tag:speakerdeck.com,2005:/rudder tag:speakerdeck.com,2005:Talk/1500083 2026-02-03T09:34:14-05:00 2026-03-16T16:27:13-04:00 Rudder is an open source solution for managing system security and configuration, with a strong focus on continuous checks and compliance. 🎥 https://www.youtube.com/watch?v=VsYitIWS4lA 🧑 Nicolas Charles 📅 Config Management Camp 2026 With its GUI, it makes it easier for users to define security configurations and get feedback. Its API allows integration with most softwares that interact with your infrastructure. This talk will present Rudder and its use cases, then focus on the new version, Rudder 9.0, and conclude with a demo of configuring and hardening new instances on AWS Rudder (@rudder) tag:speakerdeck.com,2005:Talk/1500077 2026-02-03T09:08:02-05:00 2026-02-04T08:08:29-05:00 🎥 https://www.youtube.com/watch?v=NCNzXtBVvKc 🧑 Alexis Mousset 📅 Config Management Camp 2026 Automation management tools focus on enforcement, pushing desired state to systems. But we see growing needs for configuration auditing, especially for security reasons, which do not fit this workflow. It requires the ability to fetch real values and check them with a wide range of criteria. This talk presents a tool designed specifically for configuration files auditing. It is based on Augeas, leveraging its powerful parsing capabilities and lens-based architecture, and extends it with dedicated auditing keywords, such as regex matching, numerical comparisons, allowed-value lists, and more. Output is designed to provide useful context, using compiler-like messages, diffs outputs, etc. The tool stays capable of doing remediation. We will demonstrate configuration files checks in the context of several security benchmarks, showing how this approach bridges the gap dedicated audit scripts and automation tooling. Rudder (@rudder) tag:speakerdeck.com,2005:Talk/1193934 2024-05-30T08:02:15-04:00 2024-05-30T09:42:30-04:00 Accédez au replay : https://youtu.be/CE--LLWPzP8 À l'approche des Jeux Olympiques, la menace des cyberattaques est plus présente que jamais. L'ANSSI alerte sur le risque d’une augmentation significative des cybermenaces liée à la couverture des JO de Paris. Certains acteurs de la cyber parlent de 8 à 10 fois plus de cyberattaques que lors des JO de Tokyo, soit environ 4 millions. Il est donc essentiel pour les entreprises de s’y préparer. Êtes-vous prêts à riposter rapidement et efficacement ? Il est impératif de renforcer vos défenses contre les cybermenaces. Certaines mesures peuvent encore être déployées rapidement et efficacement pour sécuriser vos infrastructures IT, qui sont souvent les premières à faire l’objet de failles. N'hésitez pas à aller voir notre webinar en replay afin de découvrir ces mesures et préparer au mieux votre entreprise. Au programme : ⇒ Les différents risques cyber et l’importance de sécuriser vos systèmes en prévision des JO. ⇒ Les recommandations émises par les référentiels et agences de sécurité pour renforcer votre posture de sécurité ⇒ Les 10 mesures de sécurité indispensables à déployer sur vos infrastructures. Rudder (@rudder) tag:speakerdeck.com,2005:Talk/1162657 2024-03-22T07:23:33-04:00 2024-03-22T07:25:22-04:00 La menace de cyberattaques est plus présente que jamais. Toutes les entreprises sont aujourd’hui touchées. La question n’est plus de savoir SI on va subir une attaque, mais QUAND va-t-on la subir. Comment sécuriser son infrastructure IT ? Dans ce webinar, nous explorons les défis actuels en matière de sécurité et nous vous présenterons des solutions concrètes pour renforcer, grâce au hardening système, la résilience de votre infrastructure. Au programme : ⇒ L’approche 360° pour sécuriser son SI ⇒ Tour des solutions et frameworks existants ⇒ Exemple d’une application concrète avec CIS Benchmarks Rudder (@rudder) tag:speakerdeck.com,2005:Talk/1162618 2024-03-22T06:31:46-04:00 2024-03-22T06:33:23-04:00 L’importance du patch management n’est plus à démontrer : il s’agit de l’un des principes fondamentaux dans la sécurisation des systèmes d’information. Toutefois, la gestion efficace de ce processus, adaptée aux contraintes spécifiques de votre SI, peut s’avérer complexe. Dans ce webinar, nous vous dévoilerons les secrets d'un patch management efficace, garant de l’amélioration durable de la sécurité de vos systèmes ! Au programme : Les principaux enjeux et approches du patch management Conseils pratiques pour éviter les erreurs courantes Cas concret d’une mise en œuvre sur un environnement hybride Linux et Windows. Rudder (@rudder) tag:speakerdeck.com,2005:Talk/1152027 2024-02-28T11:00:56-05:00 2024-02-28T11:03:16-05:00 🎥 https://www.youtube.com/watch?v=yTECEJ2FVW8 🧑 Alexis Mousset 📅 Configuration Management Camp 2024 Configuration management primitives appear like a solved topic now, and current major solutions have converged to pretty similar choices 10+ years ago. However new needs are becoming more prominent, like observability, auditing and