ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Managing Publicly hosted Linux Servers through Cockpit

    Scheduled Pinned Locked Moved IT Discussion
    remote administrationlinuxcockpitpublicquestion
    31 Posts 8 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stacksofplatesS
      stacksofplates @DustinB3403
      last edited by

      @dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

      @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

      There's a big movement now around SBOM with tools like in-toto, SPIFFE/SPIRE, TUF, and a lot more. We are working with gov't clients and they are headed towards requiring SBOM information for each release.

      It's been mandated that software now include a SBOM (see my recent post in IT news).

      Yeah but that mandate is only for open source (for whatever dumb reason). I'm all for SBOMs for open source software, but it's ignoring the fact that the issue has historically come from closed source software. An SBOM is much less effective when you already have access to 99% of what's included in the product.

      DustinB3403D 1 Reply Last reply Reply Quote 2
      • stacksofplatesS
        stacksofplates
        last edited by

        We are working with Platform One and some others and they want to require it for everything. Hopefully that gets more traction.

        1 Reply Last reply Reply Quote 0
        • DustinB3403D
          DustinB3403 @stacksofplates
          last edited by

          @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

          @dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

          @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

          There's a big movement now around SBOM with tools like in-toto, SPIFFE/SPIRE, TUF, and a lot more. We are working with gov't clients and they are headed towards requiring SBOM information for each release.

          It's been mandated that software now include a SBOM (see my recent post in IT news).

          Yeah but that mandate is only for open source (for whatever dumb reason). I'm all for SBOMs for open source software, but it's ignoring the fact that the issue has historically come from closed source software. An SBOM is much less effective when you already have access to 99% of what's included in the product.

          Well it mentions open source specifically, but also targets close source

          stacksofplatesS 1 Reply Last reply Reply Quote 0
          • stacksofplatesS
            stacksofplates @DustinB3403
            last edited by

            @dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

            @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

            @dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

            @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

            There's a big movement now around SBOM with tools like in-toto, SPIFFE/SPIRE, TUF, and a lot more. We are working with gov't clients and they are headed towards requiring SBOM information for each release.

            It's been mandated that software now include a SBOM (see my recent post in IT news).

            Yeah but that mandate is only for open source (for whatever dumb reason). I'm all for SBOMs for open source software, but it's ignoring the fact that the issue has historically come from closed source software. An SBOM is much less effective when you already have access to 99% of what's included in the product.

            Well it mentions open source specifically, but also targets close source

            Ah I read the first part. It made it sound like it was only open source.

            DustinB3403D 1 Reply Last reply Reply Quote 0
            • DustinB3403D
              DustinB3403 @stacksofplates
              last edited by

              @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

              @dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

              @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

              @dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

              @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

              There's a big movement now around SBOM with tools like in-toto, SPIFFE/SPIRE, TUF, and a lot more. We are working with gov't clients and they are headed towards requiring SBOM information for each release.

              It's been mandated that software now include a SBOM (see my recent post in IT news).

              Yeah but that mandate is only for open source (for whatever dumb reason). I'm all for SBOMs for open source software, but it's ignoring the fact that the issue has historically come from closed source software. An SBOM is much less effective when you already have access to 99% of what's included in the product.

              Well it mentions open source specifically, but also targets close source

              Ah I read the first part. It made it sound like it was only open source.

              Not that anyone but the US Government will know what is actually included in any specific closed source software

              stacksofplatesS 1 Reply Last reply Reply Quote 1
              • stacksofplatesS
                stacksofplates @DustinB3403
                last edited by

                @dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

                @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

                @dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

                @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

                @dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

                @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

                There's a big movement now around SBOM with tools like in-toto, SPIFFE/SPIRE, TUF, and a lot more. We are working with gov't clients and they are headed towards requiring SBOM information for each release.

                It's been mandated that software now include a SBOM (see my recent post in IT news).

                Yeah but that mandate is only for open source (for whatever dumb reason). I'm all for SBOMs for open source software, but it's ignoring the fact that the issue has historically come from closed source software. An SBOM is much less effective when you already have access to 99% of what's included in the product.

                Well it mentions open source specifically, but also targets close source

                Ah I read the first part. It made it sound like it was only open source.

                Not that anyone but the US Government will know what is actually included in any specific closed source software

                If enterprises are smart they will require it too. And at that point it would hopefully just be publically available.

                DustinB3403D 1 Reply Last reply Reply Quote 0
                • DustinB3403D
                  DustinB3403 @stacksofplates
                  last edited by

                  @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

                  @dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

                  @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

                  @dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

                  @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

                  @dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

                  @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

                  There's a big movement now around SBOM with tools like in-toto, SPIFFE/SPIRE, TUF, and a lot more. We are working with gov't clients and they are headed towards requiring SBOM information for each release.

                  It's been mandated that software now include a SBOM (see my recent post in IT news).

                  Yeah but that mandate is only for open source (for whatever dumb reason). I'm all for SBOMs for open source software, but it's ignoring the fact that the issue has historically come from closed source software. An SBOM is much less effective when you already have access to 99% of what's included in the product.

                  Well it mentions open source specifically, but also targets close source

                  Ah I read the first part. It made it sound like it was only open source.

                  Not that anyone but the US Government will know what is actually included in any specific closed source software

                  If enterprises are smart they will require it too. And at that point it would hopefully just be publically available.

                  While I would agree, the reality is that so many software companies are in business solely because their software is closed source.

                  The RHEL's of the world are far and few in-between

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller
                    last edited by

                    We use Cockpit very limitedly. It's only on internally and not machines are grouped together even at clients with multiple Cockpit installs. It's nice and all, but it's not as fast as SSH and there's no real need for a GUI like this so... why bother.

