SlideShare a Scribd company logo
1 of 22
Download to read offline
Are we compliant?
                            Auditing Change Management Policies
                                   with Splunk and Puppet

                             http://bit.ly/puppetsplunkslides



                                      Jeff McCune
                                       jeff@puppetlabs.com




Monday, October 11, 2010                                          1
Jeff McCune

                    • Joined Puppet Labs in May, 2010
                    • Former SA at Netsmart Technologies
                    • Solaris / RedHat Web App Infrastructure
                    • Human Health Information Systems
                    • HIPPA, SAS 70 Type II Compliance

Monday, October 11, 2010                                        2
What’s this all about?

              • Audits are a fact of life
              • Systems drift
              • Puppet Master manifests change
              • The logs provide no link
              • Puppet and Git in synchrony with Splunk

Monday, October 11, 2010                                  3
Fun with Regulations
                    • Increased focus on compliance
                    • SAS 70
                    • HIPPA
                    • IPA
                    • PCI DSS
                    • etc, etc...
Monday, October 11, 2010                              4
Compliance is Easy
                           Clones




                                     Golden VM


Monday, October 11, 2010                         5
Drifting in and out of
                                Compliance
                                          Follow procedures
                                           Justify the change
                                                 Firefighting
                                                   Inevitable
                                              Constant drift



Monday, October 11, 2010                                        6
The Trouble with Time
           • Are we compliant?
            • right now?
            • last week?
            • last year?
           • Why weren’t we?
           • Why is this difficult?
Monday, October 11, 2010                    7
Advanced Management
              • We have next-generation tools
               • Puppet
               • Git
               • Subversion
               • Splunk
               • Redmine
Monday, October 11, 2010                        8
Two major issues


                    • Propagation
                    • Time


Monday, October 11, 2010                      9
Change Propagation
                                      Many
                                      Nodes




                                       a872b46
                   Larry’s commit

Monday, October 11, 2010                         10
Time




               “Why did that one thing happen that one time?”


Monday, October 11, 2010                                        11
Bridge the Gap
                           Events           Commits




Monday, October 11, 2010                              12
The Missing Link
            • puppetmasterd  -­‐-­‐config-­‐version  
                       /demo/get-­‐config-­‐version-­‐script


            • [root@puppet  ~]#  /demo/get-­‐config-­‐version  
                   ref="refs/heads/jeff"  commit="b585f7fe"

            • Jeff’s processor, --reports=logversion
                   Should ship with puppet “soon”


Monday, October 11, 2010                                          13
get-config-version
             #!  /bin/bash
             set  -­‐u
             set  -­‐e
             cd  /demo/puppet-­‐demotools
             ref="$(git  symbolic-­‐ref  HEAD)"
             if  [[  -­‐f  .git/"${ref}"  ]];  then
                     commit="$(cat  .git/${ref})"
             else
                     commit="UNKNOWN"
             fi
             echo  "ref="${ref}"  commit="${commit}""


Monday, October 11, 2010                                    14
logversion.rb
             #  Create  logversion.rb  by  copying  log.rb
             def  process
                 self.logs.each  do  |log|
                     saved_message  =  "#{log.message}"
                     log.message  <<  "  "  <<  log.version
                     Puppet::Util::Log.newmessage(log)
                      log.message  =  saved_message
                 end
             end



Monday, October 11, 2010                                      15
Untagged Events




Monday, October 11, 2010                     16
Tagged Events




Monday, October 11, 2010                   17
Who to blame?
          Blame this guy           The commit proves it




Monday, October 11, 2010                                  18
Putting it all together


                    • Demo time!



Monday, October 11, 2010                             19
Steps to Reproduce
                    •      Fork and clone puppet-­‐demotools on github

                    •      logversion.rb goes into
                           /usr/lib/ruby/site_ruby/1.8/puppet/reports

                    •      --config_version /path/to/your/script

                    •      --reports=logversion,store

                    •      Make sure syslog catches daemon.* and splunk is
                           indexing syslog

                    •      Note: syslog outputs are off with -­‐-­‐verbose


Monday, October 11, 2010                                                     20
Future Work
                    • Commit hooks into puppetmasterd
                           activation and the ticketing system
                    • Splunk URLs to redmine, trac, salesforce...
                    • Closed loop from business case to system
                           modification by puppet.




Monday, October 11, 2010                                            21
Questions?

