DOCSLIB.ORG

Compliance Audit of Linux Environments

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Compliance Audit of Linux Environments Masaryk University Faculty}w¡¢£¤¥¦§¨ of Informatics!"#$%&'()+,-./012345<yA| Compliance Audit of Linux Environments Thesis Šimon Lukašík Brno, May 2013 Declaration Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Advisor: RNDr. Jan Kasprzak ii Acknowledgement I would hereby like to thank my advisor RNDr. Jan Kasprzak. I must also ac- knowledge the extraordinary efforts of my consultant from Red Hat Czech s.r.o, Jan Pazdziora Ph.D. for his professional help, support, and every day inspiration. Red Hat, Red Hat Enterprise Linux, JBoss, Fedora are either registered trade- marks, or trademarks of Red Hat, Inc. in the United States and other countries. Linux® is the registered trademark of Linus Torvalds in the United States and other countries. OVAL, CVE are registered trademarks and OCIL, CCE, and CPE are trademarks of The MITRE Corporation. XCCDF and SCAP are trademarks of the National Institute of Standards and Technology. Oracle® and Java® are registered trademarks of Oracle and/or its affiliates. All other trademarks are the property of their respective owners. iii Abstract SCAP is a U.S. Government standard facilitating automated compliance audit. OpenSCAP is an open source scanner which allows assessment of target system in line with SCAP standard. Spacewalk is an open source management solution for Linux systems. The main goal is to integrate OpenSCAP and Spacewalk projects enabling sys- tem administrators to audit their Linux systems in fully automated way. The coales- cence of subset of SCAP data model into Spacewalk database allows administrators to search and compare archived scan results in centralized user interface. iv Keywords Security Audit, Compliance Management, Reporting, System Assessment, Remedi- ation, System Management, Security Content Automation Protocol, Linux, Open- SCAP, Spacewalk. v Contents 1 Introduction .................................5 1.1 Related Technologies ...........................5 2 Compliance Audit ..............................7 2.1 Customization of Security Policy ....................7 2.2 Implications of Heterogeneous Environments .............8 2.3 U.S. Government Program ........................9 2.4 SCAP—Security Content Automation Protocol ............9 2.4.1 SCAP Adoption . .9 2.4.2 SCAP Components . 10 2.4.3 Document Formats . 12 2.4.4 XCCDF . 12 2.4.4.1 Short Description of XCCDF Elements . 13 2.4.5 OVAL . 14 2.4.5.1 OVAL Document Formats . 16 2.4.6 DataStreams . 17 2.4.7 Asset Reporting Format . 17 2.4.8 Forms of SCAP Security Policy . 17 2.4.9 SCAP Challenges . 18 2.4.9.1 Human and Machine Readable Format . 19 2.4.9.2 Limitation of Interoperability . 19 3 OpenSCAP .................................. 21 3.1 OpenSCAP Library ........................... 21 3.2 OpenSCAP Tool: oscap ......................... 21 3.2.1 Output of oscap xccdf eval .................. 22 3.3 SCE: Script Check Engine ........................ 23 3.3.1 Exemple of SCE Content . 24 3.4 Security Guidances Related to OpenSCAP ............... 24 3.4.1 Platform Limitations of Security Guidances . 24 3.4.2 OpenSCAP Example Content . 25 3.4.3 SCAP Security Guide . 25 3.4.4 SCE Community Content . 26 3.5 OpenSCAP Competing Projects .................... 26 3.5.1 OVALDI Project . 26 3.5.1.1 Comparison with OpenSCAP . 26 3.5.2 XCCDF Interpreter . 27 1 3.5.3 jOval Project . 27 3.5.3.1 Comparison with OpenSCAP . 28 3.5.4 Modulo Open Distributed SCAP Infrastructure Collector . 28 3.5.4.1 Comparison with OpenSCAP . 29 4 Spacewalk ................................... 30 4.1 A Short History of the Spacewalk .................... 30 4.2 Spacewalk Deployment Model ...................... 31 4.3 Spacewalk Competing Projects ..................... 31 4.4 Server Architecture ............................ 32 4.4.1 HTTP Server . 