SlideShare una empresa de Scribd logo
1 de 47
Descargar para leer sin conexión
A3Sec Advanced
Deployment System
Managing all your Alienvault's
Infrastructure with Salt
About the Author
●
●
●
●
●
●
●

David Gil <dgil@a3sec.com>
Developer, sysadmin, project manager
Really believes in Open Source model
Programming since he was 9 years old
Ossim developer at its early stage
Python lover :-)
Debian package maintainer (a long, long
time ago)
● Sci-Fi books reader and mountain bike rider
Summary
●
●
●
●
●
●
●
●
●

Distribute configuration management
Remote execution platform
Salt Stack
Configuration states
Security deployment approach
Salt architecture
Builtin modules
Targeting
Services
Distributed Configuration
Management - Why?
● Control of all the infrastructure configuration
● Ensure configurations are the same on all
servers (or on a type of servers)
● Auto-restart services on configuration
changes
● Auto-Install required packages
Distributed Configuration
Management - Why?
● Control of all the infrastructure configuration
● Ensure configurations are the same on all
servers (or on a type of servers)
● Auto-restart services on configuration
changes
● Auto-Install required packages
Don't sysadmin, develop configuration states.
Make your life easier!
Remote Execution Platform
Why?
Examples:
● I want to restart apache2 on all my
frameworks
● I don't want to have to shell into every server
just to run an apt-get upgrade command
● I have {n} servers that I want to check what
version of {package} is installed
Remote Execution Platform
Why?
Examples:
● I want to restart apache2 on all my
frameworks
● I don't want to have to shell into every server
just to run an apt-get upgrade command
● I have {n} servers that I want to check what
version of {package} is installed
"ssh in a for loop is not a solution"
Luka Kanies, Puppet developer
What is Salt?
● FOSS project for distributed configuration
and remote execution
● Still young (2011) but active developed
● Other tools:
○ puppet (ruby): fedora, mozilla, sans
○ chef (ruby): openstack, cloudfoundry

● Salt is easier (IMHO) than chef and puppet
(steeper learning curve)
● Configure states by writing simple lists of
items (yaml), more readable for sysadmins
than vanilla python or ruby
Salt Keys - Just Easy
● Simple Architecture
○ Fits fine with Alienvault's Architecture

● Easy Installation
○ Squeeze debian packages, pip, bootstrap git

● Easy Configuration
○ No need to learn a new programming language

● Extensible
○ Develop Alienvault specific modules is quite easy!
Salt Keys - Scalable
● Able to manage tens of thousands of servers
● ZeroMQ based for messaging
● Persistent connections / Parallel execution
● MessagePack: fast and small message
format (fluentd, redis, etc.)
Salt Keys - Secure
Secure and encrypted communication transport
layer:
● Public Key for Master Authentication
● 256 bit AES for payload high speed
encryption
So, VPN configuration is not needed
Configuration State example
● You have 20 servers with exim4 as default
mail transport
● You want to get rid of exim4 and install
postfix instead
● In your 20 servers? One by one?
Configuration State example
# apt-get install postfix (x20)
Configuration State example
# apt-get install postfix

postfix:
pkg:
- installed
Configuration State example
# apt-get install postfix
# vim /etc/postfix/master.cf (x20)

postfix:
pkg:
- installed
Configuration State example
# apt-get install postfix
# vim /etc/postfix/master.cf

postfix:
pkg:
- installed

/etc/postfix/master.cf:
file.managed:
- source: salt://postfix/master.cf
Configuration State example
# apt-get install postfix
# vim /etc/postfix/master.cf
# /etc/init.d/postfix restart (x20)
postfix:
pkg:
- installed

/etc/postfix/master.cf:
file.managed:
- source: salt://postfix/master.cf
Configuration State example
# apt-get install postfix
# vim /etc/postfix/master.cf
# /etc/init.d/postfix restart
postfix:
pkg:
- installed
service:
- running

