Example application providing guidelines for using the Cryptography Device Library framework.
Showcase DPDK cryptodev framework performance with a real world use case scenario.
Author: Georgi Tkachuk
Example application providing guidelines for using the Cryptography Device Library framework.
Showcase DPDK cryptodev framework performance with a real world use case scenario.
Author: Georgi Tkachuk
Unikernel – an executable image that can run natively on a hypervisor without the need for a separate operating system – are rapidly gaining momentum. To integrate unikernels into the echo-system, cloud-computing platforms as a service are required to provide unikernels with the same services they provide for constrainers. Here we present Unik, a open source (goo.gl/iEesqK) orchestration system for unikernels. Unik handles the compilation of libraries and applications for running on verity of cloud providers, manages their scheduling, and ensures their health. To provide the user with a seamless PaaS experience, Unik is integrated as a backend to Docker, Kubernetes & Cloud Foundry runtime.
Session at ContainerDay Security 2023 on the 8th of March in Hamburg.
Hardening and securing Kubernetes requires expertise and experience. The talk takes an overview of how we contributed to Kubespray enabling cluster hardening, talking about features that have been introduced, the tools that we used to verify the cluster hardenization and our experience with the open-source community.
Introduction to Ironic, OpenStack Bare Metal and a highlight of features such as multi-tenancy, auto-discovery, Redfish and network information extraction with LLDP
The Network File System (NFS) Version 4 is a distributed file system similar to previous versions of NFS in its straightforward design, simplified error recovery, and independence of transport protocols and operating systems for file access in a heterogeneous network.
NFS, was developed by Sun Microsystems to provide distributed transparent file access in a heterogeneous network. It achieves this by being relatively simple in design and not relying too heavily on any particular file system model.
This presentation is based on the paper of “The NFS Version 4 Protocol” written by Brian Pawlowski, Spencer Shepler, Carl Beame, Brent Callaghan, Michael Eisler, David Noveck, David Robinson and Robert Thurlow.
Securing Infrastructure with OpenScap The Automation Way !!Jaskaran Narula
Security Content Automation Protocol (SCAP) which is a collection of standards managed by National Institute of Standards and Technology (NIST). It was created to provide a standardized approach to maintaining the Security of enterprise system, such as automatically Verifying the presence of patched, checking system security configuration settings, and examining systems for signs of compromise. Along with this Audience will also have a good view of Foreman, how openscap can be integrated with foreman and become more useful and efficient to use.
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
Get these visually appealing Kubernetes Concepts And Architecture PowerPoint Presentation Slides to discuss the process of operating containerized applications. You can display the need for containers by the company with the help of an open-source architecture PPT slideshow. The architecture of containers can be demonstrated with the help of a visually appealing PPT slideshow. The reasons for opting for Kubernetes by an organization can be explained to your teammates with the help of containers PowerPoint infographics. Highlight the roadmap for installing Kubernetes in the organization by using content-ready PPT slides. Take the assistance of visually appealing PPT templates to depict the major advantages of Kubernetes such as improving productivity, the stability of application run, and many more. After that, display 30 60 90 days plan to implement Kubernetes in the organization. Display the key components of Kubernetes with the help of a diagram using this professionally designed cluster architecture PPT layouts. Describe the functionality of each components of Kubernetes. Hence, download Kubernetes architecture PPT slides to easily and efficiently manage the clusters. https://bit.ly/34DWa7x
Ansible is simple open source IT engine which automates application deployment,intra service orchestration,cloud provisioning and many other IT tools.we will discuss what is ansible ,its feature ,architecture,writing ansible playbook,ansible role and ansible vs chef.
We've added the presentation used by John Walter, Solution Architect for Red Hat's Training and Certification team, from our Accelerating with Ansible webinar. He discussed the emergence of radically simple Ansible automation and answered questions from attendees. Learn how Ansible automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs. Also learn how Ansible is designed for multi-tier deployments from day one and how Ansible models your IT infrastructure by describing how all your systems inter-relate, rather than just managing one system at a time.
