Alexis Mousset
Coming from a system administration background, Alexis switched to software engineering. He is currently lead developer on the systems side of Rudder, including networking, configuration management agents and security.
He is also part of the Rust language Secure Code working group, which promotes tooling to help writing secure code in Rust and manages the Rust ecosystem vulnerability database.
Sessions
Automation management tools focus on enforcement, pushing desired state
to systems. But we see growing needs for configuration auditing, especially for security reasons, which do not fit this workflow. It requires the ability to fetch real values and check them with a wide range of criteria.
This talk presents a tool designed specifically for configuration files auditing. It is based on Augeas, leveraging its powerful parsing capabilities and lens-based architecture, and extends it with dedicated auditing keywords, such as regex matching, numerical comparisons, allowed-value lists, and more. Output is designed to provide useful context, using compiler-like messages, diffs outputs, etc. The tool stays capable of doing remediation.
We' will demonstrate configuration files checks in the context of several security benchmarks, showing how this approach bridges the gap dedicated audit scripts and automation tooling.