Deployment of Security Policies & Reports

Is it possible to deploy security policies to all the registered Linux servers via SUSE Manager?[Password policies, disabling root…etc]. Also is there any way to get a report on the security policies enforced on the registered systems from the SUSE Manager?


Yes, you can do that with configuration channels and Salt formulas/states. Using activation keys for this

In addition to password policies (which seems like a perfect candidate for a new formula with forms) and disabling root, what else do you have in mind?

Unfortunately, not easily but this is something we are considering for the future.

The only way to discover this is go to the highstate tab and search. There you can see where the state is coming from, eg:

[FONT=Times New Roman]install_mlocate:
env: base
sls: manager_org_1.add_mbl_ssh_key[/FONT]

There is a CVE audit which is not validating the version of the software (like many dumb security software), but verifies which patches are fixing a CVE and then analyze the system themselves.

Also there is OpenSCAP , which allows to audit systems based on openSCAP policies and then with salt state/formula to ensure that the machines comply to your security needs.