Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • May 29 2016 14:09
    chris-rock edited #117
  • May 29 2016 14:09
    chris-rock opened #117
  • May 29 2016 14:08

    chris-rock on kitchen-dokken

    add kitchen dokken tests add dokken kitchen.yml enable module disabled and 3 more (compare)

  • May 29 2016 14:04
    chris-rock synchronize #114
  • May 29 2016 13:40
    chris-rock edited #116
  • May 29 2016 13:40
    chris-rock opened #116
  • May 29 2016 13:40

    chris-rock on fix-114

    fix attribute namespace bump version to 2.0.0-beta (compare)

  • May 29 2016 13:11
    chris-rock commented #88
  • May 29 2016 13:10
    chris-rock commented #114
  • May 29 2016 13:06
    chris-rock closed #88
  • May 29 2016 13:06

    chris-rock on master

    PP-174 OS hardening This upstr… Merge pull request #114 from al… (compare)

  • May 29 2016 13:06
    chris-rock closed #114
  • May 29 2016 13:06
    chris-rock commented #114
  • May 29 2016 12:44
    coveralls commented #114
  • May 29 2016 12:43
    chris-rock commented #88
  • May 29 2016 12:38
    chris-rock commented #114
  • May 29 2016 12:32
    chris-rock commented #114
  • May 29 2016 12:20

    chris-rock on v1.4.1

    (compare)

  • May 29 2016 12:20

    chris-rock on v1.4.1

    (compare)

  • May 29 2016 12:18

    chris-rock on v1.4.1

    (compare)

Sebastian Gumprich
@rndmh3ro
as for the gui, @chris-rock can certainly tell you more.
COLABORATI
@COLABORATI
thanks for the info.
about the ansible roles: are you manually crafting them or are you building some kind of tool that generates them, e.g. from serverspec?
Aaron Lippold
@aaronlippold
@chris-rock is on vacation at the moment
COLABORATI
@COLABORATI
Please send him a helicopter with a messenger to transmit my question, thanks, it is important.
Sebastian Gumprich
@rndmh3ro
the roles are hand-crafted
COLABORATI
@COLABORATI
Just joking, of course! Happy Holidays!
have been thinking / researching about a generator?
Sebastian Gumprich
@rndmh3ro
not really, no. why?
COLABORATI
@COLABORATI
to avoid errors and to generate chef and ansible and puppet from one serverspec.
also just for fun and because it is interesting. but mainly to avoid manually introduced errors
and to make results more quickly available.
Sebastian Gumprich
@rndmh3ro
that sure sounds like a good idea, though that's not the scope of this project. I guess this would be hard to pull off, too
COLABORATI
@COLABORATI
just asking. keep your workflow however you like it!
Sebastian Gumprich
@rndmh3ro
thanks, we try our best! :)
COLABORATI
@COLABORATI
do you have a planned release date for the ansible roles?
Sebastian Gumprich
@rndmh3ro
you mean for debian 8 support?
COLABORATI
@COLABORATI
yes, the debian 8 part in interesting as it is out for a while now...
Sebastian Gumprich
@rndmh3ro
there's no release date, yet, sorry.
COLABORATI
@COLABORATI
but debian 8 is not really "new" - and writing a few ansible roles is not something that takes months...
so if you need help, please contact me, i am willing to dig into this, as it is interesting!
Sebastian Gumprich
@rndmh3ro
the main problem right now is, that we're changing to a new test-framework at the moment.
COLABORATI
@COLABORATI
not using serverspec anymore? which one?
Sebastian Gumprich
@rndmh3ro
Aaron Lippold
@aaronlippold
inspec is the new standard. the serverspec project is no longer maintained
COLABORATI
@COLABORATI
Hit serverspec limits or is there another reason?
ah ok.
Aaron Lippold
@aaronlippold
We have been making a lot of good expantion to inspec to support tags, refs, impact, etc.
COLABORATI
@COLABORATI
looks much better than serverspec, more mature. will test.
Aaron Lippold
@aaronlippold
Great. We are pushing toward 1.0 soon so hammer away and put in issues on github :)
Also, feel free to add any missing resources and resource tests and submit a pull.
COLABORATI
@COLABORATI
ahmm, if you need more manpower for this project, you might contact me if you like. But I will not work free for telekom of course.
Sebastian Gumprich
@rndmh3ro
inspec as well as the hardening-framework are open-source projects.
Aaron Lippold
@aaronlippold
@rndmh3ro yes it was in that vain I was saying ‘patches welcome'
COLABORATI
@COLABORATI
have a nice day, and keep on rocking!
Christoph Hartmann
@chris-rock
Hardening Framework changed its github org and url to dev-sec:
Aaron Lippold
@aaronlippold
@chris-rock good to know. Joined the room.
@chris-rock how was your time off’?
Christoph Hartmann
@chris-rock
@aaronlippold I am still on vacation :-)
Aaron Lippold
@aaronlippold
@chris-rock haha - are we every really disconnected …
Edward Mossman
@edwardmossman
Hi! Quick question - does the os-hardening cookbook support Amazon Linux at the moment?
Great stuff either way though, keep up the good work!
Aaron Lippold
@aaronlippold
Hi. It can run on any linux platform however you may have to adjust the profile to accomidate for any delta’s for Amazon Linux - file locations, names of services etc. The overall spirt / intention of the test should still be valid however. One example I can think of is the testing for selinux - Amazon Linux doesn’t support that yet...
Christoph Hartmann
@chris-rock
@edwardmossman we have not specifically tested it yet. But we have very good redhat/centos/oracle linux support. It should not be hard to add the support. Could you go ahead and provide feedback?
Edward Mossman
@edwardmossman
Ya, I'll take a look and let you guys know what I find out
Thanks!
Edward Mossman
@edwardmossman
@chris-rock @aaronlippold I took a look at dev-sec/chef-os-hardening#88 and this resolves the issue I was seeing (similar to dev-sec/chef-os-hardening#112)
It looks like you need to do some more fixes before you merge #88, but I can work around that in the meantime. Thanks!
PeeterXXL
@PeeterXXL
Hi. Is there any hope for a SaltStack support?
Christoph Hartmann
@chris-rock
@BigfootDmnt We're open for contributions. The current team is working hard to maintain the chef, puppet and ansible implementation already. I am be honest here, I assume nobody of our current team will be able to find the required time to make a SaltStack implementation happen