Operations | Monitoring | ITSM | DevOps | Cloud

For our final blog post of 2021 and continuing our tradition, we’d like to reflect on all the CFEngine accomplishments throughout the year and provide a sneak peak of what to expect in 2022.

2021 is coming to its end. It’s a nice tradition to remember and recap how the year was for StackStorm. Let’s celebrate some great things that happened around the project.

Security compliance is the new black. Everyone is talking about it. Everyone is writing about it. Hopefully everyone is doing something about it, but it's a big lift for organizations. Compliance can mean adhering to departmental and company standards; it can mean well-defined regulatory standards like HIPAA, GDPR, and others. Compliance can mean adopting a standardized set of recommended protocols for cyber security. If compliance isn't on your radar right now, it should be.

This is the final summary of our 2021 security hardening holiday calendar. We wanted to provide educational, useful, and actionable security advice, and we’re really pleased with the reception! Thank you for reading and following along.

Users of Red Hat Satellite will see changes coming out with regard to how Satellite interacts with Puppet. Satellite has long bundled Puppet in the distribution, using Puppet both as the Satellite installer and for configuration management. Users also had the option to leverage Satellite as an External Node Classifier (ENC) for their Puppet estates. Red Hat acquired Ansible, an imperative configuration management tool, in late 2015.

The internet has been ablaze since the announcement of Log4Shell, the nickname for CVE-2021-44228, an arbitrary remote code execution vulnerability in the Java logging utility Log4j. So far two additional vulnerabilities ( CVE 2021-45046, CVE-2021-45105) have now been identified. The code has been vulnerable since 2013 and millions of hosts and services are affected.

Let's rip off the bandaid and get the bad news out there first: we're rolling out telemetry for Puppet content. Read on to find out why I think that's actually good news for you, how you can see exactly what data it collects, and how to make sure it never runs if your corporate policy doesn't allow it. And maybe a free beanie if you choose to opt in?

This december, we are posting security advice and modules, every day until December 25th. Now, it’s December 21st, and we’ve gotten through most of the security hardening holiday calendar.