32 4.4.2 Backend Tools . 33 4.5 Database ................................. 33 4.5.1 Differences between PostgreSQL and Oracle . 34 4.6 Concept of Software Channels ...................... 34 4.7 Concept of Configuration Channel ................... 34 4.8 Remote Client Actions .......................... 35 4.8.1 Life-cycle of RHN Action . 35 4.8.2 Client Tools Supporting Remote Actions . 36 4.8.2.1 rhn_check utility . 36 4.8.2.2 RNSD Daemon . 37 4.8.2.3 OSAD Daemon . 37 5 Spacewalk and OpenSCAP Integration ................ 38 5.1 Requirements Analysis .......................... 38 5.1.1 Summary of the Functional Requirements . 38 5.1.2 Constraints Arising from Technologies Used . 39 5.1.2.1 Status of the OpenSCAP Project . 39 5.1.2.2 Spacewalk Life Cycle . 40 5.1.3 Infrastructure Deployments: Pull versus Push Approaches . 40 5.1.3.1 Pull versus Push for the Purpose of Auditing . 41 5.1.4 Content Delivery . 41 5.1.4.1 Forms of Security Policy Content . 42 5.1.4.2 Timing of Content Delivery . 42 5.1.5 Support of Older OpenSCAP Libraries . 42 5.1.6 Audit Results Processing . 42 5.2 Design ................................... 43 5.2.1 RHN Action to Facilitate Compliance Audit . 43 5.2.2 OpenSCAP library vs oscap Choice . 44 5.2.2.1 Limiting Interface Available to User . 45 5.2.3 Security Policy Distribution . 45 5.2.4 Audit Results Processing . 46 5.2.4.1 Intermediary Format for Results Reporting . 46 5.2.4.2 Choosing XCCDF over OVAL . 46 5.2.4.3 XCCDF Items For Aggregation . 47 5.2.4.4 Examplary XCCDF Résumé . 48 2 5.3 Conceptual Data Model ......................... 48 5.3.1 Definition of Existing Kernel Sorts . 49 5.3.2 Definition of New Kernel Sorts . 49 5.3.3 Definition of New Associative Sorts . 50 5.3.4 Definition of Existing HIT Attributes . 50 5.3.5 Definition of New HIT Attributes . 50 5.3.6 Entity Relationship Diagram . 50 6 Implementation ............................... 52 6.1 Client Side Changes ........................... 52 6.1.1 Plugin Interface . 52 6.1.2 Execution of the oscap Command . 53 6.1.2.1 Preprocessing of Command-Line Arguments . 53 6.1.3 XSLT for Results Processing . 53 6.2 Database Schema Changes ........................ 54 6.2.1 New Tables Definition . 55 6.2.1.1 Choosing Data Type for XCCDF Identifiers . 55 6.2.2 Database Constraints . 56 6.2.3 Indexes for Performance Porposes . 56 6.2.4 Reference Tables Content . 57 6.2.5 INSERT Anomalies . 57 6.2.6 Stored Procedures . 57 6.2.7 Schema Upgrades . 58 6.3 Backend Server Changes ......................... 59 6.3.1 Assembling Input for Clients . 59 6.3.2 Storing Scan Results from Client . 59 6.4 Web User Interface ............................ 60 6.4.1 Technologies Used . 60 6.4.1.1 How is Single Web Page Served . 61 6.4.1.2 Components of the Model . 61 6.4.2 Audit Scheduling . 62 6.4.3 Audit Reporting . 63 6.4.3.1 Scan Details Page . 63 6.4.3.2 XCCDF Diff Page . 63 6.4.3.3 Results Summary Pages . 65 6.4.3.4 Using XCCDF Diff for Simple Comparison . 66 6.5 API for Fully Automated Audits .................... 67 6.6 Full Text Search ............................. 67 6.6.1 OpenSCAP Search Dialog . 67 6.6.2 Lucene Search Post-Processing . 68 6.6.3 Indexing with Lucene and Quartz Frameworks . 69 6.7 Spacewalk Reports ............................ 69 6.7.1 OpenSCAP Reports . 69 6.8 Source Code ................................ 69 7 Conclusion .................................. 71 3 7.1 Further Work ............................... 72 A Example of XCCDF Document ..................... 