Securing OpenStack and Beyond with Ansible

•

7 j'aime•3,973 vues

The openstack-ansible-security role applies security hardening configurations to any system -- those running OpenStack and those that don't -- without disruption.

Voyages

Securing OpenStack clouds
and beyond with Ansible
Major Hayden
@majorhayden
Photo: Luciof (Wikipedia)

Major Hayden
Principal Architect at Rackspace
● Builds OpenStack private clouds
● OpenStack contributor since Diablo
● Fedora Linux Security Team / Server WG member
● Actually one of the few people who likes SELinux
● Owns far too many domain names

SECURITY IS HARD
(This is what people keep telling me.)
Photo: Santeri Viinamäki

WHAT MAKES SECURITY SO HARD?
Photo: Santeri Viinamäki

“Complexity is the enemy of security.
As systems get more complex,
they get less secure.”
-- Bruce Schneier
Photo: nicolletec

Complexity is here to stay.
Is security a hopeless cause?
Photo: dnizz

“Nothing prompts creativity
like poverty, a feeling of hopelessness,
and a bit of panic.”
-- Catherine Tate

We already handle
IT complexity with:
DESIGN
COLLABORATION
AUTOMATION
TESTING
Photo: victorgrigas

Why can’t we approach
security the same way?

IMAGINE A WORLD:
Where you can harden servers
without disrupting OpenStack
Photo: NASA

IMAGINE A WORLD:
Where you have the freedom
to tighten or loosen restrictions
at any time
Photo: NASA

IMAGINE A WORLD:
Where you can delight* auditors
with proof of compliance
Photo: NASA
* I’m not sure if an auditor has ever been delighted before, but we are certainly going to try.

Get one step closer to that world
with openstack-ansible-security.
https://github.com/openstack/openstack-ansible-security

openstack-ansible-security
is an Ansible role that applies
industry-standard security hardening
through automation in a flexible way.

The Defense Information Systems
Agency (DISA) releases
the Security Technical
Implementation Guide (STIG).
The Pike release will feature the RHEL 7 STIG final version!

The STIG is translated into tasks,
templates, and handlers within an
Ansible role.

The Ansible role is adjusted to avoid
disruptions to an OpenStack
environment (or other production
environments without OpenStack).
(This step also includes lots of documentation and functional tests.)

Finally, the role gets final tweaks and
translations so that it works well on
multiple distributions.
(Every distribution has its quirks, especially with security.)

Supported deployments
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
(deprecated)
CentOS 7
Red Hat Enterprise
Linux 7
X86 and PPC
Architectures
With or without
OpenStack
New or existing
systems

FEATURES:
Idempotent
Highly configurable
Zero disruptions to an existing system
Read-only audits of existing deployments
Regularly tested with and without OpenStack

OpenStack-Ansible users:
Included since Mitaka.
Enabled by default since Newton.

Linux users:
Install using ansible-galaxy.
Use standalone or with your existing playbooks.

Aren’t Linux systems secure already?
They are consistently inconsistent
Configuration drift happens over time

Why not OpenSCAP?
Difficult to tighten/loosen restrictions easily
Challenging to integrate with a system post-deployment
XML. Lots of XML.

What’s next?
Support for SUSE Leap,
Amazon Linux and ARM.
Easily parseable playbook
output for audits. (ARA?)
Photo: NASA

Join our community!
#openstack-ansible on Freenode
openstack-dev@lists.rackspace.com
https://github.com/openstack/openstack-ansible-security

Thank you!
Major Hayden
@majorhayden
Photo: Luciof (Wikipedia)

Contenu connexe

Tendances

Seven problems of Linux Containers

Kirill Kolyshkin

Lxc – next gen virtualization for cloud intro (cloudexpo)

Boden Russell

Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy

Boden Russell

Namespace, CGroup, and Union file-system are the basic building blocks of a container. Let’s have our focus on file-system. Why yet another file-system for the container? Is Conventional Linux file-systems like ext2, ext3, ext4, XFS, etc. not good enough to meet the purpose? In this blog post, I will try to answer these questions. Here we will be delving deeply into the Union File System and a few of its essential properties.

Union FileSystem - A Building Blocks Of a Container

Knoldus Inc.

Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...

Jérôme Petazzoni

OpenStack: Inside Out

Etsuji Nakai

Container Torture: Run any binary, in any container

Docker, Inc.