                    CloudKnightC 1 Reply Last reply Reply Quote 1
                    • CloudKnightC
                      CloudKnight @scottalanmiller
                      last edited by

                      @scottalanmiller said in Managing Publicly hosted Linux Servers through Cockpit:

                      We use Cockpit very limitedly. It's only on internally and not machines are grouped together even at clients with multiple Cockpit installs. It's nice and all, but it's not as fast as SSH and there's no real need for a GUI like this so... why bother.

                      completely agree.

                      1 Reply Last reply Reply Quote 0
                      • 1
                        1337 @stacksofplates
                        last edited by 1337

                        @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

                        The Solarwinds hack was from an injection during a pipeline where they modified the actual binary that was built. Ansible wouldn't be compromised that way since it's a Python package and you can just pull the Ansible source and run it. It doesn't need compiled.

                        Supply chain attack doesn't have to modify binaries. You could modify anything. In Ansible's case they say that the weak link is the community developed modules. That it's built on Python changes nothing.

                        stacksofplatesS 1 Reply Last reply Reply Quote 0
                        • 1
                          1337 @stacksofplates
                          last edited by

                          @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

                          Solarwinds is far from "devops tooling" and that feels like a weird thing to say since most devops tooling is open source and not built in private like Solarwinds.

                          I didn't say that. I said that the cybercriminals are going after management tools including devops tooling. Just because it's open source doesn't make it automatically safe.

                          stacksofplatesS scottalanmillerS 2 Replies Last reply Reply Quote 0
                          • stacksofplatesS
                            stacksofplates @1337
                            last edited by

                            @pete-s said in Managing Publicly hosted Linux Servers through Cockpit:

                            @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

                            The Solarwinds hack was from an injection during a pipeline where they modified the actual binary that was built. Ansible wouldn't be compromised that way since it's a Python package and you can just pull the Ansible source and run it. It doesn't need compiled.

                            Supply chain attack doesn't have to modify binaries. You could modify anything. In Ansible's case they say that the weak link is the community developed modules. That it's built on Python changes nothing.

                            No, them being community developed modules changes nothing. 1) All of Ansible is community maintained. 2) If you're referencing the modules that come with Ansible, they are in the main repo with Ansible. Only recently have they started shipping collections which are separately maintained and that wouldn't be a failing of Ansible itself.

                            1 Reply Last reply Reply Quote 1
                            • stacksofplatesS
                              stacksofplates @1337
                              last edited by

                              @pete-s said in Managing Publicly hosted Linux Servers through Cockpit:

                              @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

                              Solarwinds is far from "devops tooling" and that feels like a weird thing to say since most devops tooling is open source and not built in private like Solarwinds.

                              I didn't say that. I said that the cybercriminals are going after management tools including devops tooling. Just because it's open source doesn't make it automatically safe.

                              Yeah no one said open source is automatically safe, but the reason the Solarwinds hack was successful was because it was closed. If the build logs were open like most open source tools, and the source was available, it could have easily been caught.

                              Relying on pre-built binaries is starting to fade. With languages like Go where you can pull the source and build locally in the same command, it's not needed any longer.

                              Also, in reality supply chain vulnerabilities are extremely difficult to pull off. Solarwinds wasn't because of an upstream dependency in the chain, it was the tool itself which was compromised in a build step. While SBOM information is really important, these attacks are rare and you're most likely to get attacked somewhere else.

                              1 Reply Last reply Reply Quote 1
                              • black3dynamiteB
                                black3dynamite @CloudKnight
                                last edited by

                                @stuartjordan said in Managing Publicly hosted Linux Servers through Cockpit:

                                Cockpit looks nice and all that, but the version I tried didn't seem to have as many features or as much control like webmin does.

                                Tried Cockpit on Ubuntu? If so, you probably been using a old version because the only distro that I know that always has the latest version is Fedora.

                                CloudKnightC 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @1337
                                  last edited by

                                  @pete-s said in Managing Publicly hosted Linux Servers through Cockpit:

                                  @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

                                  Solarwinds is far from "devops tooling" and that feels like a weird thing to say since most devops tooling is open source and not built in private like Solarwinds.

                                  I didn't say that. I said that the cybercriminals are going after management tools including devops tooling. Just because it's open source doesn't make it automatically safe.

                                  No, but it means one of the biggest factors in encouraging safety has been taken. Closed source has fewer ways to be protected and is built around a culture that is very dangerous. Nothing makes people wearing seatbelts automatically better drivers, but good drivers are way more likely to lean towards wearing seatbelts because the ecosystem things that make you take the obvious smart step of wearing a seatbelt will make you more likely to take driving well seriously. Plus the seatbelt itself adds a huge layer of protection. The same with OS. Code visibility adds some safety, but the bigger deal is the correlation with good programming behaviour.

                                  1 Reply Last reply Reply Quote 1
                                  • CloudKnightC
                                    CloudKnight @black3dynamite
                                    last edited by

                                    @black3dynamite said in Managing Publicly hosted Linux Servers through Cockpit:

                                    @stuartjordan said in Managing Publicly hosted Linux Servers through Cockpit:

                                    Cockpit looks nice and all that, but the version I tried didn't seem to have as many features or as much control like webmin does.

                                    Tried Cockpit on Ubuntu? If so, you probably been using a old version because the only distro that I know that always has the latest version is Fedora.

                                    Yep I'm a Debian/Ubuntu guy. I could probably add the repository for the latest version to try out if it does have more features. I'm normally straight up do everything through cli but wanted to try it out. then I tried webmin out which I haven't touched in over 8 years. They have defiantly improve things on their panel.

                                    1 Reply Last reply Reply Quote 0
                                    • 1
                                    • 2
                                    • 1 / 2
                                    • First post
                                      Last post