81 4 Chapter 1 Introduction During the last 30 years, almost every organization moved its operations into the digital world. The computer security has became increasingly important as these entities have realized the need to protected their interests. Two major approaches can be recognized in computer security: reactive and proactive. The reactive ap- proach is involved in disaster recovery plans which mainly comprise of eliminating threat, switching to alternate systems, attack surface analysis, investigation, and re- mediation of compromised systems. Per contra, this work relates with the proactive approach which consists of any actions that reduce the risk of damage or compro- mise. To be able to mitigate consequences of possible attack, the assets at risk must be recognized prior to the attack. Importance of correct determination of possible attack targets is illustrated by great number of approaches to risk analysis. The security guidance on how the computers shall be set up to mitigate the risk for the organization is rendered on the basis of risk analysis. To properly implement the guidance, not only target computers need to be hardened but it is essential to ensure that these computers remain compliant for their whole lifetime. That can be achieved by compliance audit which repeatedly asserts that all the expected settings are in place. The major focus of this work is to accommodate compliance audit in large infras- tructure deployments using the open source software. This shall be accomplished by integration of existing open source technologies which are already adopted by en- terprises. The objective is to enable users to perform the security audit on multiple remote systems from single, centralized environment. 1.1 Related Technologies The first three chapters present the concepts, standards, and technologies relatedto this work. Major technologies used are SCAP—the compliance automation proto- col, OpenSCAP—the compliance scanner, and Spacewalk—the systems managing system. Figure 1.1 illustrates relationships between them. Dotted relationships are concern
Load more

Recommended publications
  • Quick-And-Easy Deployment of a Ceph Storage Cluster with SLES with a Look at SUSE Studio, Manager and Build Service
    Quick-and-Easy Deployment of a Ceph Storage Cluster with SLES With a look at SUSE Studio, Manager and Build Service Jan Kalcic Flavio Castelli Sales Engineer Senior Software Engineer [email protected] [email protected] Agenda Ceph Introduction System Provisioning with SLES System Provisioning with SUMa 2 Agenda Ceph Introduction SUSE Studio System Provisioning with SLES SUSE Manager System Provisioning with SUMa 3 Ceph Introduction What is Ceph • Open-source software-defined storage ‒ It delivers object, block, and file storage in one unified system • It runs on commodity hardware ‒ To provide an infinitely scalable Ceph Storage Cluster ‒ Where nodes communicate with each other to replicate and redistribute data dynamically • It is based upon RADOS ‒ Reliable, Autonomic, Distributed Object Store ‒ Self-healing, self-managing, intelligent storage nodes 5 Ceph Components Monitor Ceph Storage Cluster Object Storage Device (OSD) Ceph Metadata Server (MDS) Ceph Block Device (RBD) Ceph Object Storage (RGW) Ceph Clients Ceph Filesystem Custom implementation 6 Ceph Storage Cluster • Ceph Monitor ‒ It maintains a master copy of the cluster map (i.e. cluster members, state, changes, and overall health of the cluster) • Ceph Object Storage Device (OSD) ‒ It interacts with a logical disk (e.g. LUN) to store data (i.e. handle the read/write operations on the storage disks). • Ceph Metadata Server (MDS) ‒ It provides the Ceph Filesystem service. Purpose is to store filesystem metadata (directories, file ownership, access modes, etc) in high-availability Ceph Metadata Servers 7 Architectural Overview 8 Architectural Overview 9 Deployment Overview • All Ceph clusters require: ‒ at least one monitor ‒ at least as many OSDs as copies of an object stored on the cluster • Bootstrapping the initial monitor is the first step ‒ This also sets important criteria for the cluster, (i.e.
    [Show full text]
  • Spacewalk 2.0 for Oracle® Linux 6 Release Notes
    Spacewalk 2.0 for Oracle® Linux 6 Release Notes E51125-11 August 2017 Oracle Legal Notices Copyright © 2013, 2017, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S.