Seven Habits of Highly Effective Jenkins Users (2014 edition!)Andrew Bayer
What plugins, tools and behaviors can help you get the most out of your Jenkins setup without all of the pain? We'll find out as we go over a set of Jenkins power tools, habits and best practices that will help with any Jenkins setup.
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
- Show you how GoBGP can be used as a software router in conjunction with quagga
- (Tutorial) Walk through the setup of IXP connecting router using GoBGP
Unikernel – an executable image that can run natively on a hypervisor without the need for a separate operating system – are rapidly gaining momentum. To integrate unikernels into the echo-system, cloud-computing platforms as a service are required to provide unikernels with the same services they provide for constrainers. Here we present Unik, a open source (goo.gl/iEesqK) orchestration system for unikernels. Unik handles the compilation of libraries and applications for running on verity of cloud providers, manages their scheduling, and ensures their health. To provide the user with a seamless PaaS experience, Unik is integrated as a backend to Docker, Kubernetes & Cloud Foundry runtime.
Session at ContainerDay Security 2023 on the 8th of March in Hamburg.
Hardening and securing Kubernetes requires expertise and experience. The talk takes an overview of how we contributed to Kubespray enabling cluster hardening, talking about features that have been introduced, the tools that we used to verify the cluster hardenization and our experience with the open-source community.
Introduction to Ironic, OpenStack Bare Metal and a highlight of features such as multi-tenancy, auto-discovery, Redfish and network information extraction with LLDP
The Network File System (NFS) Version 4 is a distributed file system similar to previous versions of NFS in its straightforward design, simplified error recovery, and independence of transport protocols and operating systems for file access in a heterogeneous network.
NFS, was developed by Sun Microsystems to provide distributed transparent file access in a heterogeneous network. It achieves this by being relatively simple in design and not relying too heavily on any particular file system model.
This presentation is based on the paper of “The NFS Version 4 Protocol” written by Brian Pawlowski, Spencer Shepler, Carl Beame, Brent Callaghan, Michael Eisler, David Noveck, David Robinson and Robert Thurlow.
Securing Infrastructure with OpenScap The Automation Way !!Jaskaran Narula
Security Content Automation Protocol (SCAP) which is a collection of standards managed by National Institute of Standards and Technology (NIST). It was created to provide a standardized approach to maintaining the Security of enterprise system, such as automatically Verifying the presence of patched, checking system security configuration settings, and examining systems for signs of compromise. Along with this Audience will also have a good view of Foreman, how openscap can be integrated with foreman and become more useful and efficient to use.
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
Get these visually appealing Kubernetes Concepts And Architecture PowerPoint Presentation Slides to discuss the process of operating containerized applications. You can display the need for containers by the company with the help of an open-source architecture PPT slideshow. The architecture of containers can be demonstrated with the help of a visually appealing PPT slideshow. The reasons for opting for Kubernetes by an organization can be explained to your teammates with the help of containers PowerPoint infographics. Highlight the roadmap for installing Kubernetes in the organization by using content-ready PPT slides. Take the assistance of visually appealing PPT templates to depict the major advantages of Kubernetes such as improving productivity, the stability of application run, and many more. After that, display 30 60 90 days plan to implement Kubernetes in the organization. Display the key components of Kubernetes with the help of a diagram using this professionally designed cluster architecture PPT layouts. Describe the functionality of each components of Kubernetes. Hence, download Kubernetes architecture PPT slides to easily and efficiently manage the clusters. https://bit.ly/34DWa7x
Ansible is simple open source IT engine which automates application deployment,intra service orchestration,cloud provisioning and many other IT tools.we will discuss what is ansible ,its feature ,architecture,writing ansible playbook,ansible role and ansible vs chef.
We've added the presentation used by John Walter, Solution Architect for Red Hat's Training and Certification team, from our Accelerating with Ansible webinar. He discussed the emergence of radically simple Ansible automation and answered questions from attendees. Learn how Ansible automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs. Also learn how Ansible is designed for multi-tier deployments from day one and how Ansible models your IT infrastructure by describing how all your systems inter-relate, rather than just managing one system at a time.