                    • Google Moderator
                    • http://bit.ly/arewecompliant?
                    • http://bit.ly/puppetsplunkslides
                    • Twitter: 0xEFF
                    • Email: jeff@puppetlabs.com

Monday, October 11, 2010                                 22

More Related Content

Viewers also liked

Scaling Puppet Usage to a Global Organization
Scaling Puppet Usage to a Global OrganizationScaling Puppet Usage to a Global Organization
Scaling Puppet Usage to a Global OrganizationPuppet
 
The Puppet Community: Current State and Future Plans - PuppetConf 2014
The Puppet Community: Current State and Future Plans - PuppetConf 2014The Puppet Community: Current State and Future Plans - PuppetConf 2014
The Puppet Community: Current State and Future Plans - PuppetConf 2014Puppet
 
Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - Puppet...
Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - Puppet...Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - Puppet...
Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - Puppet...Puppet
 
Puppet Camp DC: Puppet for Everybody
Puppet Camp DC: Puppet for EverybodyPuppet Camp DC: Puppet for Everybody
Puppet Camp DC: Puppet for EverybodyPuppet
 
How Puppet Enables the Use of Lightweight Virtualized Containers - PuppetConf...
How Puppet Enables the Use of Lightweight Virtualized Containers - PuppetConf...How Puppet Enables the Use of Lightweight Virtualized Containers - PuppetConf...
How Puppet Enables the Use of Lightweight Virtualized Containers - PuppetConf...Puppet
 
Managing Network Security Monitoring at Large Scale with Puppet - PuppetConf ...
Managing Network Security Monitoring at Large Scale with Puppet - PuppetConf ...Managing Network Security Monitoring at Large Scale with Puppet - PuppetConf ...
Managing Network Security Monitoring at Large Scale with Puppet - PuppetConf ...Puppet
 
Running a Successful Puppet User Group - PuppetConf 2014
Running a Successful Puppet User Group - PuppetConf 2014Running a Successful Puppet User Group - PuppetConf 2014
Running a Successful Puppet User Group - PuppetConf 2014Puppet
 
Infrastructure as Software - PuppetConf 2014
Infrastructure as Software - PuppetConf 2014Infrastructure as Software - PuppetConf 2014
Infrastructure as Software - PuppetConf 2014Puppet
 
Continuous Delivery of Puppet-Based Infrastructure - PuppetConf 2014
Continuous Delivery of Puppet-Based Infrastructure - PuppetConf 2014Continuous Delivery of Puppet-Based Infrastructure - PuppetConf 2014
Continuous Delivery of Puppet-Based Infrastructure - PuppetConf 2014Puppet
 
Puppet Camp Atlanta 2014: r10k Puppet Workflow
Puppet Camp Atlanta 2014: r10k Puppet WorkflowPuppet Camp Atlanta 2014: r10k Puppet Workflow
Puppet Camp Atlanta 2014: r10k Puppet WorkflowPuppet
 
“Sensu and Sensibility” - The Story of a Journey From #monitoringsucks to #mo...
“Sensu and Sensibility” - The Story of a Journey From #monitoringsucks to #mo...“Sensu and Sensibility” - The Story of a Journey From #monitoringsucks to #mo...
“Sensu and Sensibility” - The Story of a Journey From #monitoringsucks to #mo...Puppet
 
Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014Puppet
 
R10K Workshop - PuppetConf 2014
R10K Workshop - PuppetConf 2014R10K Workshop - PuppetConf 2014
R10K Workshop - PuppetConf 2014Puppet
 
Using Docker with Puppet - PuppetConf 2014
Using Docker with Puppet - PuppetConf 2014Using Docker with Puppet - PuppetConf 2014
Using Docker with Puppet - PuppetConf 2014Puppet
 

Viewers also liked (14)

Scaling Puppet Usage to a Global Organization
Scaling Puppet Usage to a Global OrganizationScaling Puppet Usage to a Global Organization
Scaling Puppet Usage to a Global Organization
 
The Puppet Community: Current State and Future Plans - PuppetConf 2014
The Puppet Community: Current State and Future Plans - PuppetConf 2014The Puppet Community: Current State and Future Plans - PuppetConf 2014
The Puppet Community: Current State and Future Plans - PuppetConf 2014
 
Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - Puppet...
Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - Puppet...Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - Puppet...
Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - Puppet...
 
