Unit 10 Worksheet

Instructions

Fill out the worksheet as you progress through the lab and discussions. Hold your worksheets until the end to turn them in as a final submission packet.

Resources / Important Links

Downloads

The worksheet has been provided below. The document(s) can be transposed to the desired format so long as the content is preserved. For example, the .txt could be transposed to a .md file.

Unit 10 Recording

Link: https://www.youtube.com/watch?v=FKpkx4-lBuI

Discussion Post #1

Scenario

Your team uses Ansible and needs to secure one of the images you have been working to build in Rocky 9. You have decided to use https://github.com/ansible-lockdown ansible Lockdown for STIG remediation.

Where is this tool designed to be run?
1. Why is this going to cause you a problem?
How will you go about remediating problems in your environment, if you have to run this in a chrooted environment?

Discussion Post #2

Read these blog posts about CIS and STIG compliance: https://www.mindpointgroup.com/blog/stig-vs-cis-part-1-the-anatomy-of-baselines-and-compliance?lockdownenterprise https://www.mindpointgroup.com/blog/stig-vs-cis-part-2-selecting-the-best-baseline-for-your-business?lockdownenterprise

Why might you want to choose one over the other?
Which version of baseline tool aligns with your current industry, or the industry you’re wanting to work in?

Info

Submit your input by following the link. The discussion posts are done in Discord Forums.
Link to Discussion Posts

Definitions

Warewulf terminology
- Images
- Overlays
  - System
  - Runtime
Chrooted Enviroment
Stigs
- Ansible Lockdown (what is this?)
- OpenSCAP tooling

Digging Deeper

Read other parts of this doc for more HPC understanding: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-223.ipd.pdf
What are the components on the drawing on page 3 of doc (pg. 11 in the web viewer)

Reflection Questions

What questions do you still have about this week?
How are you going to use what you’ve learned in your current role?