/etc/postfix/master.cf:
file.managed:
- source: salt://postfix/master.cf
Configuration State example
# apt-get install postfix
# vim /etc/postfix/master.cf
# /etc/init.d/postfix restart
postfix:
pkg:
- installed
service:
- running
- watch:
- file: /etc/postfix/master.cf
/etc/postfix/master.cf:
file.managed:
- source: salt://postfix/master.cf
Security Deployment approach
● Always well-known behaviors
● Avoid accidental mistakes
● All configuration changes stored in a single
and unique place (master filesever)
● Private Git repository for Knowledge
Database (configuration states developed at
customers)
● Reusable configurations for other
deployments!
● Just code one time, test it and apply where
you need
Security Deployment approach
A few common and repetitive distribution tasks,
for every single server on your infrastructure:
● Hostname resolution
● Custom plugins distribution
● Remote code execution
● Snort threshold and rules
● Logrotate files
● Rsyslog filters
● Firewall rules
● etc.
Security Deployment approach
Hostname resolution
# address and name management in /etc/hosts file
mcafee-database:
host.present:
- ip: 192.168.0.42

Cron
# Clean user crontab management
ntpdate-debian > /var/log/syslog:
cron.present:
- user: root
- minute: 7
- hour: 2
Security Deployment approach
Code fixes and improvements distribution:
# patch --forward Detector.py agent_hot_fix.patch
/usr/share/ossim-agent/ossim_agent/Detector.py:
file.patch:
- source: salt://agent_hot_fix.patch
- hash: md5=e138491e9d5b97023cea823fe17bac22
# Ensure root login is disabled
/etc/ssh/sshd_config:
file.sed:
- before: 'PermitRootLogin no'
- after: 'PermitRootLogin yes'
Salt Architecture
Master (server)
● Approved minion keys for communication
● Send commands to minions
● Store configurations, files and resources for
minions
Minon (client)
● Connects to Master
● Listens for commands
● Downloads configurations from Master and
apply them (update config states)
Salt Architecture
Client/Server topology
Master

Minion #1

Minion #2

states
modules
etc.

Minion #n
Salt Architecture
Alienvault Deployment Topology
AV SIEM

AV LOGGER
Minion

AV SENSOR #1
Minion

AV SENSOR #2
Minion

Master

Minion

AV SENSOR #N
Minion
Salt Architecture
Alienvault Deployment Topology
AV SIEM
Minion

AV SENSOR #1
Minion

AV LOGGER
Master

AV SENSOR #2
Minion

Minion

AV SENSOR #N
Minion
Salt Architecture
Master

Services Model

AV SIEM

AV LOGGER
Minion

AV SENSOR #1
Minion

AV SENSOR #2
Minion

Syndic

AV SENSOR #N
Minion
Built-in State Modules (partial list)
●
●
●
●
●
●
●
●
●
●

cmd
cron
file
git
group
host
locale
mount
mongo*
mysql*

●
●
●
●
●
●
●

pkg
postgres*
rabbitmq*
service
ssh*
timezone
user

Custom modules can
be written in Python!
Built-in Exec Modules (partial list)
●
●
●
●
●
●
●
●
●
●
●

apache
apt
archive
at
cassandra
cluster
cron
disk
file
gem
git

● hosts
● iptables
● keyboard
● ldap
● locale
● network
All supported:
salt 'node' sys.doc

Custom modules can
be written in Python!
Targeting
● Match minions for cli commands and state
files
● Force different states for every type of server
● Alienvault profiles:
○
○
○
○
○

SIEM
Logger
Framework
Sensor
Database
Targeting
base:
'*':
- core.tools
- core.users
- core.hosts
- core.munin
- core.nagios
'av(siem|logger)*':
- alienvault.server
- alienvault.database
'av(sensor|agent)*':
- alienvault.agent
- alienvault.plugins
Targeting
base:
'*':
- core.tools
- core.users
- core.hosts
- core.munin
- core.nagios
'av(siem|logger)*':
- alienvault.server
- alienvault.database
'av(sensor|agent)*':
- alienvault.agent
- alienvault.plugins

$ tree /srv/salt/
/srv/salt/
|-- alienvault
|
|-- agent.sls
|
|-- database.sls
|
|-- plugins.sls
|
`-- server.sls
|-- core
|
|-- hosts.sls
|
|-- munin.sls
|
|-- tools.sls
|
`-- users.sls
`-- top.sls
Targeting
● By Hostname: Minion_id
'*', 'avsensor.*', 'av(siem|logger)', 'web1,web2,web3'