Puppet Camp DC: Puppet for Everybody
Puppet Camp DC: Puppet for EverybodyPuppet Camp DC: Puppet for Everybody
Puppet Camp DC: Puppet for Everybody
 
How Puppet Enables the Use of Lightweight Virtualized Containers - PuppetConf...
How Puppet Enables the Use of Lightweight Virtualized Containers - PuppetConf...How Puppet Enables the Use of Lightweight Virtualized Containers - PuppetConf...
How Puppet Enables the Use of Lightweight Virtualized Containers - PuppetConf...
 
Managing Network Security Monitoring at Large Scale with Puppet - PuppetConf ...
Managing Network Security Monitoring at Large Scale with Puppet - PuppetConf ...Managing Network Security Monitoring at Large Scale with Puppet - PuppetConf ...
Managing Network Security Monitoring at Large Scale with Puppet - PuppetConf ...
 
Running a Successful Puppet User Group - PuppetConf 2014
Running a Successful Puppet User Group - PuppetConf 2014Running a Successful Puppet User Group - PuppetConf 2014
Running a Successful Puppet User Group - PuppetConf 2014
 
Infrastructure as Software - PuppetConf 2014
Infrastructure as Software - PuppetConf 2014Infrastructure as Software - PuppetConf 2014
Infrastructure as Software - PuppetConf 2014
 
Continuous Delivery of Puppet-Based Infrastructure - PuppetConf 2014
Continuous Delivery of Puppet-Based Infrastructure - PuppetConf 2014Continuous Delivery of Puppet-Based Infrastructure - PuppetConf 2014
Continuous Delivery of Puppet-Based Infrastructure - PuppetConf 2014
 
Puppet Camp Atlanta 2014: r10k Puppet Workflow
Puppet Camp Atlanta 2014: r10k Puppet WorkflowPuppet Camp Atlanta 2014: r10k Puppet Workflow
Puppet Camp Atlanta 2014: r10k Puppet Workflow
 
“Sensu and Sensibility” - The Story of a Journey From #monitoringsucks to #mo...
“Sensu and Sensibility” - The Story of a Journey From #monitoringsucks to #mo...“Sensu and Sensibility” - The Story of a Journey From #monitoringsucks to #mo...
“Sensu and Sensibility” - The Story of a Journey From #monitoringsucks to #mo...
 
Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014
 
R10K Workshop - PuppetConf 2014
R10K Workshop - PuppetConf 2014R10K Workshop - PuppetConf 2014
R10K Workshop - PuppetConf 2014
 
Using Docker with Puppet - PuppetConf 2014
Using Docker with Puppet - PuppetConf 2014Using Docker with Puppet - PuppetConf 2014
Using Docker with Puppet - PuppetConf 2014
 

Similar to Jeff mc cune sf 2010

Better Quality through Scrum
Better Quality through ScrumBetter Quality through Scrum
Better Quality through ScrumDominik Jungowski
 
Puppet buero20 presentation
Puppet buero20 presentationPuppet buero20 presentation
Puppet buero20 presentationMartin Alfke
 
"How Mozilla Uses Selenium"
"How Mozilla Uses Selenium""How Mozilla Uses Selenium"
"How Mozilla Uses Selenium"Stephen Donner
 
DevSecCon Boston 2018: My rage quit journey: configuring Netflix tools by Sar...
DevSecCon Boston 2018: My rage quit journey: configuring Netflix tools by Sar...DevSecCon Boston 2018: My rage quit journey: configuring Netflix tools by Sar...
DevSecCon Boston 2018: My rage quit journey: configuring Netflix tools by Sar...DevSecCon
 
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGuillaume Laforge
 
Jenkins (war)stories
Jenkins (war)storiesJenkins (war)stories
Jenkins (war)storiesToomas Römer
 
Gerenciamento Servidores com o Spacewalk
Gerenciamento Servidores com o SpacewalkGerenciamento Servidores com o Spacewalk
Gerenciamento Servidores com o Spacewalkhdoria
 
Clouds against the Floods (RubyConfBR2011)
Clouds against the Floods (RubyConfBR2011) Clouds against the Floods (RubyConfBR2011)
Clouds against the Floods (RubyConfBR2011) Leonardo Borges
 
Ignite@DevOpsDays - Why devs need ops
Ignite@DevOpsDays - Why devs need opsIgnite@DevOpsDays - Why devs need ops
Ignite@DevOpsDays - Why devs need opsMichael Brunton-Spall
 