self-auditing abilities, in a context of growing attention for security topics. Could we benefit from reconsidering some of these design choices now to better address them? In this talk, we will navigate through the solution space of configuration management low-level implementations (resource/promise/etc.), and explore what we can modify to provide new promising features. It will also cover implementation and programming language choices, from C to Python, Ruby, and Rust, and how these choices participate in shaping our tools strengths and weaknesses. It will feature some examples from ongoing work in Rudder, as well as other projects (mgmt, Jet, etc.) Rudder (@rudder) tag:speakerdeck.com,2005:Talk/1152024 2024-02-28T10:57:36-05:00 2024-02-28T11:00:19-05:00 🎥 Coming soon 🧑 Nicolas Charles 📅 Configuration Management Camp 2024 New standards are constantly appearing and must be applied to a larger number of systems. Sometimes with very little time available from the law to the actual enforcement. Applying standards on a clean state is in itself a difficult task. But when it’s on existing infrastructures, it gets very complex with potentially a lot of divergences to identify and exceptions to be made. There are plenty of existing solutions. But they are often either one-size-fits-all, or they can audit but not remediate, or they cannot be consolidated over all the IT. In this talk, I will present how we implemented a CIS Server benchmarks on an existing infrastructure using Rudder. It starts from the reference Excel Benchmarks from CIS to finish by the implementation of every control point, with default values and mixed audit and remediation mode. It concludes by showing how having a graphical interface makes the reporting to relevant stakeholders helpful. This implementation involves a lot of YAML, some KCL to generate even more YAML, and unfortunately some bash scripts… Rudder (@rudder) tag:speakerdeck.com,2005:Talk/1152023 2024-02-28T10:55:14-05:00 2024-02-28T10:57:12-05:00 🎥 https://cfp.pass-the-salt.org/pts2023/talk/YAJN93/ 🧑 Alexis Mousset 📅 Pass The SALT 2023 - Lille, France Rust is an increasingly popular systems programming language, especially thanks to its memory safety guarantees and more general focus on safety. This talk will give an overview of where it stands regarding the software supply-chain security challenges, including vulnerability management across the ecosystem, dedicated tooling and integration into larger efforts (OpenSSF projects, etc.) It will cover the topic from both an internal (as a member of the Rust Secure Code WG) and an external (as a software editor using Rust) point of view. Rudder (@rudder) tag:speakerdeck.com,2005:Talk/987913 2023-02-07T12:00:34-05:00 2023-03-14T11:42:10-04:00 🎥 https://youtu.be/t0oRQ0EFo9E 🧑 Nicolas Charles 📅 Configuration Management Camp 2023 Configuration Management is nearly ubiquituous and a solved problem. It allows system administrator and developpers to excel at their job and many uses cases which would hardly be feasible without it. Most notably, the main features of configuration management, continuous configuration and compliance are enabler for hardening of systems by security team, and to reach and maintain an improved Security Posture. This talk will present how and why Rudder is evolving to incorporate operational security into its core features while strenghtening the fundamentals of configuration management. We'll show the impacts on the product, mainly on the compliance aspect with integration of compliance information from other sources and making the compliance queryable using GraphQL, and what it changes on the software principle. Rudder (@rudder) tag:speakerdeck.com,2005:Talk/987885 2023-02-07T10:02:28-05:00 2023-03-14T12:31:06-04:00 🎥 https://youtu.be/H-9Y_-3ohBI 🧑 Alexis Mousset 📅 Configuration Management Camp 2023 Infrastructure management tools have a special place among software regarding security, as they usually run ubiquitously, with high privileges and a relatively high attack surface. This makes them targets of choice, especially in the current context of increased threats on software supply chains. What are our (new) responsibilities as software editors in an open source ecosystem? They include a precise identification and authentication of all software components (to provide a Software Bill of Material) and constraints on the build process and software distribution models. This talk will give an overview of the current state of the rapidly evolving software supply chain standards and tooling (e.g. SLSA, SBOMs, etc.). It will also explore more concrete items, focused on dependencies management in open source ecosystems and our experience with Rudder. Rudder (@rudder) tag:speakerdeck.com,2005:Talk/987919 2023-02-07T12:26:11-05:00 2023-02-07T12:27:10-05:00 🎥 Coming soon 🧑 Nicolas Charles 📅 Configuration Management Camp 2023 A quick overview of the Rudder users: their IT size, number and type of people working