    [Show full text]
  • Installation Guide: Uyuni 2020.05
    Installation Guide Uyuni 2020.05 May 19, 2020 Table of Contents GNU Free Documentation License 1 Introduction 8 Installing Uyuni . 8 General Requirements 9 Obtain Your SUSE Customer Center Credentials . 9 Obtain the Unified Installer . 9 Supported Browsers for the SUSE Manager Web UI . 10 Partition Permissions . 10 Hardware Requirements . 11 Server Hardware Requirements . 11 Proxy Hardware Requirements . 12 Network Requirements . 13 Network Ports . 14 Public Cloud Requirements . 19 Instance Requirements. 20 Network Requirements . 20 Separate Storage Volumes. 20 Installation 22 Installing Uyuni 2020.05 Server. 22 Uyuni 2020.05 Proxy . 25 Install SUSE Manager in a Virtual Machine Environment with JeOS. 27 Virtual Machine Manager (virt-manager) Settings . 27 JeOS KVM Settings . 28 Preparing JeOS for SUSE Manager . 28 Install Uyuni Proxy from packages. 30 SLES KVM Requirements. 30 Change SLES for SUSE Manager Proxy . 31 Installing on IBM Z . 32 System Requirements . 33 Install Uyuni on IBM Z . 34 Setting Up 35 SUSE Manager Server Setup . 35 Set up Uyuni with YaST . 35 Creating the Main Administration Account . 37 Synchronizing Products from SUSE Customer Center. 38 SUSE Manager Proxy Registration . 40 SUSE Manager Proxy Setup. 44 Copy Server Certificate and Key . 44 Run configure-proxy.sh. 45 Enable PXE Boot . 46 Replace a Uyuni Proxy . 47 Web Interface Setup . 48 Web Interface Navigation . 49 Public Cloud Setup. 51 Account Credentials . 52 Setup Wizard . 53 Configure the HTTP Proxy . 53 Configure Organization Credentials. 53 Configure Products . 54 GNU Free Documentation License Copyright © 2000, 2001, 2002 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
    [Show full text]
  • Spacewalk + Fedora = 42
    Spacewalk + Fedora = 42 What is Spacewalk? A systems management platform designed to provide complete lifecycle management of the operating system and applications. ● Inventory your systems (hardware & software information) ● Install and update software on your systems ● Manage and deploy configuration files ● Collect and distribute custom software packages ● Provision (Kickstart) your systems ● Monitor your systems ● Provision/Manage virtual guests Life Cycle of a System ● Provision a new system (on hardware or virt) ● Install software/updates ● Configure software ● Continued management of system ● Re-provision for a new purpose How can I manage my custom software? ● Create custom channels ● Allows control over latest software a system can install ● Store custom software within custom channels ● Easily install/update/remove packages from web interface How can I configure my software? ● Built in configuration management ● Rank configuration channels based on priority ● Can be deployed at provisioning/registration time ● Local overrides for individual systems ● Supports multiple revisions of files/directories ● Import existing files from systems ● Diff configuration files between actual and stored revisions How can I manage these systems across my organizations? ● Completely separate content and systems ● Manage entitlements across organizations ● Restrict entitlement usage ● Upcoming features – Custom Channel Sharing between orgs – Migrate registered systems between orgs Check out the MultiOrg Best Practices Whitepaper: https://www.redhat.com/f/pdf/rhn/Multiorg-whitepaper_final.pdf
    [Show full text]
  • Spacewalk 2.4 for Oracle® Linux Concepts and Getting Started Guide
    Spacewalk 2.4 for Oracle® Linux Concepts and Getting Started Guide E71709-03 January 2017 Oracle Legal Notices Copyright © 2017, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S.
    [Show full text]
  • Ceph – Software Defined Storage Für Die Cloud
    Ceph – Software Defined Storage für die Cloud CeBIT 2016 15. März 2015 Michel Rode Linux/Unix Consultant & Trainer B1 Systems GmbH [email protected] B1 Systems GmbH - Linux/Open Source Consulting, Training, Support & Development Vorstellung B1 Systems gegründet 2004 primär Linux/Open Source-Themen national & international tätig über 70 Mitarbeiter unabhängig von Soft- und Hardware-Herstellern Leistungsangebot: Beratung & Consulting Support Entwicklung Training Betrieb Lösungen dezentrale Strukturen B1 Systems GmbH Ceph – Software Defined Storage für die Cloud 2 / 36 Schwerpunkte Virtualisierung (XEN, KVM & RHEV) Systemmanagement (Spacewalk, Red Hat Satellite, SUSE Manager) Konfigurationsmanagement (Puppet & Chef) Monitoring (Nagios & Icinga) IaaS Cloud (OpenStack & SUSE Cloud & RDO) Hochverfügbarkeit (Pacemaker) Shared