diff --git a/data/workshop/exercise2.mdx b/data/workshop/exercise2.mdx index f031854..149c39b 100644 --- a/data/workshop/exercise2.mdx +++ b/data/workshop/exercise2.mdx @@ -5,7 +5,7 @@ date: '2024-10-17' tags: ['openshift','security'] draft: false authors: ['default'] -summary: "" +summary: "Can't have security without a security platform" --- It’s your first day of the consulting engagement with ACME. You’ve paired up with one of their Senior Platform Engineers Angie who has just given you a tour of their newly deployed OpenShift cluster which is looking healthy 🥦 (whew!) . diff --git a/data/workshop/exercise3.mdx b/data/workshop/exercise3.mdx index 5e43c36..37b731f 100644 --- a/data/workshop/exercise3.mdx +++ b/data/workshop/exercise3.mdx @@ -5,7 +5,7 @@ date: '2024-10-18' tags: ['openshift','security','ipsec','encryption'] draft: false authors: ['default'] -summary: "" +summary: "Is OpenShift secure by default?" --- Day one with Angie went great. After a refreshing overnight break spent watching the cinematic masterpiece of Shrek 2 you're back on site with the ACME team for day two of the consulting engagement. diff --git a/data/workshop/exercise4.mdx b/data/workshop/exercise4.mdx index 4d93306..d9c9828 100644 --- a/data/workshop/exercise4.mdx +++ b/data/workshop/exercise4.mdx @@ -5,7 +5,7 @@ date: '2024-10-19' tags: ['openshift','security','cve management','rhacs'] draft: false authors: ['default'] -summary: "" +summary: "How do we deal with vulnerable workloads we can't patch?" --- IPSec was a quick job and the cluster is looking good after enabling it. Your afternoon job is to pair up with Angie again and review the vulnerability status of the ACME Financial Services workloads that are deployed on the cluster so far. @@ -47,7 +47,7 @@ If you've successfully secured the banks vulnerable payments processor please po > Please review [team name] solution for exercise 4, our payments processor application is now unhackable. -WARNING: The hackathon team will perform a brief penetration test of the application. If your application is not actually secured and remains exploitable by the log4shell vulnerability one of your OpenShift cluster nodes will be deleted for the lulz. No pressure! +**WARNING: The hackathon team will perform a brief penetration test of the application. If your application is not actually secured and remains exploitable by the log4shell vulnerability one of your OpenShift cluster nodes will be deleted for the lulz. No pressure!** This exercise is worth `25` points. The event team will reply in slack to confirm your updated team total score 🎉 diff --git a/data/workshop/exercise5.mdx b/data/workshop/exercise5.mdx new file mode 100644 index 0000000..27c3ee2 --- /dev/null +++ b/data/workshop/exercise5.mdx @@ -0,0 +1,31 @@ +--- +title: Understanding cluster compliance +exercise: 5 +date: '2024-10-23' +tags: ['openshift','compliance','nist','rhacs'] +draft: false +authors: ['default'] +summary: "Let's apply an industry benchmark!" +--- + +The first two days of the consulting engagement at ACME have whirled by. You're working remotely today for day three and are pairing up with Melissa from the banks compliance squad. + +On the agenda today is to harden the `acmd-prd-hub` cluster by understanding and remediating compliance against the [NIST 800-53 benchmark](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf). + +The bank must comply with this specific benchmark to meet the requirements of their regulation legislation known as APRA (ACME Penny Regulation Act, 1998). + +![meeting](/static/images/security/meeting.png) + + +## 5.1 Installing the compliance operator + +You’re got an upcoming Microsoft Skype for Business™ video call with Melissa in 30 minutes to show her how compliant the cluster is currently. + +Time to quickly get the OpenShift Compliance Operator installed and run a scan via Red Hat Advanced Cluster Security. Better hurry! + +As with last time, to limit PTSD induced panic attacks among the ACME platform team the operator must be set to update mode `Manual`. + +Documentation you may find helpful is: + +- https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/security_and_compliance/compliance-operator#installing-compliance-operator-web-console_compliance-operator-installation + diff --git a/public/static/images/security/meeting.png b/public/static/images/security/meeting.png new file mode 100644 index 0000000..39efff4 Binary files /dev/null and b/public/static/images/security/meeting.png differ