on configuration management, metrics about their uses and most common use cases. To have the most extensive infos we sent a survey to our Rudder users to gather this data and we'll present here the results and insights from this survey. Rudder (@rudder) tag:speakerdeck.com,2005:Talk/987291 2023-02-06T11:02:46-05:00 2023-03-14T12:10:57-04:00 🎥 https://youtu.be/WqLPZeO3Rtg 🧑 Alexis Mousset 📅 Configuration Management Camp 2023 Rudder is used in critical contexts and the focus on its security has increased over the years, along with the threats. This talk will give an overview of how security topics are handled by the Rudder team, how they have evolved over time and what are our plans to handle current challenges. We will expose: - our recent features and architectural changes improving software security, especially in terms of node/server communication, user authentication and attack surface limitation. - our process to handle vulnerabilities reported or discovered in Rudder. - our efforts for software supply chain securitization, in particular regarding dependencies management and build infrastructure (dedicated signature server, ephemeral build environments, etc.) - and finally how we try to steer the dev culture towards security topics awareness, through integration of security assessments to our specification processes, and regular training and discussions. Rudder (@rudder) tag:speakerdeck.com,2005:Talk/987278 2023-02-06T09:56:47-05:00 2023-03-14T12:26:52-04:00 🎥 https://youtu.be/rkfxtT861es 🧑 Nicolas Charles 📅 Configuration Management Camp 2023 Rudder is an open source security and configuration management tool that focuses on compliance and continuous audit. It allows users from different teams and background to configure and extract data through both the UI and API, providing a fast feedback loop. Since its first release 10 years ago, Rudder has been used by organizations of all sizes, from small installations to large deployments of over 15,000 nodes. In this talk, we will introduce Rudder and explain what sets it apart from similar tools. We will also discuss the current evolution of Rudder towards operational security and its impact on the product. If you are new to Rudder or interested in learning more about compliance and configuration management, this talk is for you. Rudder (@rudder) tag:speakerdeck.com,2005:Talk/891123 2022-07-06T05:56:27-04:00 2022-07-06T05:57:27-04:00 Slides of the presentation on the state of compliance of configurations in 2022 Rudder (@rudder) tag:speakerdeck.com,2005:Talk/800301 2021-11-24T12:42:57-05:00 2021-11-24T12:43:59-05:00 Rudder (@rudder) tag:speakerdeck.com,2005:Talk/730014 2021-04-29T12:59:05-04:00 2021-04-29T12:59:46-04:00 Rudder (@rudder) tag:speakerdeck.com,2005:Talk/651361 2020-07-10T04:42:14-04:00 2020-07-10T04:54:25-04:00 🎥 https://cdn.ireland.production.livestorm.io/uploads/media/file/11f89895-4d5d-4331-8f22-cc5fea53f724/4a1ea187-895c-4c6d-a8cb-b9be6b853821.mp4?v=1594289702 🧑 Alexandre Brianceau 📅 Webinar du 9 juillet 2020 La gestion des vulnérabilités et leur remédiation sont des enjeux capitaux pour les entreprises. De nombreux axes de détection et de priorisation de vulnérabilités sont proposés aujourd’hui. Mais on parle encore trop peu de la remédiation de ces failles, car il s’agit d’une étape longue et souvent manuelle. Pire encore, elle est souvent inadaptée au cycle de vie de la production informatique. Pour nous, la remédiation est l’étape centrale du processus de gestion des vulnérabilités, car elle permet de garantir et de maintenir son infrastructure sécurisée dans le temps. Fort de notre expérience d’automatisation de systèmes et de productions, nous vous proposons de découvrir notre approche pour être efficace sur l’ensemble du processus de gestion des vulnérabilités, et notamment sur la remédiation. Rudder (@rudder) tag:speakerdeck.com,2005:Talk/613948 2020-03-17T06:02:44-04:00 2020-04-02T10:35:13-04:00 🎥 https://www.youtube.com/watch?v=l-ztfw_OIow 🧑 Alexis Mousset 📅 Configuration Management Camp 2020 RUDDER is currently used to manage more than 10k machines from the same central server, but our agent-server communication (using HTTP for inventory collection, syslog for reporting and a custom protocol for policy updates) was limiting us in terms of security, performance and extensibility. With RUDDER 6, we have introduced a new communication infrastructure to match present and future challenges with consistent security, better performance, improved continuity through immediate action triggers, while staying compatible with our fully asynchronous, pull-based workflow. The talk will focus on the design choices we made, from the use of Rust for our new server component, to the network and message protocols we use. It will also highlight the reasons and constraints behind them, including ensuring a minimal operation overhead and an easy and smooth transition with no breaking change. Rudder (@rudder) 2026-02-03T09:34:14-05:00