Puppet. We use it to configure the OS from barebones Kickstart onwards, as well as continuously enforce the various security policies we need to be able to tell people that we comply with.
They are, we're not doing anything super fancy, mostly just pushing lots of templated config files, ensuring that particular packages are installed, and that services like fapolicyd and auditd are running.
It’s going to depend on the requirements the company has. For example, if you need to deal with FIPS or IRS compliance, it is going to be tough.
When I was responsible for IT in a regulated scenario, we over provisioned laptops and used VMs or the Windows 10 Linux layer. We treated the Linux part like a developer tool.
If you don’t have compliance and audit risk, just find an angle to make it on. The puppet advice is good - maybe add shipping logs to a siem or splunk server.
Recommend r/sysadmin on Reddit if you haven’t already checked there
Puppet. We use it to configure the OS from barebones Kickstart onwards, as well as continuously enforce the various security policies we need to be able to tell people that we comply with.
Are all of your recipes home brewed?
They are, we're not doing anything super fancy, mostly just pushing lots of templated config files, ensuring that particular packages are installed, and that services like fapolicyd and auditd are running.
Just remember: whenever IT doesn't deliver a workable solution, Shadow IT does.
I used DriveStrike at an organization
It’s going to depend on the requirements the company has. For example, if you need to deal with FIPS or IRS compliance, it is going to be tough.
When I was responsible for IT in a regulated scenario, we over provisioned laptops and used VMs or the Windows 10 Linux layer. We treated the Linux part like a developer tool.
If you don’t have compliance and audit risk, just find an angle to make it on. The puppet advice is good - maybe add shipping logs to a siem or splunk server.