Linux Container Technology inside Docker with RHEL7

Etsuji Nakai

Inside Docker for Fedora20/RHEL7

Etsuji Nakai

final proposal-Xen based Hypervisor in a Box

Paramkusham Shruthi

The first release of Docker only supported AUFS, and AUFS was available (out of the box) only on Debian and Ubuntu kernel. Then Red Hat wanted Docker to run on its distros, and contributed the Device Mapper driver, and later the BTRFS driver, and recently the overlayfs driver. Jérôme presents how those drivers compare from a high-level perspective, explaining their pros and cons. Then he showed each driver in action, and look at low-level implementation details. We won't dive into the golang implementation code itself, but we will explain the concepts of each driver. This will help to better understand how they work, and give some hints when it comes to troubleshoot their behaviour.

Docker storage drivers by Jérôme Petazzoni

Docker, Inc.

Full system roll-back and systemd in SUSE Linux Enterprise 12

Gábor Nyers

Openstack Trunk Port

benceromsics

Containers are becoming increasingly popular. They have many advantages over virtual machines: they boot faster, have less performance overhead, and use less resources. However, those advantages also stem from the fact that containers share the kernel of their host, instead of abstracting an new independent environment. This sharing has significant security implications, as kernel exploits can now lead to host-wide escalations. In this presentation, we will: - Review the actual security risks, in particular for multi-tenant environments running arbitrary applications and code - Discuss how to mitigate those risks - Focus on containers as implemented by Docker and the libcontainer project, but the discussion also stands for plain containers as implemented by LXC

Docker, Linux Containers, and Security: Does It Add Up?

Jérôme Petazzoni

Namespaces in Linux

Lubomir Rintel

Docker internals

Rohit Jnagal

FIWARE Tech Summit - FIWARE Lab Cloud

FIWARE

Performance characteristics of traditional v ms vs docker containers (dockerc...

Boden Russell

Lxc- Introduction

Luís Eduardo

A brief into to Linux Containers presented to IEEE working group P2302 (InterCloud standards and portability). This deck covers: - Definitions and motivations for containers - Container technology stack - Containers vs Hypervisor VMs - Cgroups - Namespaces - Pivot root vs chroot - Linux Container image basics - Linux Container security topics - Overview of Linux Container tooling functionality - Thoughts on container portability and runtime configuration - Container tooling in the industry - Container gaps - Sample use cases for traditional VMs Overall, a bulk of this deck is covered in other material I have posted here. However there are a few new slides in this deck, most notability some thoughts on container portability and runtime config.

Linux Container Brief for IEEE WG P2302

Boden Russell

Tendances (20)

Seven problems of Linux Containers

Lxc – next gen virtualization for cloud intro (cloudexpo)

Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy

Union FileSystem - A Building Blocks Of a Container

Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...

OpenStack: Inside Out

Container Torture: Run any binary, in any container

Linux Container Technology inside Docker with RHEL7

Inside Docker for Fedora20/RHEL7

final proposal-Xen based Hypervisor in a Box

Docker storage drivers by Jérôme Petazzoni

Full system roll-back and systemd in SUSE Linux Enterprise 12

Openstack Trunk Port

Docker, Linux Containers, and Security: Does It Add Up?

Namespaces in Linux

Docker internals

FIWARE Tech Summit - FIWARE Lab Cloud

Performance characteristics of traditional v ms vs docker containers (dockerc...

Lxc- Introduction

Linux Container Brief for IEEE WG P2302

Similaire à Securing OpenStack and Beyond with Ansible

Nothing clears out a conference room faster than a discussion around information security. Securing complex computer systems, such as OpenStack clouds, is extremely difficult. To make matters worse, attackers can make many mistakes without consequences. A defender’s single mistake could lead to a breach. Don't let fear rule the discussion around security. Operators need a simple and scalable method for securing OpenStack clouds. That starts with grouping components into compartments and then looking at how those compartments interact with each other. Those interactions form the backbone of security policies and technical controls. In this vendor-neutral talk, Major Hayden, principal architect at Rackspace, will break down the complexity of securing OpenStack clouds using real-world scenarios. Attendees will learn how to: Divide OpenStack deployments into compartments Analyze the interactions between each component Develop security policies and apply technical controls

Holistic Security for OpenStack Clouds

Major Hayden

Automated Security Hardening with OpenStack-Ansible

Major Hayden

Deploying Kubernetes without scaring off your security team - KubeCon 2017

Major Hayden

Simple flexible deployments with openstack ansible

Jean-Philippe Evrard

When flexibility met simplicity: the friendship of OpenStack and Ansible

Major Hayden

LOUCA23 Yusuf Hadiwinata Linux Security BestPractice

Yusuf Hadiwinata Sutandar

如何在 Ubuntu 上更快、更便捷地部署物联网设备

Rex Tsai

Learn OpenStack from trystack.cn

OpenCity Community

Docker is two years old. While security has always been at the core of the questions revolving around Docker, the nature of those questions has changed. Last year, the main concern was "can I safely colocate containers on the same machine?" and it elicited various responses. Dan Walsh, SELinux expert, notoriously said: "containers do not contain!", and at last year's LinuxCon, Jérôme delivered a presentation detailing how to harden Docker and containers to isolate them better. Today, people have new concerns. They include image transport, vulnerability mitigation, and more. After a recap about the current state of container security, Jérôme will explain why those new questions showed up, and most importantly, how to address them and safely deploy containers in general, and Docker in particular.