● By system information: Grains
grains['os'] == 'Debian' and 'Server' in grains
['av_profile']

● By defined groups: Node Groups
nodegroups:
'sensors': avsensor*.domain.com, foo.bar
'servers': av(siem|logger).domain.com, bar.foo

● Mix combination: Compound
'webserv* and G@os:Debian or E@web-dc1-srv.*'
Targeting - Grains
Static bits of information that a minion collects
about the system (inventory!)
cpu_model
cpuarch
domain
fqdn
gpus
host
kernel
kernelrelease
lsb_codename

lsb_description
lsb_os
lsb_release
manufacturer
mem_total
nodename
num_cpus
os
oscodename

osfullname
osrelease
path
productname
server_id
shell
virtual
etc.
Targeting - Grains
● Using grains to define states
● Jinja2 template markup
apache:
pkg.installed:
{% if grains['os'] == 'RedHat' %}
- name: httpd
{% elif grains['os'] == 'Ubuntu' %}
- name: apache2
{% endif %}
Extending - Custom grains
You can write your own custom grains:
# Return the host profile for Alienvault minions
def av_profile():
alienvault_config = '/etc/ossim/ossim_setup.conf'
if not os.path.isfile(alienvault_config):
return {}
config = ConfigParser.RawConfigParser()
config.read(alienvault_config)
profile = config.get('root', 'profile')
return {'alienvault_profile': profile}
Extending - Custom grains
And use them:
# salt -G 'os:Debian' test.ping
avsiem.client01.com: True
avlogger.client01.com: True
avsensor01.client01.com: True
avsensor02.client01.com: True
# salt -G 'av_profile:Server' cmd.run 'uname -r'
avsiem.client01.com: 2.6.32-5-amd64
avlogger.client01.com: 2.6.31.6
Extending - Custom modules
Build and use your custom exec modules:
# salt '*.alienvault' alienvault.profile
'server01.alienvault': 'Server,Database'
'logger01.alienvault': 'Server,Database'
# salt '*.alienvault' alienvault.snort_dbsize
'server01.alienvault': 457Mb
'logger01.alienvault': 0Mb
# salt '*.alienvault' alienvault.numalarms
'server01.alienvault': 393
'logger01.alienvault': 0
Extending - Custom modules
Example: Nagios configuration management
# salt ‘nagios01’ nagios.add_host 
“salt-test-host” “127.0.0.1”
nagios01: [nagios] Added new host: salt-test-host
# salt ‘nagios01’ nagios.add_service 
“salt-test-host” “HTTP” “check_http”
nagios01: [nagios] Added new service: HTTP for host salttest-host
Extending - Custom states
Custom states for
availability monitoring,
using exec modules

# add new host to nagios
ZZZ-salt-test-host:
monitoring.add_host:
- address: 127.0.0.1
# add new services to nagios
HTTP:
monitoring.add_service:
- checkname: check_http
- hostnames:
- ZZZ-salt-test-host
- YYY-salt-test-host
Dynamic Module Distribution
● Build your custom
grains, exec
modules and states
● Automatically
distributed to the
minions with the
salt-master file
server
● Directories are
prepended with an
underscore

/srv/salt/
|-- alienvault
|
|-- agent.sls
|
|-- database.sls
|
|-- plugins.sls
|
`-- server.sls
|-- core
|
|-- hosts.sls
|
|-- munin.sls
|
|-- tools.sls
|
`-- users.sls
|-- _grains
|-- _modules
|-- _states
`-- top.sls
User interface
Aggregation&Management UI
Build services on top of Salt architecture:
● MSSPs and SOCs
● Monitoring, Deployment and Management
off all the infrastructure in a single
dashboard
● Configurations backup on demand
● Patches and fixes distribution
● Full Inventory
● etc...
Aggregation&Management UI
Aggregation&Management UI
A3Sec
http://www.a3sec.com
@a3sec
Spain Head Office
C/ Aravaca, 6 Piso 2 Derecha
28040 Madrid
Tlf. +34 915 330 978
México Head Office
Avda. Paseo de la Reforma, 389 Piso 10
México DF
Tlf. +52 55 5980 3547