Seven Habits of Highly Effective Jenkins Users (2014 edition!)Andrew Bayer
What plugins, tools and behaviors can help you get the most out of your Jenkins setup without all of the pain? We'll find out as we go over a set of Jenkins power tools, habits and best practices that will help with any Jenkins setup.
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
- Show you how GoBGP can be used as a software router in conjunction with quagga
- (Tutorial) Walk through the setup of IXP connecting router using GoBGP
Docker - Demo on PHP Application deployment Arun prasath
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
In this demo, I will show how to build a Apache image from a Dockerfile and deploy a PHP application which is present in an external folder using custom configuration files.
The Future of Security and Productivity in Our Newly Remote WorldDevOps.com
Andy has made mistakes. He's seen even more. And in this talk he details the best and the worst of the container and Kubernetes security problems he's experienced, exploited, and remediated.
This talk details low level exploitable issues with container and Kubernetes deployments. We focus on lessons learned, and show attendees how to ensure that they do not fall victim to avoidable attacks.
See how to bypass security controls and exploit insecure defaults in this technical appraisal of the container and cluster security landscape.
Apresentação do meetup "[JOI] TOTVS Developers Joinville - Java #1" que ocorreu dia 07/08/2019.
** Novidades Java, GraalVM e Quarkus
** Do zero à nuvem com Java e Kubernetes
OSDC 2017 | Do you trust your containers? by Erez FreibergerNETWAYS
ManageIQ is an open source management platform for Hybrid IT. It can manage small and large environments and supports multiple technologies such as virtual machines, public clouds and containers.
Openshift is Red Hat's Paas container solution, managed by a dedicated provider in ManageIQ. It provides inventory reports, metrics collection and visualization, logs, usage reports, cluster deployment operations and security scanning for container images.
As container images may come from various sources, there's a growing need of an analyzing tool. With ManageIQ one is given the option to scan the images and report security vulnerabilities. We will scan Openshift container images using ManageIQ and study the reports generated by OpenSCAP and Smartstate Analysis. We will talk about the image-inspector tool that is used to inspect the images, how it integrates with Openshift as a container and how ManageIQ is connecting to it through Openshift.
Webinar: Creating an Effective Docker Build Pipeline for Java AppsCodefresh
It's easy to make mistakes when Dockerizing your Java applications. In this webinar, Alexei Ledenev (Cheif Researcher at Codefresh) shared his experience on how to craft the perfect Java-Docker build flow. He explained best practices and common pitfalls, then demonstrated how to create a build pipeline that consistently produces small, efficient, and secure Docker images. View the webinar recording and summary here- https://codefresh.io/blog/webinar-creating-efficient-docker-build-pipeline-java-apps/
What is the Secure Supply Chain and the Current State of the PHP Ecosystemsparkfabrik
In this talk I’ll present the current state of the software supply chain, the big global recent events (SolarWinds, log4shell, codecov, packagist) and the state of the PHP and Drupal ecosystem, the threats and the mitigations that can be applied using tools like Sigstore, Syft, and Grype for digital signatures, SBOM generation, and automatic vulnerability scanning and how to use them for real-world projects to gain unprecedented levels of knowledge of your digital artifacts.
There will be also a demo of the mentioned tools in action to implement a secure supply chain pipeline for your Drupal projects.
With the following report I show how to host and execute a deep learning project on a cloud. The cloud is hosted by google Colab and enables working and testing in teams. Lazarus and FreePascal is also being built in colab and the deep learning network is compiled and trained too in a Jupyter notebook with Python scripts.
Linux Containers and Docker SHARE.ORG Seattle 2015Filipe Miranda
This slide deck shows us an introduction to Linux Containers (LXC) and Docker for Linux on IBM z Systems.
One example of a commercial use of Linux Containers (and Docker) is Red Hat Openshift, which is is also covered at the end.
Oracle Open World 2014 presentation [CON8127] on Maximizing Oracle RAC Uptime. This presentation discusses tools integrated into the Oracle RAC Stack and shows which tools to use in the various stages of the system's lifecycle to ensure smooth operation.
