEngine Blog
Show posts tagged:
monthly-module-monday

Explore posts by tags

Configure which hosts can participate in CFEngine infrastructure management

Two modules are available for this task: allow-all-hosts and allow-hosts. The first module, allow-all-hosts, configures the most open situation which is to accept hosts from anywhere. This is only recommended in network restricted environments such as a local machine’s virtual machine network or other such closed down situations. The second module, allow-hosts, uses cfbs module input to let you decide which hosts (specified by IP addresses and subnets) are allowed to connect to your hub, authenticate, fetch policy, etc. This is by far the more common scenario.

Read more
Posted by Craig Comstock
May 6, 2024

Inventory and remediate Red Hat Enterprise Linux with Security Technical Implementation Guides (STIGs)

Security Technical Implementation Guides (STIGs) are an excellent body of knowledge to leverage in securing your infrastructure. With the stig-rhel-7 module you can easily add inventory and remediation policy for RHEL 7 with CFEngine. Do note that as of March 2024 this module does not provide comprehensive coverage but rather an initial 10 findings are implemented. Setup To start I installed CFEngine Enterprise on a local virtual machine, logged in and started a new Build project with the stig-rhel-7 module added and configured to enforce (as opposed to only warn).

Read more
Posted by Craig Comstock
April 1, 2024

Try CFEngine Enterprise for free

Sign up for CFEngine Enterprise and connect up to 25 hosts for free. No credit card required. Get started in minutes.

Try enterprise for free