Más contenido relacionado

La actualidad más candente

Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...Nagios
 
Hardening Three - IDS/IPS Technologies
Hardening Three - IDS/IPS TechnologiesHardening Three - IDS/IPS Technologies
Hardening Three - IDS/IPS TechnologiesSalvatore Lentini
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort webhostingguy
 
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]RootedCON
 
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valeroRooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valeroRootedCON
 
All About Snort
All About SnortAll About Snort
All About Snort28pranjal
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
 
The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)Javier Junquera
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallHuda Seyam
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemBikrant Gautam
 
Offline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encriptionOffline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encriptionmalvvv
 
Linux Network Security
Linux Network SecurityLinux Network Security
Linux Network SecurityAmr Ali
 
The SElinux Notebook :the foundations - Vol 1
The SElinux Notebook :the foundations - Vol 1The SElinux Notebook :the foundations - Vol 1
The SElinux Notebook :the foundations - Vol 1Eliel Prado
 
Fire & Ice: Making and Breaking macOS Firewalls
Fire & Ice: Making and Breaking macOS FirewallsFire & Ice: Making and Breaking macOS Firewalls
Fire & Ice: Making and Breaking macOS FirewallsPriyanka Aash
 
[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted ComputingOWASP
 

La actualidad más candente (20)

Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
 
Linux Security
Linux SecurityLinux Security
Linux Security
 
Hardening Three - IDS/IPS Technologies
Hardening Three - IDS/IPS TechnologiesHardening Three - IDS/IPS Technologies
Hardening Three - IDS/IPS Technologies
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort
 
Snort
SnortSnort
Snort
 
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
Rafa Sánchez & Fran Gomez - IoCker - When IPv6 met malware [rooted2019]
 
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valeroRooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
 
All About Snort
All About SnortAll About Snort
All About Snort
 
Snort
SnortSnort
Snort
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
 
The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)
 
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense FirewallDetect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
Detect HTTP Brute Force attack using Snort IDS/IPS on PFSense Firewall
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection System
 
Snort IPS
Snort IPSSnort IPS
Snort IPS
 
Offline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encriptionOffline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encription
 
Linux Network Security
Linux Network SecurityLinux Network Security
Linux Network Security
 
The SElinux Notebook :the foundations - Vol 1
The SElinux Notebook :the foundations - Vol 1The SElinux Notebook :the foundations - Vol 1
The SElinux Notebook :the foundations - Vol 1
 
Fire & Ice: Making and Breaking macOS Firewalls
Fire & Ice: Making and Breaking macOS FirewallsFire & Ice: Making and Breaking macOS Firewalls
Fire & Ice: Making and Breaking macOS Firewalls
 
[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing
 

Similar a A3Sec Advanced Deployment System

CodeFest 2013. Mosesohn M. — Automating environments with Cobbler
CodeFest 2013. Mosesohn M. — Automating environments with CobblerCodeFest 2013. Mosesohn M. — Automating environments with Cobbler
CodeFest 2013. Mosesohn M. — Automating environments with CobblerCodeFest
 
Nagios Conference 2014 - Eric Mislivec - Getting Started With Nagios Core
Nagios Conference 2014 - Eric Mislivec - Getting Started With Nagios CoreNagios Conference 2014 - Eric Mislivec - Getting Started With Nagios Core
Nagios Conference 2014 - Eric Mislivec - Getting Started With Nagios CoreNagios
 
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios
 
LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager Alison Chaiken
 
Malware analysis
Malware analysisMalware analysis
Malware analysisxabean
 
The Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldThe Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldDevOps.com
 
Pluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and DockerPluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and DockerBob Killen
 
MySQL Utilities -- PyTexas 2015
MySQL Utilities -- PyTexas 2015MySQL Utilities -- PyTexas 2015
MySQL Utilities -- PyTexas 2015Dave Stokes
 
NGINX Installation and Tuning
NGINX Installation and TuningNGINX Installation and Tuning
NGINX Installation and TuningNGINX, Inc.
 