$Containers, docker, and security: state of the union (Bay Area Infracoders Me...$ $Containers, docker, and security: state of the union (Bay Area Infracoders Me...$

Containers, docker, and security: state of the union (Bay Area Infracoders Me...

Jérôme Petazzoni

Openstack 101

Jason Kalai Arasu

Openstack

Samip Shah

Security workflow with ansible

devanshdubey7

According to Forrester, 53% of IT respondents say their biggest concern about containers is security. Containerization is not only prevalent in browsers (Google Chrome), desktop applications (Adobe Reader X), and mobile operating systems (Apple iOS), but is also invading the data center via Docker. Docker and other LXC-based containerization solutions provide isolation via Linux control groups (cgroups). However, containers can still be exploited and even with kernel-level isolation, critical data can be stolen. In this presentation, the FlawCheck team will exploit real-world Docker implementations and show what can be done to mitigate the risk.

Vulnerability Exploitation in Docker Container Environments

FlawCheck

In the era of Cloud Service and Internet of Things, information security has already become a transnational issue. In recent years, the large scale cyber attack via the connection of BotNet has become a thorny issue of Global information security. Taiwan is always the main target of international hackers due to the high dense of information devices and computers in campuses are always the favorite of hackers. To help tackling such an issue, the Ezilla, which is considered as a private Cloud toolkit ( integrated with OpenNebula), has been implemented by the CyberSecurity research team in the National Center for High-performance Computing (NCHC), Taiwan. Through the Ezilla which leverages OpenNebula and CyberSecuirty techniques, Cloud users can easily customize and configure a specified Cloud security training environment. It is an extremely lightweight approach helping users to access virtual computing resources. The main feature of this project is simplifying the utilization of Clouds. Our goal is to make Cloud security scientists or users painlessly to run their own CyberSecurity jobs on Cloud platforms, including Cyber Defense Exercise, Malware Knowledge Base, etc.. Based on the proposed CyberSecurity Exercise Platform, we also develop new functions which are private Cloud information security training service, Captur the Flags (CTF) competition service, and virtual networking service for enterprise.

OpenNebulaConf 2016 - The Lightweight Approach to Build Cloud CyberSecurity E...

OpenNebula Project

Inconvenience, not security

mipearson

CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...

Animesh Singh

Presentation at the OpenStack Summit in Tokyo, Japan on October 29, 2015. http://sched.co/49vI This talk will cover the pros and cons of four different OpenStack deployment mechanisms. Puppet, Chef, Ansible, and Salt for OpenStack all claim to make it much easier to configure and maintain hundreds of OpenStack deployment resources. With the advent of large-scale, highly available OpenStack deployments spread across multiple global regions, the choice of which deployment methodology to use has become more and more relevant. Beyond the initial day-one deployment, when it comes to the day-two and beyond questions of updating and upgrading existing OpenStack deployments, it becomes all the more important choose the right tool. Come join the Bluebox and IBM team to discuss the pros and cons of these approaches. We look at each of these four tools in depth, explore their design and function, and determine which scores higher than others to address your particular deployment needs. Daniel Krook - Senior Software Engineer, Cloud and Open Source Technologies, IBM Paul Czarkowski - Cloud Engineer at Blue Box, an IBM company Daniel Krook - Senior Software Engineer, Cloud and Open Source Technologies, IBM

CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...

Daniel Krook

SELinux workshop

johseg

Continuous Kernel Integration

Major Hayden

No matter if you are a lonely system administrator or the CTO of the largest carrier in the World, getting to know what’s out there is a jungle. Is VMware still the lead? I’ve heard about OpenStack, how mature is that? And what this “Ganeti” I’ve never heard of? In this presentation Giuseppe Paternò, CTO of GARL, gives a quick overview of the state-of-the-art in the IaaS and virtualization world. This is not a sales or marketing presentation: no vaporware, just pure and real experience from the field.