This document shows how to deploy Quay 3.3 HA on RHV according to the official Red Hat doc. It shares more practical command lines to achieve the goal. Even though you are using other platform, the ansible script works fine.
Note that this document is NOT the official one that Red Hat provided so it is not supported.
Today we will take a look at OCP4 UPI Installation on KVM.
Basically, I used this official doc from Red Hat. Especially bare metal part. So although I use KVM, it is almost the same as bare metal.
To use UPI method, we need to setup a lot of stuff such as dns,network,load balancer, matchbox and so on. You can config them all maually but tn order to explain this topic properly, I've developed ansible and terraform script. From this video, I will explain pre-requisites and how you should config it by manual or by automation.
ISTIO is one of big trends these days. Red Hat will support Service Mesh from OpenShift 4.0. This presentation contains interactive demo using chat application.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
2. Agenda
What is SCAP?
What is OpenSCAP?
Give a try - Demo
What is atomic command?
OpenSCAP in Red Hat Products (TBD)
- Satellite 6.x
- CloudForms 4.x
3. Goal
This presentation is for who look for a good asset that do security scanning.
Especially, OpenShift Container Platform engineer have being asked about docker
image security. Here, I would like to focus on explaining how to use OpenSCAP.
The security components such as XCCDF, OVAL are not the main topics so it
doesn’t give a detailed account.
4. What is SCAP?
Security Content Automation Protocol
The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable the automated vulnerability
management, measurement, and policy compliance evaluation of systems deployed in an organization, including e.g., FISMA
compliance. The National Vulnerability Database (NVD) is the U.S. government content repository for SCAP.
- en.wikipedia.org -
Nice video : http://goo.gl/GBaiIW
5. SCAP components
● XCCDF: The Extensible Configuration Checklist Description Format
● OVAL®: Open Vulnerability and Assessment Language
● Asset Identification
● ARF: Asset Reporting Format
● CCE™: Common Configuration Enumeration
● CPE™: Common Platform Enumeration
● CVE®: Common Vulnerabilities and Exposures
● CVSS: Common Vulnerability Scoring System
6. What is OpenSCAP?
Open Source Security Compliance Solution.
The oscap program is a command line tool that allows users to load, scan, validate, edit, and export SCAP documents.
● Homepage of the project: www.open-scap.org
● Manual: Oscap User Manual
● For new contributors: How to contribute
OpenSCAP is implementation to use SCAP components
7. Why OpenSCAP is needed?
Security compliance
In the ever-changing world of computer security where new vulnerabilities are being discovered and
patched every day, enforcing security compliance must be a continuous process. The OpenSCAP
ecosystem provides tools and customizable policies for a quick, cost-effective and flexible
implementation
Vulnerability assessment
A timely inspection of software inventory that identifies such vulnerabilities is a must for any
organization in the 21st century, and the OpenSCAP project provides tools for automated vulnerability
checking, allowing you to take steps to prevent attacks before they happen.
8. Why OpenSCAP is a good choice?
OpenSCAP has received a NIST certification for its support of SCAP 1.2.
Red Hat sponsor OpenSCAP
Red Hat support OpenSCAP with RHEL Subscription
Red Hat Enterprise Linux operating system 7 contains OpenSCAP packages
OpenSCAP start to support docker image/container*
Red Hat integrated OpenSCAP with Red Hat Products ( Satellite 6.2 / CloudForms 4.1 )**
* it can scan only RHEL based docker images/containers
** it is officially supported from Satellite 6.2 / CloudForms 4.1
9. OpenSCAP umbrella projects
OpenSCAP Base
- provide oscap command
OpenSCAP Daemon
- evaluate by schedule
SCAP Workbench
- graphical utility
SCAPTimony
- compliance of your infrastructure.
OSCAP Anaconda Add-on
- an add-on for installer used by Fedora and Red Hat Enterprise Linux 7.