Storage (GPFS, OCFS2, DRBD & CEPH) Dateiaustausch (ownCloud) Paketierung (Open Build Service) Administratoren oder Entwickler zur Unterstützung des Teams vor Ort B1 Systems GmbH Ceph – Software Defined Storage für die Cloud 3 / 36 Storage Cluster B1 Systems GmbH Ceph – Software Defined Storage für die Cloud 4 / 36 Was sind Storage Cluster? hochverfügbare Systeme verteilte Standorte skalierbar (mehr oder weniger) Problem: Häufig Vendor-Lock-In 80%+ basieren auf FC B1 Systems GmbH Ceph – Software Defined Storage für die Cloud 5 / 36 Beispiele 1/2 Dell PowerVault IBM SVC NetApp Metro Cluster NetApp Clustered Ontap ... B1 Systems GmbH Ceph – Software Defined Storage für die Cloud 6 / 36 Beispiele 2/2 AWS S3 Rackspace Files Google Cloud
    [Show full text]
  • Be Prepared for the SAP Digital Core
    White Paper Digital Be Prepared to Transform the SAP Core Infrastructure White Paper Be Prepared for the SAP Core Infrastructure Introduction What does a move to SAP HANA mean for your infrastructure? If you want to get the most from your HANA migration, pay attention to the the foundation for your SAP environment. The SAP HANA database and business applications offer a powerful path to increased efficiency and better business intelligence, but SAP’s software products are only part of the solution. Your SAP environment rests atop a core set of services and infrastructure. If you want your transition to SAP HANA to go smoothly, you’ll need to be prepared with a versatile and well-integrated infrastructure that includes operating systems, drivers, virtualization tools, orchestration and management components, plus all the rest of the software infrastructure underpinning your SAP environment. Getting Started Software-defined infrastructure The starting point for your SAP core infrastructure is Linux because Application delivery SAP HANA only runs on Linux systems. Choose an open source Lifecycle management vendor with a good reputation for SAP support but then take a closer High availability look at the surrounding landscape. Advanced data tools Automation SAP’s HANA environment is an advanced database solution that SAP affinity leverages a diverse combination of data sources and deployment technologies. You’ll need an infrastructure that supports the full If you are thinking about implementing SAP HANA, or if you are range of SAP features and leaves room for future expansion and upgrading to HANA from a legacy SAP configuration, prepare for evolution.
    [Show full text]
  • Microservices June 5Th and 6Th, 2017
    RHUG – MicroServices June 5th and 6th, 2017 1 Free download @ http://developers.redhat.com EVENT DETAILS: Date: June 11, 2017 Time: 8:30am - 1:30pm Location: Coors Field: 2001 Blake St., Denver, CO 80205 https://www.redhat.com/en/about/events/denver-culture- containers-and-accelerating- devops?sc_cid=701600000012CIoAAM Agenda ● What are Microservices? ● What are the benefits of Microservices? ● What is Microservices Architecture (Patterns to consider) – MSA? ● Enablement – Where to Start? ● Demo Microservices is about Agility/Speed Continuous Delivery, Deployment, Improvement Microservices Definition According to Wikipedia… • Communicate over a Network ● Services are small in size, messaging • Services in a Microservice architecture enabled, bounded by contexts, should be independently deployable autonomously developed, • The services are easy to replace independently deployable, • Services are organized around decentralized and built and released capabilities with automated processes • Services can be implemented using ● Naturally enforces a modular structure different programming ● Lends itself to a continuous languages, databases, hardware and delivery software development software environment, depending on process. what fits best Microservices Definition According to Martin Fowler … ● Componentization via Service ● Decentralized Governance and Data ● Organized Around Business Management Capabilities ● Infrastructure Automation ● Products not Projects ● Designed to be Evolutionary ● Services are organized around ● Design for Failure capabilities ● Smart Endpoints and Dumb Pipes Microservice Principles/Characteristics 1. Deployment Independence: updates to an individual Microservice have no negative impact to any other component of the system. Optimized for Replacement. 2. Organized around business capabilities. Products not Projects 3. API-Focused 4. Smart endpoints and dumb pipes 5. Decentralized Governance 6. Decentralized Data Management 7. Infrastructure Automation (infrastructure as code) 8.
