Yet another Puppetize Digital is in the (online only) books. Our second annual virtual conference drew attendees from around the globe, bringing together the people at the center of automation. If you weren’t able to attend this year’s event live, worry not! You can watch the entire conference on-demand here. Read on for Puppetize highlights!
Apache has disclosed a critical actively exploited path traversal flaw in the popular Apache web server, version 2.4.49. This path traversal means that an attacker can trivially read the contents of any file on the server that the Apache process has access to. This could expose highly sensitive information, even as critical as the server's own private SSL certificates. See the Sonatype blog for more technical information on the vulnerability.
It can be challenging to manage enterprise infrastructure across hybrid cloud and on-premises environments with accurate and timely tracking asset details — especially if you don't know what you have. The more systems deployed, the more visibility is necessary for your IT operations teams to meet critical business Service Level Agreements successfully.
Hi, it’s me... Back again with something exciting: Puppet’s new Compliance Enforcement Modules, or CEMs. We’ve been working on some pretty cool stuff since we launched Puppet Comply last year. Lots of great feedback has come in, and we’re thankful for every opportunity we get to show our customers how we can help. This feedback comes in many forms, but one of the things we’ve heard time and time again is that achieving compliance is still hard.
The Forge team at Puppet has been hard at work for the past few months building out a malware scanning framework in order to help folks be more proactive about their security posture. Now, to be clear, this doesn't replace your own security mitigations. You should still audit untrusted code. You should still run your own virus protections. There are many layers in a robust security profile, and this is only one of them.
This is the second post in a four-part series on why Open Source Puppet users have made the decision to move to Puppet Enterprise. If you’re considering making this change, read on for pros and cons! As more and more businesses are moving from Open Source Puppet (OSP) to Puppet Enterprise (PE), they are experiencing multiple benefits. In this blog series, we’re exploring the biggest benefits we hear from customers about their experience moving from OSP to PE.
Today, it’s difficult to compile a list of all the managed infrastructure you have across your global estate. It’s even more difficult to collect all of the properties and values that make up that infrastructure, such as operating systems, enterprise licenses, networks, disks, mount points, data centers, regions, patch states, hypervisors, and so much more. Nevertheless, it’s ever more critical to have this information at your fingertips.