SCAP Security Guide
- OpenSCAP content primarily for Red Hat Enterprise Linux
10. Give a try - Demo
Image / Conatiner
SCAP component / CVE
11. Give a try - Demo - image xccdf
# sudo yum install openscap -y
# docker pull docker.io/rhel7
## Evaluate image with xccdf
# oscap-docker image docker.io/rhel7 xccdf eval --report result.html --profile standard
/usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml
12. Result report is created but some error messages..
[root@localhost]/home/jooho/test# oscap-docker image docker.io/rhel7 xccdf eval --report result.html
--profile standard /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml
WARNING: Skipping http://www.redhat.com/security/data/oval/Red_Hat_Enterprise_Linux_7.xml file
which is referenced from XCCDF content
Command: oscap xccdf eval --report result.html --profile standard
/usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml failed!
Error was:
Command '['oscap', 'xccdf', 'eval', '--report', 'result.html', '--profile', 'standard',
'/usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml']' returned non-zero exit status 2
15. Give a try - Demo - Container xccdf
#docker run -it docker.io/rhel7 /bin/bash
CTRL+ P+Q
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4c0e74dc5094 docker.io/rhel7 "bin/bash" 55 seconds ago Up 54 seconds amazing_mirzakhani
# oscap-docker container 4c0e74dc5094 xccdf eval --report result.html --profile
standard /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml
16. Result report is created but some error messages..
[root@localhost]/home/jooho/test# oscap-docker container 4c0 xccdf eval --report result.html --profile
standard /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml
WARNING: Skipping http://www.redhat.com/security/data/oval/Red_Hat_Enterprise_Linux_7.xml file
which is referenced from XCCDF content
Command: oscap xccdf eval --report result.html --profile standard
/usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml failed!
Error was:
Command '['oscap', 'xccdf', 'eval', '--report', 'result.html', '--profile', 'standard',
'/usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml']' returned non-zero exit status 2
17. Give a try - Demo - Container CVE
#docker run -it docker.io/rhel7 /bin/bash
CTRL+ P+Q
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4c0e74dc5094 docker.io/rhel7 "bin/bash" 55 seconds ago Up 54 seconds amazing_mirzakhani
# oscap-docker container-cve 4c0e74dc5094 --report result.html
21. What is atomic command?
The goal of Atomic is to provide a high level, coherent entrypoint to the system,
and fill in gaps in Linux container implementations.
There are several command : atomic run/install/uninstall/scan
Here, we will use atomic scan to scan security for docker
images/containers.
22. atomic scan docker images/container
It uses SPC(Super Privileged Container) using dbus
call from atomic command.
However, atomic tool would be able to mount up read
only rootfs from the host’s file system.
These mounted file systems could then be passed
onto the scanning container, along with a writeable
directory for the scanner to place its output.
http://developers.redhat.com/blog/2016/05/02/introducing-atomic-scan-container-vulnerability-detection/
24. Generated result json file on host successfully.
[root@localhost]/home/jooho/test# atomic scan docker.io/rhel7
docker run -it --rm -v /etc/localtime:/etc/localtime -v /run/atomic/2016-08-24-15-18-26-150045:/scanin -v
/var/lib/atomic/openscap/2016-08-24-15-18-26-150045:/scanout:rw,Z -v /etc/oscapd:/etc/oscapd:ro rhel7/openscap
oscapd-evaluate scan --no-standard-compliance --targets chroots-in-dir:///scanin --output /scanout
Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use
`--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.
docker.io/rhel7 (6f7a31562d1ec72)
docker.io/rhel7 passed the scan
Files associated with this scan are in /var/lib/atomic/openscap/2016-08-24-15-18-26-150045.
26. OpenSCAP in Red Hat Products (need more test)
Satellite 6.2
- Evaluate host
CloudForms 4.2
- Evaluate images
27. Pros and cons
● Pros
○ OpenSCAP has received a NIST certification for its support of SCAP 1.2.
○ Red Hat sponsor OpenSCAP
○ Red Hat support OpenSCAP with RHEL Subscription
● Cons
○ Can evaluate RHEL based image only