    [Show full text]
  • Insights-Core Documentation Release 3.0.7
    insights-core Documentation Release 3.0.7 Author Mar 27, 2018 Contents 1 Red Hat Insights 3 1.1 Introduction...............................................3 1.1.1 Insights Client - Collection...................................4 1.1.2 Red Hat Insights Core - Data Analysis Engine.........................4 1.1.3 Plugin Components - Parsing and Fact Analysis........................5 1.1.3.1 Parser Plugins.....................................5 1.1.3.2 Combiner Plugins...................................5 1.1.3.3 Rule Plugins......................................5 1.1.4 Customer Interface - Analysis Results.............................5 2 Quickstart Insights Development7 2.1 Prerequisites...............................................8 2.2 Rule Development Setup.........................................8 2.3 Contributor Setup............................................8 2.4 Contributor Submissions.........................................9 2.5 Style Conventions............................................9 2.5.1 Code Style...........................................9 2.5.2 Commit Message Style..................................... 10 2.5.3 Documentation......................................... 10 2.6 Review Checklist............................................. 10 2.6.1 General (all submissions).................................... 10 2.6.2 Parsers.............................................. 11 3 Insights API 13 3.1 Input Data Formats............................................ 13 3.1.1 SoSReports........................................... 13 3.1.2
    [Show full text]
  • Automating the Enterprise with Ansible
    AUTOMATING THE ENTERPRISE WITH ANSIBLE Dustin Boyd Solutions Architect September 12, 2017 EVERY ORGANIZATION IS A DIGITAL ORGANIZATION. Today, IT is driving innovation. If you can’t deliver software fast, your organization can’t meet the mission, period. Digital organizations are essentially software. If they expect to thrive in a digital environment, they must have an improved competence in software delivery. Gartner 2015 2 COMPLEXITY KILLS PRODUCTIVITY. Complexity is the enemy of innovation, which is why today’s enterprises are looking to automation and DevOps tools and practices. DevOps can help organizations that are pushing to implement a bimodal strategy to support their digitalization efforts. Gartner 2015 3 WHEN YOU AUTOMATE, YOU ACCELERATE. Ansible loves the repetitive work your people hate. It helps smart people do smarter work. All with fewer errors and better accountability. Automation can crush complexity and it gives you the one thing you can’t get enough of… time. 4 “Ansible delivers DevOps to a broader class of enterprise users that include those inside the business units and teams where agile practices and fast provisioning of infrastructure are in demand.” JAY LYMAN, 451 RESEARCH – NOV 2013 GARTNER COOL VENDOR 2015 “Previous vendors in this [DevOps] market often require unique programming skills. Ansible’s simple language reduces the barrier to adoption and opens it up to a variety of skill sets…” 5 AUTOMATION = ACCELERATION “With Ansible Tower, we just click a button and deploy to production in 5 minutes. It used to take us 5 hours with 6 people sitting in a room, making sure we didn’t do anything wrong (and we usually still had errors).
    [Show full text]
  • Oracle® Linux Virtualization Manager Release Notes for Release 4.2.8
    Oracle® Linux Virtualization Manager Release Notes for Release 4.2.8 F15084-02 September 2019 Oracle Legal Notices Copyright © 2019, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S.
    [Show full text]
  • System Management with Spacewalk Tips for Managing Linux and Solaris
    Motivation Installation & administration Tips & tricks System management with Spacewalk Tips for managing Linux and Solaris Christian Stankowic http://www.stankowic-development.net, @stankowic_devel OpenRheinRuhr, 2014 Christian Stankowic System management with Spacewalk Motivation Installation & administration Tips & tricks whoami $ whoami Christian Stankowic VMware, UNIX, Linux administrator Messer Information Services GmbH $ apropos Spacewalk / RHN Satellite / SUSE Manager Icinga / OMD Enterprise Linux, SLES, VMware vSphere Christian Stankowic System management with Spacewalk Motivation Installation & administration Tips & tricks Agenda 1 Motivation Requirements and necessity Spacewalk variety News 2 Installation & administration Basic setup and system maintenance Errata for CentOS Solaris 3 Tips & tricks Kickstart automation Clean-up Patch reporting Christian Stankowic System management with Spacewalk Motivation Requirements and necessity Installation & administration Spacewalk variety Tips & tricks News Agenda 1 Motivation Requirements and necessity Spacewalk variety News 2 Installation & administration Basic setup and system maintenance Errata for CentOS Solaris 3 Tips & tricks Kickstart automation Clean-up Patch reporting Christian Stankowic System management with Spacewalk Motivation Requirements and necessity Installation & administration Spacewalk variety Tips & tricks News Requirements and necessity or: IT administrators tortures Normally less administrators manage many systems Often rapid projects and requests "We need 10
    [Show full text]