BDD and Cucumber at barcampGZ
BDD and Cucumber at barcampGZBDD and Cucumber at barcampGZ
BDD and Cucumber at barcampGZleondu
 
Conquistando el Servidor con Node.JS
Conquistando el Servidor con Node.JSConquistando el Servidor con Node.JS
Conquistando el Servidor con Node.JSCaridy Patino
 
Web Development With Ruby - From Simple To Complex
Web Development With Ruby - From Simple To ComplexWeb Development With Ruby - From Simple To Complex
Web Development With Ruby - From Simple To ComplexBrian Hogan
 
The Reluctant SysAdmin : 360|iDev Austin 2010
The Reluctant SysAdmin : 360|iDev Austin 2010The Reluctant SysAdmin : 360|iDev Austin 2010
The Reluctant SysAdmin : 360|iDev Austin 2010Voxilate
 

Similar to Jeff mc cune sf 2010 (20)

Railsconf 2010
Railsconf 2010Railsconf 2010
Railsconf 2010
 
Better Quality through Scrum
Better Quality through ScrumBetter Quality through Scrum
Better Quality through Scrum
 
Is these a bug
Is these a bugIs these a bug
Is these a bug
 
Puppet buero20 presentation
Puppet buero20 presentationPuppet buero20 presentation
Puppet buero20 presentation
 
Plone on RelStorage
Plone on RelStoragePlone on RelStorage
Plone on RelStorage
 
"How Mozilla Uses Selenium"
"How Mozilla Uses Selenium""How Mozilla Uses Selenium"
"How Mozilla Uses Selenium"
 
DevSecCon Boston 2018: My rage quit journey: configuring Netflix tools by Sar...
DevSecCon Boston 2018: My rage quit journey: configuring Netflix tools by Sar...DevSecCon Boston 2018: My rage quit journey: configuring Netflix tools by Sar...
DevSecCon Boston 2018: My rage quit journey: configuring Netflix tools by Sar...
 
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume LaforgeGaelyk - SpringOne2GX - 2010 - Guillaume Laforge
Gaelyk - SpringOne2GX - 2010 - Guillaume Laforge
 
Jenkins (war)stories
Jenkins (war)storiesJenkins (war)stories
Jenkins (war)stories
 
Gerenciamento Servidores com o Spacewalk
Gerenciamento Servidores com o SpacewalkGerenciamento Servidores com o Spacewalk
Gerenciamento Servidores com o Spacewalk
 
RunDeck
RunDeckRunDeck
RunDeck
 
Clouds against the Floods (RubyConfBR2011)
Clouds against the Floods (RubyConfBR2011) Clouds against the Floods (RubyConfBR2011)
Clouds against the Floods (RubyConfBR2011)
 
Ignite@DevOpsDays - Why devs need ops
Ignite@DevOpsDays - Why devs need opsIgnite@DevOpsDays - Why devs need ops
Ignite@DevOpsDays - Why devs need ops
 
BDD and Cucumber at barcampGZ
BDD and Cucumber at barcampGZBDD and Cucumber at barcampGZ
BDD and Cucumber at barcampGZ
 
Caridy patino - node-js
Caridy patino - node-jsCaridy patino - node-js
Caridy patino - node-js
 
Conquistando el Servidor con Node.JS
Conquistando el Servidor con Node.JSConquistando el Servidor con Node.JS
Conquistando el Servidor con Node.JS
 
OpenDj Fossa2011
OpenDj Fossa2011OpenDj Fossa2011
OpenDj Fossa2011
 
Life after sun solaris death - open dj - fossa2011
Life after sun solaris death - open dj - fossa2011Life after sun solaris death - open dj - fossa2011
Life after sun solaris death - open dj - fossa2011
 
Web Development With Ruby - From Simple To Complex
Web Development With Ruby - From Simple To ComplexWeb Development With Ruby - From Simple To Complex
Web Development With Ruby - From Simple To Complex
 
The Reluctant SysAdmin : 360|iDev Austin 2010
The Reluctant SysAdmin : 360|iDev Austin 2010The Reluctant SysAdmin : 360|iDev Austin 2010
The Reluctant SysAdmin : 360|iDev Austin 2010
 