Comparing IaaS :VMware vs OpenStack vs Google’s Ganeti

GARL

Similaire à Securing OpenStack and Beyond with Ansible (20)

Holistic Security for OpenStack Clouds

Automated Security Hardening with OpenStack-Ansible

Deploying Kubernetes without scaring off your security team - KubeCon 2017

Simple flexible deployments with openstack ansible

When flexibility met simplicity: the friendship of OpenStack and Ansible

LOUCA23 Yusuf Hadiwinata Linux Security BestPractice

如何在 Ubuntu 上更快、更便捷地部署物联网设备

Learn OpenStack from trystack.cn

$Containers, docker, and security: state of the union (Bay Area Infracoders Me...$ $Containers, docker, and security: state of the union (Bay Area Infracoders Me...$

Containers, docker, and security: state of the union (Bay Area Infracoders Me...

Openstack 101

Openstack

Security workflow with ansible

Vulnerability Exploitation in Docker Container Environments

OpenNebulaConf 2016 - The Lightweight Approach to Build Cloud CyberSecurity E...

Inconvenience, not security

CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...

SELinux workshop

Continuous Kernel Integration

Comparing IaaS :VMware vs OpenStack vs Google’s Ganeti

Plus de Major Hayden

I was too burned out to name this talk

Major Hayden

Cookies for kernel developers

Major Hayden

Grow your community: Inspire an Impostor

Major Hayden

Flexible, simple deployments with OpenStack-Ansible

Major Hayden

Taming the Technical Talk - OWASP San Antonio

Major Hayden

OpenStack-Ansible Security

Major Hayden

Taming the Technical Talk

Major Hayden

The New Normal - Rackspace Solve 2015

Major Hayden

I delivered this presentation at the University of the Incarnate Word in San Antonio, Texas, to a group of students studying information security. They're learning plenty about the technical aspects of information security, but I wanted to talk to them about the non-technical aspects as well. This presentation is meant to be a low-tech, more social introduction on how to handle security within a large organization.

Five things I learned about information security

Major Hayden

Be an inspiration, not an impostor (Texas Linux Fest 2015)

Major Hayden

Be an inspiration, not an impostor (Fedora Flock 2015)

Major Hayden

The New Normal: Managing the constant stream of new vulnerabilities

Major Hayden

Cloud Data Security

Major Hayden

ISACA Cloud Security Presentation 2013-09-24

Major Hayden

Plus de Major Hayden (14)

I was too burned out to name this talk

Cookies for kernel developers

Grow your community: Inspire an Impostor

Flexible, simple deployments with OpenStack-Ansible

Taming the Technical Talk - OWASP San Antonio

OpenStack-Ansible Security

Taming the Technical Talk

The New Normal - Rackspace Solve 2015

Five things I learned about information security

Be an inspiration, not an impostor (Texas Linux Fest 2015)

Be an inspiration, not an impostor (Fedora Flock 2015)

The New Normal: Managing the constant stream of new vulnerabilities

Cloud Data Security

ISACA Cloud Security Presentation 2013-09-24

Dernier

Whatsapp Number Escorts Call girls 8250077686 Available 24x7 Papi kondalu Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Papi kondalu Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Papi kondalu Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget. Website: https://www.sheetalarora.com/

Papi kondalu Call Girls 8250077686 Service Offer VIP Hot Model

Deiva Sain Call Girl

Jhargram call girls 📞 8617697112 At Low Cost Cash Payment Booking ❤Personal Whatsapp Number Jhargram Call Girls 8617697112 💦✅. Look for our escort services in Jhargram today and hire as per your budget. Model Escorts Service in Jhargram. Every client is Browse the sexy female models ... It is especially important to remember than an escort is not a prostitute. There are prostitutes in Jhargram , but they are not represented on our website, or ... Escort Service 24x7 Independent Nitya salvi Call Girls Services in Jhargram, Jhargram escort provide very Hot And Sexy Model Girl ... escorts in Jhargram. There is no ... Flexibility Choices and options Lists of many beauty fantasies Turn your dream into reality Perfect companionship Cheap and convenient In-call and Out-call services And many more. WhatsApp Chat: 📞 8617697112

Jhargram call girls 📞 8617697112 At Low Cost Cash Payment Booking

Nitya salvi

Whatsapp Number Escorts Call girls 8250077686 Available 24x7 Mathura Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Mathura Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Mathura Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget. Website: https://www.sheetalarora.com/

