WEBINAR, July 11th – CVE: speed up vulnerability remediation to secure your systems (in French)
Plugins add new features to RUDDER, facilitate its integration into your IT toolchain, and add more supported Operating Systems.
When RUDDER is deployed on a large infrastructure, it is common to have several RUDDER servers, each managing a different environment (production/QA/dev, different sites, etc.). To facilitate the daily life of administrators, but also and especially to avoid confusion between different servers (which is all the more likely if they contain similar configurations), it is important to be able to distinguish them visually at a glance on the RUDDER interface, regardless of the open menu. The branding plugin, by adding coloured banners and a brief description to all pages, answers this simple but not negligible problem.
This plugins analyses all known security vulnerabilities, then continuously checks if your systems are impacted or not. You will have access to the impacted nodes, as well as the details of each CVE and their severity level. This gives you a global security visibility of your systems and allows you to fix these vulnerabilities efficiently with RUDDER.
The CVE data comes from the main data sources: publishers, research and vulnerability response centers (CERT, such as the MITRE US agency or the NIST Institute) and databases listing the latest vulnerability detected.
Only compatible with Linux OS
The CIS Benchmarks of the Center for Internet Security gives all the best practices in cybersecurity. Its technical orientation allows it to be quickly applied to systems.
This plugin provides a CIS rules packages that you can apply to all or part of your infrastructure. These rules can be customised to meet the particularities of your information system.
Supported on Debian 9, Ubuntu 18.04 LTS, RHEL and CentOS7
This plugin is designed to offer a synthetic and accurate overview of the IT real state and its deviation over time. Indeed it gives you the ability to aggregate compliance data over time in order to create custom reports. They can target specific set of rules and/or groups of machines. Moreover, they can be exported as PDF reports for audit puposes for instance.
By default, API accounts can only be configured in “read only” or “full access” mode. This module makes it possible to define for each account an ACL (Access Control List) which specifies for this account the API accessible. For example, an account can be configured so that it only accesses the global compliance API – and only that one. In addition, this module allows each RUDDER user to generate a personal API account with the same rights as the user himself. In addition, this module allows each RUDDER user to generate a personal API account with the same rights as the user himself, thus allowing easy and auditable access to the rudder APIs.
The validation workflow makes it possible to secure changes by a second validation before going into production (regular pull requesters on Github already know the benefits of peer review). It can be configured to apply only to certain groups of machines (for example, only production servers with free access to the development platform).
This plugin adds the ability to have one API token per RUDDER user, and precise acl support on system tokens (same type as user rights, with read/write limitation on different items). Everything is configurable from the web interface. This allows to precisely trace and log Rudder users’ accesses to the configuration (including via the API), and to finely restrict the rights given to system API tokens (not linked to a user) for better security and privilege separation.
This module provides all the documentary resources in order to configure the various bricks that make up RUDDER (databases, web application) in redundant operation.
Relay servers can meet two main needs: scalability on the one hand, and architecture segmentation on the other. Indeed, a relay server in a kind of proxy between the nodes managed by RUDDER and the main RUDDER server. Relays allow: to create bridges between different network zones; to isolate sets of nodes from each other; to prohibit direct access to the main Rudder server; and to distribute load across multiple servers in order to manage more machines from a single root server.
RUDDER has always had an integrated authentication system with password hash storage on the server. However, IT teams in established companies often use a directory-based user management system (AD, LDAP, etc.) to manage large numbers of users. This plugin dedicated to larger companies allows users to base their authentication on an external LDAP or RADIUS source, directly from the RUDDER web interface.
- Organization Based Access Control
- High availability (relay servers)
- Main dashboard customization
Developed in partnership with Microsoft, Rudder’s agent for Windows uses DSC (Desired State Configuration), a native technology included into every Windows system since Powershell 4. It enables Windows based servers management on Server 2008R2, 2012, 2012 R2, 2016, and desktops on Windows 7, 8, 8.1 et 10. The Windows agent is as powerful as the Linux agent, since all its features are also available on Windows (except Linux-specific techniques, such as systemd services or SSH server management, of course).
RUDDER’s AIX agent allows to manage AIX 5.3, 6.1 and 7.1. It delivers the same power of management as the Linux agent. All the features availables on Linux are also available on AIX (except Linux-specific techniques, such as systemd services, of course).