cv: firemon: More details for FireMon projects
parent
7776f656df
commit
593516fd22
|
|
@ -15,16 +15,10 @@ from a single server to massive multi-node ecosystems.
|
|||
|
||||
<!-- more -->
|
||||
|
||||
# FMOS Generation II
|
||||
# FMOS: FireMon Operating System
|
||||
|
||||
## Ansible Configuration Policy
|
||||
|
||||
* Based on CentOS 7
|
||||
* Full-disk encryption using LUKS
|
||||
* Anaconda installer with custom addon for generating machine-specific LUKS
|
||||
master key passphrase
|
||||
* Kickstart script for fully-automated installation
|
||||
* Used Koji to build RPM packages for first- and third-party software
|
||||
* Distribution included Ansible for configuration management
|
||||
* systemd units for controlling FireMon application services
|
||||
* Configuration policy for deployment of all FireMon software and
|
||||
third-party dependencies
|
||||
* Support for single-server and distributed deployments
|
||||
|
|
@ -46,13 +40,41 @@ from a single server to massive multi-node ecosystems.
|
|||
* Optionally configures *rsyslog* to send log messages to remote destinations
|
||||
over UDP, TCP, or TCP+TLS
|
||||
* Configures *tmux* to automatically launch at user login
|
||||
* …
|
||||
|
||||
# FMOS Generation III
|
||||
## Deployment and Maintenance Tools
|
||||
|
||||
* Python software for configuring and managing machines running FireMon
|
||||
software (`fmos` command)
|
||||
* Critical functionality for application maintenance:
|
||||
* Updating OS and software
|
||||
* Backing up and restoring data
|
||||
* Capturing diagnostic information for technical support
|
||||
* Modifying configuration settings
|
||||
* Managing server certificates and private keys
|
||||
* D-Bus daemon to handle privileged operations
|
||||
* Unprivileged command-line interface
|
||||
* HTTP API developed with FastAPI
|
||||
|
||||
|
||||
## Generation II Platform
|
||||
|
||||
* Based on CentOS 7
|
||||
* Full-disk encryption using LUKS
|
||||
* Anaconda installer with custom addon for generating machine-specific LUKS
|
||||
master key passphrase
|
||||
* Kickstart script for fully-automated installation
|
||||
* Used Koji to build RPM packages for first- and third-party software
|
||||
* Distribution included Ansible for configuration management
|
||||
* systemd units for controlling FireMon application services
|
||||
|
||||
## Generation III Platform
|
||||
|
||||
* Based on CentOS 7, later CentOS 8 (Stream)
|
||||
* Immutable SquashFS root filesystem image
|
||||
* …
|
||||
* Full-disk encryption using LUKS
|
||||
* Custom Dracut modules to verify image OpenPGP signature, mount as rootfs,
|
||||
initialize LUKS-encrypted persistent data volume with LVM
|
||||
* Custom SELinux policy to confine FireMon software
|
||||
|
||||
|
||||
# DevOps Team Lead
|
||||
|
|
@ -112,3 +134,16 @@ from a single server to massive multi-node ecosystems.
|
|||
* Accessible via purpose-built, ultra-minimal Linux distribution (Kernel and
|
||||
Busybox only) delivered by network boot/PXE
|
||||
* Written in Rust
|
||||
|
||||
|
||||
# FireMon-as-a-Service
|
||||
|
||||
* Cloud-hosted FireMon software deployment
|
||||
* Deployed backend infrastructure for federated authentication using OpenLDAP,
|
||||
MIT kerberos
|
||||
* Followed Infrastructure-as-Code principles using Ansible
|
||||
* Developed custom integrated authentication solution for FireMon Security
|
||||
Manager software to provide full-featured account and credential management
|
||||
using Kerberos protocol (Authgate)
|
||||
* Python bindings for *mit-kerberos* using Cython
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue