Ansible and MindPoint Group Deliver Automation for Government STIG Compliance
Ansible has teamed with security consultancy MindPoint Group to develop, release, and support a set of Ansible Roles that will save IT organizations considerable amounts of time when applying and maintaining security baselines such as the DISA STIG or CIS benchmark to IT environments.
Why MindPoint Group? That answer is simple. MindPoint Group has a singular focus which has led to an excellent reputation for delivering end-to-end security solutions to commercial and government clients alike. This focus, coupled with their love of Ansible, made MindPoint Group a natural choice for partnering on the development of free-and-open security baseline roles and playbooks.
The best part? This relationship is already helping Ansible users.
The first Role is for the DISA STIG on RHEL 6 (and variant systems) and is now available in Ansible Galaxy. This Role enables customers to automate the application and management of STIG-compliant systems in their environments, all the while leveraging Ansible’s agentless management framework. When applied using Ansible, the RHEL 6 STIG Role automates a significant amount of the manual and redundant scripting and remediation that IT organizations often rely on to ensure they meet the STIG OS requirements.
Releasing this important Role is just the beginning. Continue reading
Five Essential OpenSSL Troubleshooting Commands
Troubleshooting SSL certificates and connections? Here are five handy openssl commands that every network engineer should be able to use. Bookmark this – you never know when it will come in handy!
1. Check the Connection
openssl s_client -showcerts -connect www.microsoft.com:443
This command opens an SSL connection to the specified site and displays the entire certificate chain as well. Here’s an abridged version of the sample output:
MBP$ openssl s_client -showcerts -connect www.microsoft.com:443
CONNECTED(00000003)
depth=2 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006
VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public
Primary Certification Authority - G5
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=
Washington/businessCategory=Private Organization/
serialNumber=600413485/C=US/postalCode=98052/ST=Washington/
L=Redmond/street=1 Microsoft Way/O=Microsoft Corporation/
OU=MSCOM/CN=www.microsoft.com
i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/
CN=Symantec Class 3 EV SSL CA - G3
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/
CN=Symantec Class 3 EV SSL CA - G3
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006
VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3
Public Primary Certification Authority - G5
-----BEGIN CERTIFICATE-----
[...]
Continue readingWhat’s in my toolbag – Update 3 – Airconsole
Continuing on with the “What’s in my toolbag” series ( Original Post – Update 1 – Update 2 ) this week we will discuss a handy tool called Airconsole from Get Console. There are 3 models of the Airconsole 2.0 – Standard, Pro, and XL. The Standard and Pro (this is the one I own) are […]
The post What’s in my toolbag – Update 3 – Airconsole appeared first on Fryguy's Blog.
Act!
Part 1: Getting Inside the Loop
Part 2: Orientation
Part 3: Decide!
Once you’ve observed, oriented, and decided, it’s time to act. This might seem like a minor concept, but it’s actually really, really hard to act in a lot of situations. There are two elements here — the first is our willing suspension of belief, and the second is the doubt storm. Let’s talk about these two.
The willing suspension of belief. To find an example here, I’m going to fall back on my training in self defense. When you first find yourself in any situation that is “bad,” your first line of thought is going to be “this isn’t really happening,” or “why would this person want to hurt me?” In the same way, when your network is failing or under attack, the easiest thing in the world is to disregard the loop, roll over, and go back to sleep. Why would anyone attack my network? Why would this bug be hitting my control plane? Like Scrooge faced with a ghost, we say, “there’s more gravy than grave about you.” And this is a grave mistake. There’s a reason you’ve gone through all the trouble of Continue reading