SUSE Linux Enterprise has a nice track record of being the secure operating system platform that you can trust for your most mission-critical applications. Our engineers and our security team ensure that the presets we chose are secure by default, and our “Security Center and Hardening” module in the YaST configuration management tool offers a central clearinghouse to configure security-related settings. In addition, we provide you with comprehensive documentation on hardening SUSE Linux Enterprise.
Another important aspect of keeping systems secure is making sure that security holes in the code are patched as quickly as possible. As part of your SUSE Linux Enterprise subscription we provide you with well-tested code fixes and the tools needed to conveniently apply those to your server.
But applying and tracking secure settings as well as making sure your systems are patched can be very time-consuming in large environments. As soon as we are talking about dozens or even hundreds of servers you need centralized management tools to manage them.
Our solution for keeping many servers secure is SUSE Manager. Learn more about SUSE Manager on www.suse.com/susemanager/ or join us on the upcoming SUSECon Conference in Orlando. If you haven’t registered yet, there’s another reason to do so: I’m going to run a session on how SUSE Manager can help you keep thousands of servers secure and compliant (Look for TT1580 in the Session Catalog).
Now, one thing is to be able to patch and secure your systems, the other thing is documenting on a regular basis that you are compliant. UPW Compliance Guard (UCG) addresses that. It is a solution from our partner UPW ProjectServices that aims at “making security measurable”. Using your own rules or pre-defined rules like the OVAL patch data that SUSE provides, you can run automated regular tests and create reports to continuously track compliance as part of an ongoing effort to improve IT security. Find more information on OVAL here. The reporting and analysis capabilities also help with making certifications and audits less of a pain. In addition, it allows you to collect non-technical data from users and administrators with a built-in form-based “Compliance Self Assessment” framework.
When we first met with the team from UPW we came up with the idea of integrating UCG into SUSE Manager to make it easier to monitor both the operational and compliance aspects of your systems in one place and make sure that systems that are provisioned with SUSE Manager are automatically added to UCG’s compliance tracking.
We are preparing a demo video that shows how a system that is registered to SUSE Manager is automatically added to UCG as well. Later, the the results of the UCG compliance check are displayed directly in SUSE Manager! Unfortunately, editing the video is taking us a bit longer than expected, due to the preparations for SUSECon. But isn’t that yet another reason to meet our team in person in Orlando? Of course we are going to have the demo with us.
This is Joachim Werner blogging live from SUSE in Nuremberg, where security isn’t just a buzzword, but a guiding principle.
And as you didn’t get a screenshot or video today, here is a picture of me at the B2RUN company challenge. I pretty good results (a bit over 30 minutes for 6.3 km).