Mathura Call Girls 8250077686 Service Offer VIP Hot Model

Deiva Sain Call Girl

WhatsApp Chat: 📞 8617697112 Independent Call Girls in Darjeeling Darjeeling escorts dream girl offer ultimate sexual fun, so you are ready for extraordinary and relax fun with call girls in darjeeling anytime 24x7 hours. Darjeeling Call Girls & 15 Photos with WhatsApp Number · High Class 100% Authentic Darjeeling Call Girls Number · Top Baraka Jhora Call Girls At Your ... You might hire the services of attractive call girls in Darjeeling. These gorgeous girls are willing to accompany you everywhere. We provide these elite call ... One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call Flexibility Choices and options Lists of many beauty fantasies Turn your dream into reality Perfect companionship Cheap and convenient In-call and Out-call services And many more. WhatsApp Chat: 📞 8617697112 Visit The Website : https://www.nityasalvi.com/

WhatsApp Chat: 📞 8617697112 Independent Call Girls in Darjeeling

Nitya salvi

VIP Mcleodganj Call Girls 📞 8617697112 ❤Personal Contact Number Mcleodganj Call Girls 8617697112💦✅. All of our exclusive Mcleodganj Escorts and Models have been selected from the most erotic, sensual and open minded ladies! We are home to the top rated escorts ... Mcleodganj Escorts agency gives you luxury escort service. Get the Celebrities Escorts in Mcleodganj at very reasonable price. Hire Mcleodganj Call Girls ... Call Girls Mcleodganj offers the best Mcleodganj Escorts Service by young and pretty Independent Call Girls in Mcleodganj, Call Girls in Mcleodganj INCall ... Flexibility Choices and options Lists of many beauty fantasies Turn your dream into reality Perfect companionship Cheap and convenient In-call and Out-call services And many more.. WhatsApp Chat: 📞 8617697112 Visit The Website : https://www.nityasalvi.com/

❤Personal Contact Number Mcleodganj Call Girls 8617697112💦✅.

Nitya salvi

Tamluk ❤CALL GIRL 8617697112 ❤CALL GIRLS IN Tamluk ESCORT SERVICE❤CALL GIRL ❤Personal Whatsapp Number Tamluk Call Girls 8617697112 💦✅. Easy & Fast Booking Procedure Of Tamluk Escorts Tamluk Escort - Call Hot Ragini (Only Cash Payment) for Instant Physical Satisfaction. Ragini Tamluk Escorts Service is a Hub of Unlimited Charming Lovely ... Nitya salviTamluk escorts service agency # Are you looking for sexy call girls ? Call our agency to get you dream independent call girl, escort Tamluk . Call Girls Agency in Tamluk offering Royal Female Escort service across the city, Tamluk Escorts brings to you the most high profile satisfied lifetime ... EXCITING OPTIONS AVAILABLE AT OUR INDEPENDENT ESCORTS Candlelight dinner Evening date Night clubs or parties Hotels or your flats Business trip Business party Stripping party Flexibility Choices and options Lists of many beauty fantasies Turn your dream into reality Perfect companionship Cheap and convenient In-call and Out-call services And many more. WhatsApp Chat: 📞 8617697112 Visit The Website : https://www.nityasalvi.com/

Tamluk ❤CALL GIRL 8617697112 ❤CALL GIRLS IN Tamluk ESCORT SERVICE❤CALL GIRL

Nitya salvi

Personal Escort's Contact Number 8250077686 (Available 24x7) Amaravati Escorts Agency ❤ 8250077686 💦✅ Offer Genuine Hot and Beautiful Escorts Call girls in Your Budget. Hire Our Cheap Rate Escorts Service call Girls in Amaravati at Affordable Price. Amaravati Escorts Call Girls Service Provide Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget. Website: https://www.sheetalarora.com/

Genuine 8250077686 Hot and Beautiful 💕 Amaravati Escorts call Girls

Deiva Sain Call Girl

Are Vatican Museum Tickets and Private Tours Worth It

vaticanguidedtour

Are you planning for a trip?, here are some of the top travel agency in Panchkula. These travel agents will offer advice on the destinations, and trip itineraries, and make travel arrangements, which might include flight booking, hotels, sightseeing tours, and dining recommendations. They will assess your unique needs, preferences, and budget to ensure your trip goes as smoothly as possible. A travel agent can save travelers time and money but a perfect and fruitful trip will be insured.

