LibreCon22: The importance of the security, the Uyuni value
1. Germán M. Yébenes
Technical Marketing Manager @ SUSE
german.yebenes@suse.com
The Uyuni value
Security on a multi-vendor ecosystem
2. About me
Germán M. Yébenes
Technical Marketing Manager, SUSE
● Former cloud consultant for EMEA customers.
● Open Source enthusiast.
● Tech writer and Speaker
E-mail: german.yebenes@suse.com
2
linkedin.com/gmontalvoy @kubenothing https://www.mypublicinbox.com/
gmyebenes
4. Risks by numbers
● 400 k average hourly cost when servers are unavailable
● 33 M the average annual cost of downtime tied to security attacks
● Reputation costs caused by the security disruptions
● Compliance breaks Business break Security Audit
4
5. Security Threats
5
● Threat landscape according
with the European Union
Agency for Cybersecurity,
report 2021
● “A chain is as strong as the
weakest link”
9. What Uyuni is
9
• A configuration management
• Deploy workloads from a single place
• Patching and management for a multi-
vendor environment
• Maintain OS templates and standards
across the environment
• Scalable systems management
solutions
10. The origins...
10
• Uyuni is based on Spacewalk Project
• A Free & Open Source configuration management
• Discontinued since May 31 2020
• No roadmap for near future
• Base for Red Hat Satellite 5 and SUMA before 3.2
11. Security on multi-vendor environment
● Sync with CVE Mitre Database
automatically
● Filter system by vulnerability
regardless of the Operating System
● Audit both servers and images
11
12. Live Patching
● Some vulnerabilities affects to Kernel
which would require rebooting
● Reboot is not always an option on
critical systems
● Critical patches should be applied as
soon as possible
12
13. OpenSCAP
● SCAP scans history
● Schedule scans to the best time fit
for the environment
● Keep compliance standards through
the SCAP Scans
13
● Depending on the OS, there are both
scanners and contents
● Content files based on XCCDF
(Extensible Configuration Checklist
Description Format)
● Remediation possible through sh
scripts or Ansible
17. License
This slide deck is licensed under the Creative Commons Attribution-ShareAlike 4.0 International license.
It can be shared and adapted for any purpose (even commercially) as long as Attribution is given and any
derivative work is distributed under the same license.
Details can be found at https://creativecommons.org/licenses/by-sa/4.0/
General Disclaimer
This document is not to be construed as a promise by any participating organisation to develop, deliver, or
market a product. It is not a commitment to deliver any material, code, or functionality, and should not be
relied upon in making purchasing decisions. openSUSE makes no representations or warranties with respect
to the contents of this document, and specifically disclaims any express or implied warranties of
merchantability or fitness for any particular purpose. The development, release, and timing of features or
functionality described for openSUSE products remains at the sole discretion of openSUSE. Further,
openSUSE reserves the right to revise this document and to make changes to its content, at any time,
without obligation to notify any person or entity of such revisions or changes. All openSUSE marks
referenced in this presentation are trademarks or registered trademarks of SUSE LLC, in the United States
and other countries. All third-party trademarks are the property of their respective owners.
Credits
Template & Design
Pau Garcia Quiles
pau.garcia@suse.com
Inspiration
openSUSE Design Team
http://opensuse.github.io/branding-guidelines/