Crikeycon 2019 Velociraptor Workshop
Crikeycon 2019 Velociraptor WorkshopCrikeycon 2019 Velociraptor Workshop
Crikeycon 2019 Velociraptor WorkshopVelocidex Enterprises
 
Automating complex infrastructures with Puppet
Automating complex infrastructures with PuppetAutomating complex infrastructures with Puppet
Automating complex infrastructures with PuppetKris Buytaert
 
Strategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and imagesStrategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and imagesMender.io
 
Automotive Grade Linux and systemd
Automotive Grade Linux and systemdAutomotive Grade Linux and systemd
Automotive Grade Linux and systemdAlison Chaiken
 
Deploying software at Scale
Deploying software at ScaleDeploying software at Scale
Deploying software at ScaleKris Buytaert
 
Tuning systemd for embedded
Tuning systemd for embeddedTuning systemd for embedded
Tuning systemd for embeddedAlison Chaiken
 
Automating Complex Setups with Puppet
Automating Complex Setups with PuppetAutomating Complex Setups with Puppet
Automating Complex Setups with PuppetKris Buytaert
 
Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Alex S
 
Systemd: the modern Linux init system you will learn to love
Systemd: the modern Linux init system you will learn to loveSystemd: the modern Linux init system you will learn to love
Systemd: the modern Linux init system you will learn to loveAlison Chaiken
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Frameworkegypt
 

Similar a A3Sec Advanced Deployment System (20)

CodeFest 2013. Mosesohn M. — Automating environments with Cobbler
CodeFest 2013. Mosesohn M. — Automating environments with CobblerCodeFest 2013. Mosesohn M. — Automating environments with Cobbler
CodeFest 2013. Mosesohn M. — Automating environments with Cobbler
 
Nagios Conference 2014 - Eric Mislivec - Getting Started With Nagios Core
Nagios Conference 2014 - Eric Mislivec - Getting Started With Nagios CoreNagios Conference 2014 - Eric Mislivec - Getting Started With Nagios Core
Nagios Conference 2014 - Eric Mislivec - Getting Started With Nagios Core
 
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
 
LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
The Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldThe Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote World
 
Pluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and DockerPluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and Docker
 
MySQL Utilities -- PyTexas 2015
MySQL Utilities -- PyTexas 2015MySQL Utilities -- PyTexas 2015
MySQL Utilities -- PyTexas 2015
 
NGINX Installation and Tuning
NGINX Installation and TuningNGINX Installation and Tuning
NGINX Installation and Tuning
 
Crikeycon 2019 Velociraptor Workshop
Crikeycon 2019 Velociraptor WorkshopCrikeycon 2019 Velociraptor Workshop
Crikeycon 2019 Velociraptor Workshop
 
Automating complex infrastructures with Puppet
Automating complex infrastructures with PuppetAutomating complex infrastructures with Puppet
Automating complex infrastructures with Puppet
 
Strategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and imagesStrategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and images
 
Automotive Grade Linux and systemd
Automotive Grade Linux and systemdAutomotive Grade Linux and systemd
Automotive Grade Linux and systemd
 
Ilf2013
Ilf2013Ilf2013
Ilf2013
 
Deploying software at Scale
Deploying software at ScaleDeploying software at Scale
Deploying software at Scale
 
Tuning systemd for embedded
Tuning systemd for embeddedTuning systemd for embedded
Tuning systemd for embedded
 
Automating Complex Setups with Puppet
Automating Complex Setups with PuppetAutomating Complex Setups with Puppet
Automating Complex Setups with Puppet
 
Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015Ansible is the simplest way to automate. MoldCamp, 2015
Ansible is the simplest way to automate. MoldCamp, 2015
 
Systemd: the modern Linux init system you will learn to love
Systemd: the modern Linux init system you will learn to loveSystemd: the modern Linux init system you will learn to love
Systemd: the modern Linux init system you will learn to love
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
 

Último

Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxSatishbabu Gunukula
 
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Alkin Tezuysal
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfInfopole1
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3DianaGray10
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applicationsnooralam814309
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveIES VE
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechProduct School
 
3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud DataEric D. Schabell
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)codyslingerland1
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...DianaGray10
 
.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptxHansamali Gamage
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingMAGNIntelligence
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTxtailishbaloch
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarThousandEyes
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxNeo4j
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInThousandEyes
 
How to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxHow to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxKaustubhBhavsar6
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Libraryshyamraj55
 

Último (20)

Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptx
 
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdf
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applications
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
 
SheDev 2024
SheDev 2024SheDev 2024
SheDev 2024
 
3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...
 