Top travel agency in panchkula - Best travel agents in panchkula

useyourbrain1122

WhatsApp Chat: 📞 8617697112 Suri Call Girls available for hotel room package Are you looking for Call Girls for Escort Service in Suri? find Suri Escorts, Call Girls & Contact Number of Escorts 8617697112, Prostitute, Hooker, Whores, ... 8617697112 Get 24x7 Independent Escorts Service in Suri Call Girls in Suri, Nitya salvi Looks So Very Beautiful And More Good-Looking Girl. Call Girls Suri Looking for call girls and escort service? Browse for high-class independent escorts and call girls in India available 24/7 for a sex ... One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call Flexibility Choices and options Lists of many beauty fantasies Turn your dream into reality Perfect companionship Cheap and convenient In-call and Out-call services And many more. WhatsApp Chat: 📞 8617697112 Visit The Website : https://www.nityasalvi.com/

WhatsApp Chat: 📞 8617697112 Suri Call Girls available for hotel room package

Nitya salvi

Personal Escort's Contact Number 8250077686 (Available 24x7) Bhavnagar Escorts Agency ❤ 8250077686 💦✅ Offer Genuine Hot and Beautiful Escorts Call girls in Your Budget. Hire Our Cheap Rate Escorts Service call Girls in Bhavnagar at Affordable Price. Bhavnagar Escorts Call Girls Service Provide Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget. Website: https://www.sheetalarora.com/

Genuine 8250077686 Hot and Beautiful 💕 Bhavnagar Escorts call Girls

Deiva Sain Call Girl

Hire 💕 8617697112 Reckong Peo Call Girls Service Call Girls Agency ❤Personal Whatsapp Number Reckong Peo Call Girls 8617697112 💦✅. View the profiles of people named Reckong Peo Call Girls. Join Facebook to connect with Reckong Peo Call Girls and others you may know. Facebook gives people the power... Gorgeous escort girls in Reckong Peo, mature escorts and hot babes in Himachal Pradesh, female escorts and travel companions to get an amazing experience in ... As we have the most excellent and sexiest escorts in our kaza escorts organization. ... Reckong Peo Escorts · solan Escorts · spiti Escorts · sundar nagar Escorts ... Flexibility Choices and options Lists of many beauty fantasies Turn your dream into reality Perfect companionship Cheap and convenient In-call and Out-call services And many more. WhatsApp Chat: 📞 8617697112 Visit The Website : https://www.nityasalvi.com/

Hire 💕 8617697112 Reckong Peo Call Girls Service Call Girls Agency

Nitya salvi

Personal Escort's Contact Number 9332606886 (Available 24x7) Pune Escorts Agency ❤ 9332606886 💦✅ Offer Genuine Hot and Beautiful Escorts Call girls in Your Budget. Hire Our Cheap Rate Escorts Service call Girls in Pune at Affordable Price. Pune Escorts Call Girls Service Provide Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget. Website: https://www.sheetalarora.com/

Genuine 9332606886 Hot and Beautiful 💕 Pune Escorts call Girls

Deiva Sain Call Girl

Hire 8617697112 Call Girls Udhampur For an Amazing Night Why Choose Us for Escort Service in Udhampur? You are welcome to come to see our escorts in Udhampur. They are just waiting for people like you. No matter why ... Choose any escort services in Udhampur easily. You can choose housewives, college girls, teenagers, air hostess, etc. Basically, Udhampur escorts are bold, open ... We are the premium and prestigious escort agency in the town. You can rely on us girls for your sexual satisfaction. Whether you know anything about escorts in ... One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call Flexibility Choices and options Lists of many beauty fantasies Turn your dream into reality Perfect companionship Cheap and convenient In-call and Out-call services And many more. WhatsApp Chat: 📞 8617697112 Visit The Website : https://www.nityasalvi.com/

Hire 8617697112 Call Girls Udhampur For an Amazing Night

Nitya salvi

Contact us: 03094429236 Best Visa Consultant in Lahore, Pakistan We provide proper visa services and consultancy for the below-mentioned countries. We have updated information about the documentation, processes, requirements and the rules of visa embassies. We are the one-stop visa agent company that will help you to get fly to your desired destination. visa consultancy provides hassle-free services to all their clients because our travel consultants have updated and legal knowledge about the laws of visa and immigrations cases of different type of visa categories. We can help you to get a temporary visa and a permanent visa for settlement that can help you to move from one country to another with proper and legal documentation. We can also help you to schedule your appointments at visa centres all across Pakistan. Most people try to apply for visa themselves and but not all get the visa stamped just because they don’t know how to put a case in front of a visa officer. We are expert in tailoring up your documents most appealingly and legally according to your skillset and circumstances. Everyone claims to be a visa consultancy expert these days but not everyone can help you, even some of the visa consultants will fail to provide the right information to you as well. The most unethical practices followed by some visa consultants are selling fake documentation, for examples financial documentation like bank statements or any other source of income and/or fake sponsorship. If these types of actions are found in the interview process that could end up in permanent illegibility for that person to get a visa for many years or a lifetime and even, he can get a ban from a long period. Please remember, that you and you alone are responsible for the exactness of the data provided in your visa application. Before you sign any visa application you should thoroughly read it and make sure that the information provided by us is true and accurate. We at sherazitours.com are fully aware of such issues and we carefully work with our clients to ensure that all the information provided in the visa application is 100% accurate and no fake and/or false information has been provided in the documentation. #visaconsultantinlahore #consultantinlahore #studyvisa consultantinlahore

