O'Reilly logo

Cloud Security Automation by Prashant Priyam

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Securing compute 

We know that OpenStack combines multiple independent projects to set up the cloud environment. For compute, OpenStack uses a project called nova.  

In OpenStack, all the compute nodes contain configuration files called nova.conf, which stores the complete settings, including many sensitive options such as configuration details and service passwords.

There must be strict file-level permissions that are monitored for changes through file integrity monitoring (FIM) tools, which will take a hash of the target file in a known good state. It will also periodically take a new hash of the file and compare it to the known good hash. FIM tools will generate an alert if it was found to have been modified unexpectedly.

One can check ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required