As you have probably noticed by now, the attack on OpenSSL known as DROWN – Decrypting RSA using Obsolete and Weakened eNcryption has recently been discovered. Red Hat Product Security have provided patches for OpenSSL and recommend to apply them to affected systems.
In this post, we will discuss how Red Hat CloudForms and ManageIQ can assist in identifying environments at risk of the DROWN OpenSSL cross-protocol vulnerability. In addition, CloudForms can audit your environments and validate that the patches have been applied.
How can Red Hat CloudForms help?
CloudForms provides a policy based compliance check which can be used to verify software and configuration of servers and validate security requirements. These policies are created as a combination of an event, a condition and an action, and use a scope (usually set to infrastructure or guests) to determine if the policy needs to run. Additional information on using policies can be found in the product documentation: Defining policies and profiles.
Continue reading “Managing Patching Compliance Using DROWN OpenSSL Vulnerability as an Example”
UPDATED : Video version of this blog…..found here… http://youtu.be/RDcIIyYK044
So this Shell-Shock stuff is hitting the press quite a bit!
Fncy finding out really quickly if your Red Hat Enterprise Linux 6.5 systems are patched correctly? Even if they are turned off right now? Wow that is clever not even the virtual infrastructure players can do that…I know…its cool. Here it is..
Continue reading “Shell-Shock – Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169)”
So for the past few years Savon v1.1.0 has been the default GEM in the appliance. Heres a scoop! In future releases, and the upstream builds have Savon v2.
What does this mean? Well v2 has a slightly different syntax to its connections and function call. Here is a v2 SOAP example:
Continue reading “SOAP – SAVON v2 Syntax”
This is pretty simple but very useful. I have done a little research and whilst inspect is a way of seeing inside of an object its also hard to read and not very re-usable. Being somewhat old now (crazy thought) XML used to be the way we described things. Yes I know yaml, json etc have come to replace XML in languages such as Ruby, but I cannot get away from XML is far easier to read and self describing than the aforementioned.
If you have used InspectME that ships with the product then this is the same but in XML format, with a few advantages…
Continue reading “inspectXML – Dump objects as XML”
The base automate model does not contain the email methods for the VM Reconfigure approval process, this post gives you this capability.
Ensure your CFME appliance can send a test email from the configuration page. If you get the test email, then continue otherwise keep trying until you do!
Continue reading “VM ReConfigure Approval Emails”
This is a really simple export routine for VMware using a custom button.
In an implementation I would maybe wrap this with
- A dialog to offer different export locations and naming of the export to include date/time stamp and maybe a checkbox to enable disable the overwrite of existing exports.
- Add in the approval system, basically some workloads should require authorisation by a manager to allow the export, we could do this by tag, and capture this in the method.
- Some error checking and folder creation stuff in the simple method.
Continue reading “Exporting VM (VMware)”
This post will solve anything! Quite simply anything you can script, code or model in CloudFORMS you can call externally too using simple web services.
We will need a few things as follows;
- A sample method that we can call
- A ruby script to call our web services and execute our sample method.
Continue reading “CloudFORMS and Simple WebServices (RUBY)”
You want to delete a Template in RHEV from the CloudFORMS UI, but how?
This is easy, because the ReST API’s are so lovely in RHEV. Here is how;
Create a custom button that will execute your method, remember this is for VM Template and not just VM.
Now create the Automate parts, (if you need assistance on the general wiring of automate, try here first)
Continue reading “Delete Template from Disk (RHEV)”
CloudFORMS lacks currently the ability to create a template from an existing VM, here is the method to enable this function from a custom button.
First you need a dialog to collect from the new user the name of the template, so create a dialog of your liking, including at least;
Textbox – Name = dialog_name
Continue reading “Create Template from VM (RHEV)”