Visa Consultant in Lahore || 📞03094429236

Sherazi Tours

Personal Escort's Contact Number 8250077686 (Available 24x7) Chennai Escorts Agency ❤ 8250077686 💦✅ Offer Genuine Hot and Beautiful Escorts Call girls in Your Budget. Hire Our Cheap Rate Escorts Service call Girls in Chennai at Affordable Price. Chennai Escorts Call Girls Service Provide Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget. Website: https://www.sheetalarora.com/

Genuine 8250077686 Hot and Beautiful 💕 Chennai Escorts call Girls

Deiva Sain Call Girl

Call Girl In Dwarka ☎92055#41914 ¶¶ Indian,Russian Best Quality full Educated And Full Cooperative Independent Call Girls Escort Services In New Delhi- I Have Extremely Beautiful Broad Minded Cute Sexy & Hot Call Girls and Escorts, We Are Located in 3* 4* 5* Hotels in Delhi. Safe & Secure High Class Services Affordable Rate 100% Satisfaction, Unlimited Enjoyment. Any Time for Model/Teens Escort in Delhi High class luxury and premium escorts agency Indian Russian Call Girls In Delhi Booking Good High Profile Escorts (Call Girls) In Delhi 5 Star Hotel ,Incall Service,OutCall Service, We provide services by Call Girls,College Girls,Modals Get High Profile queens,Well Educated,Good Looking,Full Cooperative Model, Russian Models,Punjabi Girls Kashmeri Girls Services etc… We Provide Hottest Female With Safe And Consensual With Most Limits Respected Complete Satisfaction Guaranteed…Service. Call Me Spacial For Including Incall//outcall Service In New Delhi Indian Russian Escorts Service,

2k Shots ≽ 9205541914 ≼ Call Girls In Tagore Garden (Delhi)

Delhi Call girls

Whatsapp Number Escorts Call girls 8250077686 Available 24x7 Bhubaneswar Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Bhubaneswar Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Bhubaneswar Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget. Website: https://www.sheetalarora.com/

Bhubaneswar Call Girls 8250077686 Service Offer VIP Hot Model

Deiva Sain Call Girl

sample sample sample sample sample sample

Casey Keith

WhatsApp Chat: 📞 8617697112 Hire Call Girls Cooch Behar For a Sensual Sex Experience Real Fun With Sexual Girl Available 24/7 Cash Payment. These days, independent call girls have high standards. You are free to engage in sexual activity ... They all are real and ready to call and meet you for serious relationships or casual flirts. If you are ready start right now join our West Bengal whatsapp ... Cooch Behar escorts offer a high profile call girls for rate 3100 rupees with free delivery to A/C room. Our services available 24x7 for your home or hotel. One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call Flexibility Choices and options Lists of many beauty fantasies Turn your dream into reality Perfect companionship Cheap and convenient In-call and Out-call services And many more. WhatsApp Chat: 📞 8617697112 Visit The Website : https://www.nityasalvi.com/

WhatsApp Chat: 📞 8617697112 Hire Call Girls Cooch Behar For a Sensual Sex Exp...

Nitya salvi

Dernier (20)

Papi kondalu Call Girls 8250077686 Service Offer VIP Hot Model

Jhargram call girls 📞 8617697112 At Low Cost Cash Payment Booking

Mathura Call Girls 8250077686 Service Offer VIP Hot Model

WhatsApp Chat: 📞 8617697112 Independent Call Girls in Darjeeling

❤Personal Contact Number Mcleodganj Call Girls 8617697112💦✅.

