Config Management Camp 2024 Ghent

Hardening systems: from a benchmark guide to meaningful compliance
2024-02-06, 14:00–14:50, B.2.015

New standards are constantly appearing and must be applied to a larger number of systems. Sometimes with very little time available from the law to the actual enforcement.
Applying standards on a clean state is in itself a difficult task. But when it’s on existing infrastructures, it gets very complex with potentially a lot of divergences to identify and exceptions to be made.
There are plenty of existing solutions. But they are often either one-size-fits-all, or they can audit but not remediate, or they cannot be consolidated over all the IT.
In this talk, I will present how we implemented a CIS Server benchmarks on an existing infrastructure using Rudder. It starts from the reference Excel Benchmarks from CIS to finish by the implementation of every control point, with default values and mixed audit and remediation mode. It concludes by showing how having a graphical interface makes the reporting to relevant stakeholders helpful.
This implementation involves a lot of YAML, some KCL to generate even more YAML, and unfortunately some bash scripts…

With a technical background, Nicolas is Head of Customer Services at Rudder. He helps users in their deployments and uses of Rudder, both from an organizational and technical point of view.

In his spare time, Nicolas is a father of 3 young kids, and loves Eurovision