.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? Webinar
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
 
How to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxHow to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptx
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Library
 

A3Sec Advanced Deployment System

  • 1. A3Sec Advanced Deployment System Managing all your Alienvault's Infrastructure with Salt
  • 2. About the Author ● ● ● ● ● ● ● David Gil <dgil@a3sec.com> Developer, sysadmin, project manager Really believes in Open Source model Programming since he was 9 years old Ossim developer at its early stage Python lover :-) Debian package maintainer (a long, long time ago) ● Sci-Fi books reader and mountain bike rider
  • 3. Summary ● ● ● ● ● ● ● ● ● Distribute configuration management Remote execution platform Salt Stack Configuration states Security deployment approach Salt architecture Builtin modules Targeting Services
  • 4. Distributed Configuration Management - Why? ● Control of all the infrastructure configuration ● Ensure configurations are the same on all servers (or on a type of servers) ● Auto-restart services on configuration changes ● Auto-Install required packages
  • 5. Distributed Configuration Management - Why? ● Control of all the infrastructure configuration ● Ensure configurations are the same on all servers (or on a type of servers) ● Auto-restart services on configuration changes ● Auto-Install required packages Don't sysadmin, develop configuration states. Make your life easier!
  • 6. Remote Execution Platform Why? Examples: ● I want to restart apache2 on all my frameworks ● I don't want to have to shell into every server just to run an apt-get upgrade command ● I have {n} servers that I want to check what version of {package} is installed
  • 7. Remote Execution Platform Why? Examples: ● I want to restart apache2 on all my frameworks ● I don't want to have to shell into every server just to run an apt-get upgrade command ● I have {n} servers that I want to check what version of {package} is installed "ssh in a for loop is not a solution" Luka Kanies, Puppet developer
  • 8. What is Salt? ● FOSS project for distributed configuration and remote execution ● Still young (2011) but active developed ● Other tools: ○ puppet (ruby): fedora, mozilla, sans ○ chef (ruby): openstack, cloudfoundry ● Salt is easier (IMHO) than chef and puppet (steeper learning curve) ● Configure states by writing simple lists of items (yaml), more readable for sysadmins than vanilla python or ruby
  • 9. Salt Keys - Just Easy ● Simple Architecture ○ Fits fine with Alienvault's Architecture ● Easy Installation ○ Squeeze debian packages, pip, bootstrap git ● Easy Configuration ○ No need to learn a new programming language ● Extensible ○ Develop Alienvault specific modules is quite easy!
  • 10. Salt Keys - Scalable ● Able to manage tens of thousands of servers ● ZeroMQ based for messaging ● Persistent connections / Parallel execution ● MessagePack: fast and small message format (fluentd, redis, etc.)
  • 11. Salt Keys - Secure Secure and encrypted communication transport layer: ● Public Key for Master Authentication ● 256 bit AES for payload high speed encryption So, VPN configuration is not needed
  • 12. Configuration State example ● You have 20 servers with exim4 as default mail transport ● You want to get rid of exim4 and install postfix instead ● In your 20 servers? One by one?
  • 13. Configuration State example # apt-get install postfix (x20)
  • 14. Configuration State example # apt-get install postfix postfix: pkg: - installed
  • 15. Configuration State example # apt-get install postfix # vim /etc/postfix/master.cf (x20) postfix: pkg: - installed
  • 16. Configuration State example # apt-get install postfix # vim /etc/postfix/master.cf postfix: pkg: - installed /etc/postfix/master.cf: file.managed: - source: salt://postfix/master.cf