Tamluk ❤CALL GIRL 8617697112 ❤CALL GIRLS IN Tamluk ESCORT SERVICE❤CALL GIRL

Genuine 8250077686 Hot and Beautiful 💕 Amaravati Escorts call Girls

Are Vatican Museum Tickets and Private Tours Worth It

Top travel agency in panchkula - Best travel agents in panchkula

WhatsApp Chat: 📞 8617697112 Suri Call Girls available for hotel room package

Genuine 8250077686 Hot and Beautiful 💕 Bhavnagar Escorts call Girls

Hire 💕 8617697112 Reckong Peo Call Girls Service Call Girls Agency

Genuine 9332606886 Hot and Beautiful 💕 Pune Escorts call Girls

Hire 8617697112 Call Girls Udhampur For an Amazing Night

Visa Consultant in Lahore || 📞03094429236

Genuine 8250077686 Hot and Beautiful 💕 Chennai Escorts call Girls

2k Shots ≽ 9205541914 ≼ Call Girls In Tagore Garden (Delhi)

Bhubaneswar Call Girls 8250077686 Service Offer VIP Hot Model

sample sample sample sample sample sample

WhatsApp Chat: 📞 8617697112 Hire Call Girls Cooch Behar For a Sensual Sex Exp...

Securing OpenStack and Beyond with Ansible

1. Securing OpenStack clouds and beyond with Ansible Major Hayden @majorhayden Photo: Luciof (Wikipedia)

2. Major Hayden Principal Architect at Rackspace ● Builds OpenStack private clouds ● OpenStack contributor since Diablo ● Fedora Linux Security Team / Server WG member ● Actually one of the few people who likes SELinux ● Owns far too many domain names

3. SECURITY IS HARD (This is what people keep telling me.) Photo: Santeri Viinamäki

4. WHAT MAKES SECURITY SO HARD? Photo: Santeri Viinamäki

5. “Complexity is the enemy of security. As systems get more complex, they get less secure.” -- Bruce Schneier Photo: nicolletec

6. Complexity is here to stay. Is security a hopeless cause? Photo: dnizz

7. “Nothing prompts creativity like poverty, a feeling of hopelessness, and a bit of panic.” -- Catherine Tate

8. We already handle IT complexity with: DESIGN COLLABORATION AUTOMATION TESTING Photo: victorgrigas

9. Why can’t we approach security the same way?

10. IMAGINE A WORLD: Where you can harden servers without disrupting OpenStack Photo: NASA

11. IMAGINE A WORLD: Where you have the freedom to tighten or loosen restrictions at any time Photo: NASA

12. IMAGINE A WORLD: Where you can delight* auditors with proof of compliance Photo: NASA * I’m not sure if an auditor has ever been delighted before, but we are certainly going to try.

13. Get one step closer to that world with openstack-ansible-security. https://github.com/openstack/openstack-ansible-security

14. openstack-ansible-security is an Ansible role that applies industry-standard security hardening through automation in a flexible way.

15. Let’s break that down.

16. The Defense Information Systems Agency (DISA) releases the Security Technical Implementation Guide (STIG). The Pike release will feature the RHEL 7 STIG final version!

17. The STIG is translated into tasks, templates, and handlers within an Ansible role.

18. The Ansible role is adjusted to avoid disruptions to an OpenStack environment (or other production environments without OpenStack). (This step also includes lots of documentation and functional tests.)

19. Finally, the role gets final tweaks and translations so that it works well on multiple distributions. (Every distribution has its quirks, especially with security.)

20. Supported deployments Ubuntu 16.04 LTS Ubuntu 14.04 LTS (deprecated) CentOS 7 Red Hat Enterprise Linux 7 X86 and PPC Architectures With or without OpenStack New or existing systems

21. FEATURES: Idempotent Highly configurable Zero disruptions to an existing system Read-only audits of existing deployments Regularly tested with and without OpenStack

22. How do I get started?

23. OpenStack-Ansible users: Included since Mitaka. Enabled by default since Newton.

24. Linux users: Install using ansible-galaxy. Use standalone or with your existing playbooks.

25. Aren’t Linux systems secure already? They are consistently inconsistent Configuration drift happens over time

26. Why not OpenSCAP? Difficult to tighten/loosen restrictions easily Challenging to integrate with a system post-deployment XML. Lots of XML.

27. What’s next? Support for SUSE Leap, Amazon Linux and ARM. Easily parseable playbook output for audits. (ARA?) Photo: NASA

28. Demonstration time!

29. Join our community! #openstack-ansible on Freenode openstack-dev@lists.rackspace.com https://github.com/openstack/openstack-ansible-security

30. Thank you! Major Hayden @majorhayden Photo: Luciof (Wikipedia)

Securing OpenStack and Beyond with Ansible

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Securing OpenStack and Beyond with Ansible

Similaire à Securing OpenStack and Beyond with Ansible (20)

Plus de Major Hayden

Plus de Major Hayden (14)

Dernier

Dernier (20)

Securing OpenStack and Beyond with Ansible