Speaker
Description
Title: Compliance Made Easy
Sub Title: 5 Minutes to Secure Your Infrastructure
Author: Aadarsha Dhakal
Pain Point
- Maintaining compliance across a growing infrastructure is complex and time-consuming.
- New regulations and updates require constant adaptation.
- Relying on manual checks is error-prone and inefficient.
Ubuntu Pro provides built-in compliance automation tools.
Why Ubuntu Pro?
- Enhanced Security Maintenance: Extended Security Maintenance (ESM) for 10 years.
- Comprehensive Coverage: Security patches for the Ubuntu base OS and thousands of applications.
- Compliance Tools: Built-in tools for automating compliance checks.
- Kernel Livepatch: Apply critical kernel patches without rebooting.
- FIPS 140-2, CIS, and DISA-STIG: Certified modules and tools for various compliance standards.
Demo
Let's start by enabling the Ubuntu Security Guid(USG) service
sudo pro enable usg
sudo apt install usg
Ubuntu Security Guide (USG) – a tool based on OpenSCAP – to automate the compliance and hardning process
Check compliance against standards
sudo usg audit cis_level2_server
Fix the non-compliant issues
sudo usg fix
sudo reboot
Check compliance against standards
sudo usg audit cis_level2_server
Conclusion
- Reduced Manual Effort: Automate compliance checks and remediation.
- Improved Security Posture: Proactively identify and address vulnerabilities.
- Simplified Audits: Generate detailed compliance reports.
- Cost-Effective: Consolidate security and compliance management.
- Ubuntu Pro: Your partner in achieving and maintaining compliance.
"Compliance is like doing the dishes. Nobody wants to do it, but when you don't, it piles up."
Thank You!
What audience can learn
This presentation aims to educate the audience on the complexities of infrastructure compliance and how Ubuntu Pro offers a streamlined solution. Attendees will learn about the pain points of manual compliance checks, the benefits of Ubuntu Pro's extended security maintenance and built-in automation tools like the Ubuntu Security Guide (USG), and gain practical knowledge through a live demo demonstrating how to audit and fix compliance issues against standards like CIS Level 2. Ultimately, they'll understand how Ubuntu Pro can reduce manual effort, enhance security, simplify audits, and serve as a cost-effective partner in achieving and maintaining regulatory compliance.
Summary
A quick session to demonstrate how the USG service that comes with an Ubuntu Pro subscription can be used to automate most of the CIS standard VM hardening. This session highlights the importance of compliance and an easy way to achieve it.
Biography
I am Aadarsha Dhakal, and I work as an Infrastructure Engineer at STARTsmall Pvt. Ltd., based here in Nepal. In my role, I primarily focus on virtualization technologies, managing and virtualizing infrastructure using KVM, Linux (specifically Ubuntu), Proxmox, and Ceph.
I've been a long-time supporter of open-source software and the Free Software Foundation (FSF) since my late teens. For many years, I've been actively involved in community work. My contributions have varied, from being an enthusiastic member of the WordPress community to taking a leadership role in the Flutter Community and my university's open-source community, where I organized numerous workshops and meetups.
| Difficulty level | Begineer |
|---|