  • 17. Configuration State example # apt-get install postfix # vim /etc/postfix/master.cf # /etc/init.d/postfix restart (x20) postfix: pkg: - installed /etc/postfix/master.cf: file.managed: - source: salt://postfix/master.cf
  • 18. Configuration State example # apt-get install postfix # vim /etc/postfix/master.cf # /etc/init.d/postfix restart postfix: pkg: - installed service: - running /etc/postfix/master.cf: file.managed: - source: salt://postfix/master.cf
  • 19. Configuration State example # apt-get install postfix # vim /etc/postfix/master.cf # /etc/init.d/postfix restart postfix: pkg: - installed service: - running - watch: - file: /etc/postfix/master.cf /etc/postfix/master.cf: file.managed: - source: salt://postfix/master.cf
  • 20. Security Deployment approach ● Always well-known behaviors ● Avoid accidental mistakes ● All configuration changes stored in a single and unique place (master filesever) ● Private Git repository for Knowledge Database (configuration states developed at customers) ● Reusable configurations for other deployments! ● Just code one time, test it and apply where you need
  • 21. Security Deployment approach A few common and repetitive distribution tasks, for every single server on your infrastructure: ● Hostname resolution ● Custom plugins distribution ● Remote code execution ● Snort threshold and rules ● Logrotate files ● Rsyslog filters ● Firewall rules ● etc.
  • 22. Security Deployment approach Hostname resolution # address and name management in /etc/hosts file mcafee-database: host.present: - ip: 192.168.0.42 Cron # Clean user crontab management ntpdate-debian > /var/log/syslog: cron.present: - user: root - minute: 7 - hour: 2
  • 23. Security Deployment approach Code fixes and improvements distribution: # patch --forward Detector.py agent_hot_fix.patch /usr/share/ossim-agent/ossim_agent/Detector.py: file.patch: - source: salt://agent_hot_fix.patch - hash: md5=e138491e9d5b97023cea823fe17bac22 # Ensure root login is disabled /etc/ssh/sshd_config: file.sed: - before: 'PermitRootLogin no' - after: 'PermitRootLogin yes'
  • 24. Salt Architecture Master (server) ● Approved minion keys for communication ● Send commands to minions ● Store configurations, files and resources for minions Minon (client) ● Connects to Master ● Listens for commands ● Downloads configurations from Master and apply them (update config states)
  • 25. Salt Architecture Client/Server topology Master Minion #1 Minion #2 states modules etc. Minion #n
  • 26. Salt Architecture Alienvault Deployment Topology AV SIEM AV LOGGER Minion AV SENSOR #1 Minion AV SENSOR #2 Minion Master Minion AV SENSOR #N Minion
  • 27. Salt Architecture Alienvault Deployment Topology AV SIEM Minion AV SENSOR #1 Minion AV LOGGER Master AV SENSOR #2 Minion Minion AV SENSOR #N Minion
  • 28. Salt Architecture Master Services Model AV SIEM AV LOGGER Minion AV SENSOR #1 Minion AV SENSOR #2 Minion Syndic AV SENSOR #N Minion
  • 29. Built-in State Modules (partial list) ● ● ● ● ● ● ● ● ● ● cmd cron file git group host locale mount mongo* mysql* ● ● ● ● ● ● ● pkg postgres* rabbitmq* service ssh* timezone user Custom modules can be written in Python!
  • 30. Built-in Exec Modules (partial list) ● ● ● ● ● ● ● ● ● ● ● apache apt archive at cassandra cluster cron disk file gem git ● hosts ● iptables ● keyboard ● ldap ● locale ● network All supported: salt 'node' sys.doc Custom modules can be written in Python!
  • 31. Targeting ● Match minions for cli commands and state files ● Force different states for every type of server ● Alienvault profiles: ○ ○ ○ ○ ○ SIEM Logger Framework Sensor Database
  • 32. Targeting base: '*': - core.tools - core.users - core.hosts - core.munin - core.nagios 'av(siem|logger)*': - alienvault.server - alienvault.database 'av(sensor|agent)*': - alienvault.agent - alienvault.plugins
