Deployment of Security Policies & Reports

cherryven2015cherryven2015 New or Quiet Member
Hi,
Is it possible to deploy security policies to all the registered Linux servers via SUSE Manager?[Password policies, disabling root..etc]. Also is there any way to get a report on the security policies enforced on the registered systems from the SUSE Manager?

Regards,
Cherry

Comments

  • pagarciapagarcia New or Quiet Member
    Is it possible to deploy security policies to all the registered Linux servers via SUSE Manager?[Password policies, disabling root..etc].

    Yes, you can do that with configuration channels and Salt formulas/states. Using activation keys for this

    In addition to password policies (which seems like a perfect candidate for a new formula with forms) and disabling root, what else do you have in mind?


    https://documentation.suse.com/external-tree/en-us/suma/4.0/suse-manager/reference/configuration/config-channels.html
    Also is there any way to get a report on the security policies enforced on the registered systems from the SUSE Manager?

    Unfortunately, not easily but this is something we are considering for the future.

    The only way to discover this is go to the highstate tab and search. There you can see where the state is coming from, eg:

    install_mlocate:
    env: base
    sls: manager_org_1.add_mbl_ssh_key
  • strahil-nikolov-dxcstrahil-nikolov-dxc Established Member
    There is a CVE audit which is not validating the version of the software (like many dumb security software), but verifies which patches are fixing a CVE and then analyze the system themselves.

    Also there is OpenSCAP , which allows to audit systems based on openSCAP policies and then with salt state/formula to ensure that the machines comply to your security needs.
Sign In or Register to comment.