How to Update the RHEL 7 Atomic Scan / OpenSCAP Container Image with the Latest NIST National Checklist Content
Red Hat delivers configuration assessment content natively in Red Hat Enterprise Linux. Unfortunately, this content is generally upda...
Do RHEL Containers Inherit Security Compliance from the Host?
In work, security, scap, nist, containers, compliance, Feb 04, 2019
Configuring Ansible Tower for DoD CAC and ECA PKI
In work, ansible, how-to, Jun 21, 2018
RNGD and Weak Cryptography for Virtual Machines
In work, virtualization, security, May 23, 2018Configuring Ansible Tower for DoD CAC and ECA PKI
For this writeup we’ll configure Ansible Tower to require DoD PKI or ECA PKI certificates for authentication. Many thanks to my colle...
Read MoreAll Stories
How to Update the RHEL 7 Atomic Scan / OpenSCAP Container Image with the Latest NIST National Checklist Content
Red Hat delivers configuration assessment content natively in Red Hat Enterprise Linux. Unfortunately, this content is generally updated every 4–6 months, causing the RHEL-provided co...
In work, scap, how-to, May 19, 2019
Do RHEL Containers Inherit Security Compliance from the Host?
Recently an OpenShift deployment within the U.S. Department of Defense asked if container images would inherit security compliance settings from their container host. There is documen...
In work, security, scap, nist, containers, compliance, Feb 04, 2019
Configuring Ansible Tower for DoD CAC and ECA PKI
For this writeup we’ll configure Ansible Tower to require DoD PKI or ECA PKI certificates for authentication. Many thanks to my colleagues Stuart Bain and Jamie Duncan for pointers on...
In work, ansible, how-to, Jun 21, 2018
RNGD and Weak Cryptography for Virtual Machines
There was recently a great post on Red Hat’s gov-sec mailing list that asked about random number generation inside virtual machines, what constitutes “weak cryptography,” how to incre...
In work, virtualization, security, May 23, 2018
Creation of the OpenStack Security Guide
Factoring all moving components of OpenStack, the rapid release cycles, and the sheer complexity of large deployments, OpenStack security information was decentralized and obsoleted e...
In work, security, openstack, May 23, 2018