More from Puppet

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyamlPuppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)Puppet
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscodePuppet
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twentiesPuppet
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codePuppet
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approachPuppet
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationPuppet
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliancePuppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowPuppet
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Puppet
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppetPuppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 
Take control of your dev ops dumping ground
Take control of your  dev ops dumping groundTake control of your  dev ops dumping ground
Take control of your dev ops dumping groundPuppet
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy SoftwarePuppet
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User GroupPuppet
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsPuppet
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyPuppet
 

More from Puppet (20)

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your  dev ops dumping groundTake control of your  dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 

Jeff mc cune sf 2010

  • 1. Are we compliant? Auditing Change Management Policies with Splunk and Puppet http://bit.ly/puppetsplunkslides Jeff McCune jeff@puppetlabs.com Monday, October 11, 2010 1
  • 2. Jeff McCune • Joined Puppet Labs in May, 2010 • Former SA at Netsmart Technologies • Solaris / RedHat Web App Infrastructure • Human Health Information Systems • HIPPA, SAS 70 Type II Compliance Monday, October 11, 2010 2
  • 3. What’s this all about? • Audits are a fact of life • Systems drift • Puppet Master manifests change • The logs provide no link • Puppet and Git in synchrony with Splunk Monday, October 11, 2010 3
  • 4. Fun with Regulations • Increased focus on compliance • SAS 70 • HIPPA • IPA • PCI DSS • etc, etc... Monday, October 11, 2010 4
  • 5. Compliance is Easy Clones Golden VM Monday, October 11, 2010 5
  • 6. Drifting in and out of Compliance Follow procedures Justify the change Firefighting Inevitable Constant drift Monday, October 11, 2010 6
  • 7. The Trouble with Time • Are we compliant? • right now? • last week? • last year? • Why weren’t we? • Why is this difficult? Monday, October 11, 2010 7
  • 8. Advanced Management • We have next-generation tools • Puppet • Git • Subversion • Splunk • Redmine Monday, October 11, 2010 8
  • 9. Two major issues • Propagation • Time Monday, October 11, 2010 9
  • 10. Change Propagation Many Nodes a872b46 Larry’s commit Monday, October 11, 2010 10
  • 11. Time “Why did that one thing happen that one time?” Monday, October 11, 2010 11
  • 12. Bridge the Gap Events Commits Monday, October 11, 2010 12
  • 13. The Missing Link • puppetmasterd  -­‐-­‐config-­‐version      /demo/get-­‐config-­‐version-­‐script • [root@puppet  ~]#  /demo/get-­‐config-­‐version   ref="refs/heads/jeff"  commit="b585f7fe" • Jeff’s processor, --reports=logversion Should ship with puppet “soon” Monday, October 11, 2010 13
  • 14. get-config-version #!  /bin/bash set  -­‐u set  -­‐e cd  /demo/puppet-­‐demotools ref="$(git  symbolic-­‐ref  HEAD)" if  [[  -­‐f  .git/"${ref}"  ]];  then        commit="$(cat  .git/${ref})" else        commit="UNKNOWN" fi echo  "ref="${ref}"  commit="${commit}"" Monday, October 11, 2010 14
  • 15. logversion.rb #  Create  logversion.rb  by  copying  log.rb def  process    self.logs.each  do  |log|        saved_message  =  "#{log.message}"        log.message  <<  "  "  <<  log.version        Puppet::Util::Log.newmessage(log)      log.message  =  saved_message    end end Monday, October 11, 2010 15
  • 18. Who to blame? Blame this guy The commit proves it Monday, October 11, 2010 18
  • 19. Putting it all together • Demo time! Monday, October 11, 2010 19
  • 20. Steps to Reproduce • Fork and clone puppet-­‐demotools on github • logversion.rb goes into /usr/lib/ruby/site_ruby/1.8/puppet/reports • --config_version /path/to/your/script • --reports=logversion,store • Make sure syslog catches daemon.* and splunk is indexing syslog • Note: syslog outputs are off with -­‐-­‐verbose Monday, October 11, 2010 20
  • 21. Future Work • Commit hooks into puppetmasterd activation and the ticketing system • Splunk URLs to redmine, trac, salesforce... • Closed loop from business case to system modification by puppet. Monday, October 11, 2010 21
  • 22. Questions? • Google Moderator • http://bit.ly/arewecompliant? • http://bit.ly/puppetsplunkslides • Twitter: 0xEFF • Email: jeff@puppetlabs.com Monday, October 11, 2010 22