In view of increasing cyber risks, Linux infrastructure operators are thinking a lot about how they can protect their infrastructure even better against threats such as ransomware. At the same time, those responsible must increasingly prove that they have their risk management under control and adhere to all prescribed security and compliance requirements. In this presentation, Gabriel Ferraz Stein will show you how SUSE can help you with both challenges.
SUSE has always placed great emphasis on security in the development of its products. For example, Linux Enterprise Server (SLES) is the only general purpose operating system today to be certified according to Common Criteria EAL 4+. This certification confirms that not only the product but also the entire supply chain meets the highest security requirements for mission-critical infrastructures. Furthermore, customers can also rely on the independently evaluated security when using SLE Micro and SLE BCI. Since all SUSE operating system products are built on a common code base, they are also protected by the same standards and certifications ("Certify once, use many").
But how can IT departments assess the security and compliance status of their Linux infrastructure themselves-even if they use Linux distributions from different vendors? With SUSE Manager and OpenSCAP, they have the ability to check the security of any Linux system and perform regular audit scans in their environment.
SCAP stands for Security Content Automation Protocol. It is a framework of specifications that support automated configuration, vulnerability analysis and compliance assessment of enterprise IT systems. OpenSCAP is a collection of open source tools that implement the SCAP framework for Linux. It converts the SCAP Security Guide security policies into a machine-readable format that can then be used by OpenSCAP and other tools.
SUSE Manager uses the capabilities of OpenSCAP, for example, to determine the patch status of Linux systems and to check the correct configuration of security settings. Potential threats and compliance violations can also be detected during the regular audit scans.
In this presentation, Gabriel Ferraz Stein will give you an overview of how to automate the monitoring of the security and compliance of your Linux environment with SUSE Manager and OpenSCAP-and thus create the conditions for a reliable and legally compliant deployment of your sensitive workloads.
Learn, among other things:
- how to prepare your Linux systems for a SCAP scan,
- how to define the rules for your tests in SCAP content files,
- how to distribute the content files to the different Linux systems in your environment,
- how to schedule and start audit scans with SUSE Manager,
- how to view and evaluate the results of the scans with SUSE Manager,
- how to use Bash scripts and Ansible playbooks to fix found vulnerabilities and harden your systems.