shupaza: Server Hardening via Cfengine

[Christian Pearce]

I put together some thoughts on a project for converting the 
Solaris Security Toolkit (SST) into a Cfengine implementation.  I 
hope to learn how to create cfengine configurations that will 
plugin to existing cfengine configuration files or work 
standalone.  I chose this existing body of work so we would not 
have to decide "what" the best practice is.  The Solaris Security 
Toolkit project in Cfengine will benefit from a Cfengine since it 
can continue to check to make sure the SST policy is converged.  
After that I hope to have the convention and architecture defined 
to communicating other best practices via Cfengine.  This way the 
community can start sharing their configs more.

http://www.pearcec.com/a_shupaza.php

For now I am reading the SST code.  I admit I haven't done a lot 
of research to see what others have done to attempt this.  I know 
there are a few Cfengine configuration projects out there.  I 
intend to review and use them were applicable.

All input is appreciated.  I will need people to write and test 
the code once I have written the architecture.

--
Christian Pearce
http://www.commnav.com
http://www.perfectorder.com