  • 33. Targeting base: '*': - core.tools - core.users - core.hosts - core.munin - core.nagios 'av(siem|logger)*': - alienvault.server - alienvault.database 'av(sensor|agent)*': - alienvault.agent - alienvault.plugins $ tree /srv/salt/ /srv/salt/ |-- alienvault | |-- agent.sls | |-- database.sls | |-- plugins.sls | `-- server.sls |-- core | |-- hosts.sls | |-- munin.sls | |-- tools.sls | `-- users.sls `-- top.sls
  • 34. Targeting ● By Hostname: Minion_id '*', 'avsensor.*', 'av(siem|logger)', 'web1,web2,web3' ● By system information: Grains grains['os'] == 'Debian' and 'Server' in grains ['av_profile'] ● By defined groups: Node Groups nodegroups: 'sensors': avsensor*.domain.com, foo.bar 'servers': av(siem|logger).domain.com, bar.foo ● Mix combination: Compound 'webserv* and G@os:Debian or E@web-dc1-srv.*'
  • 35. Targeting - Grains Static bits of information that a minion collects about the system (inventory!) cpu_model cpuarch domain fqdn gpus host kernel kernelrelease lsb_codename lsb_description lsb_os lsb_release manufacturer mem_total nodename num_cpus os oscodename osfullname osrelease path productname server_id shell virtual etc.
  • 36. Targeting - Grains ● Using grains to define states ● Jinja2 template markup apache: pkg.installed: {% if grains['os'] == 'RedHat' %} - name: httpd {% elif grains['os'] == 'Ubuntu' %} - name: apache2 {% endif %}
  • 37. Extending - Custom grains You can write your own custom grains: # Return the host profile for Alienvault minions def av_profile(): alienvault_config = '/etc/ossim/ossim_setup.conf' if not os.path.isfile(alienvault_config): return {} config = ConfigParser.RawConfigParser() config.read(alienvault_config) profile = config.get('root', 'profile') return {'alienvault_profile': profile}
  • 38. Extending - Custom grains And use them: # salt -G 'os:Debian' test.ping avsiem.client01.com: True avlogger.client01.com: True avsensor01.client01.com: True avsensor02.client01.com: True # salt -G 'av_profile:Server' cmd.run 'uname -r' avsiem.client01.com: 2.6.32-5-amd64 avlogger.client01.com: 2.6.31.6
  • 39. Extending - Custom modules Build and use your custom exec modules: # salt '*.alienvault' alienvault.profile 'server01.alienvault': 'Server,Database' 'logger01.alienvault': 'Server,Database' # salt '*.alienvault' alienvault.snort_dbsize 'server01.alienvault': 457Mb 'logger01.alienvault': 0Mb # salt '*.alienvault' alienvault.numalarms 'server01.alienvault': 393 'logger01.alienvault': 0
  • 40. Extending - Custom modules Example: Nagios configuration management # salt ‘nagios01’ nagios.add_host “salt-test-host” “127.0.0.1” nagios01: [nagios] Added new host: salt-test-host # salt ‘nagios01’ nagios.add_service “salt-test-host” “HTTP” “check_http” nagios01: [nagios] Added new service: HTTP for host salttest-host
  • 41. Extending - Custom states Custom states for availability monitoring, using exec modules # add new host to nagios ZZZ-salt-test-host: monitoring.add_host: - address: 127.0.0.1 # add new services to nagios HTTP: monitoring.add_service: - checkname: check_http - hostnames: - ZZZ-salt-test-host - YYY-salt-test-host
  • 42. Dynamic Module Distribution ● Build your custom grains, exec modules and states ● Automatically distributed to the minions with the salt-master file server ● Directories are prepended with an underscore /srv/salt/ |-- alienvault | |-- agent.sls | |-- database.sls | |-- plugins.sls | `-- server.sls |-- core | |-- hosts.sls | |-- munin.sls | |-- tools.sls | `-- users.sls |-- _grains |-- _modules |-- _states `-- top.sls
  • 44. Aggregation&Management UI Build services on top of Salt architecture: ● MSSPs and SOCs ● Monitoring, Deployment and Management off all the infrastructure in a single dashboard ● Configurations backup on demand ● Patches and fixes distribution ● Full Inventory ● etc...
  • 47. A3Sec http://www.a3sec.com @a3sec Spain Head Office C/ Aravaca, 6 Piso 2 Derecha 28040 Madrid Tlf. +34 915 330 978 México Head Office Avda. Paseo de la Reforma, 389 Piso 10 México DF Tlf. +52 55 5980 3547