CIS policy on OTRS
Moderator: crythias
-
- Znuny newbie
- Posts: 64
- Joined: 02 Sep 2015, 08:47
- Znuny Version: OTRS-Rel-5
CIS policy on OTRS
What is the support of CIS policy on OTRS?
One of the customer is interest in using the CIS policy for OTRS, needs to whether CIS policy is supported by OTRS or not. any input will be valuable.
regards,
Mohsin khan
One of the customer is interest in using the CIS policy for OTRS, needs to whether CIS policy is supported by OTRS or not. any input will be valuable.
regards,
Mohsin khan
Re: CIS policy on OTRS
implementing CIS policies are typically a set of measures in a company and within IT services which might include hardeining of servers. So please be more precice with your question
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
-
- Znuny newbie
- Posts: 64
- Joined: 02 Sep 2015, 08:47
- Znuny Version: OTRS-Rel-5
Re: CIS policy on OTRS
Whether OTRS will support the CIS hardening. Also please let us know the precise question so that it will be helpful.
Re: CIS policy on OTRS
CIS hardening is about OS, Software Layer, monitoring, organisational processes etc.
So please elaborate what kind of hardening you would need for the OTRS software layer.
So please elaborate what kind of hardening you would need for the OTRS software layer.
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
-
- Znuny newbie
- Posts: 64
- Joined: 02 Sep 2015, 08:47
- Znuny Version: OTRS-Rel-5
Re: CIS policy on OTRS
Hi Jojo,
We have a customer implementation planned ahead, they have CIS hardening policy that will be implemented during infra setup and hardening will be done according to https://www.cisecurity.org/cis-benchmarks/.
Profile 2 of the above CIS policy will be implemented.
Can you please help to know whether it will impact on OTRS performance or functionality, where OTRS is on RHEL server.
We have a customer implementation planned ahead, they have CIS hardening policy that will be implemented during infra setup and hardening will be done according to https://www.cisecurity.org/cis-benchmarks/.
Profile 2 of the above CIS policy will be implemented.
Can you please help to know whether it will impact on OTRS performance or functionality, where OTRS is on RHEL server.
Re: CIS policy on OTRS
OTRS will not be useable out of the box with profile 2
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
-
- Znuny newbie
- Posts: 64
- Joined: 02 Sep 2015, 08:47
- Znuny Version: OTRS-Rel-5
Re: CIS policy on OTRS
Hi Jojo,
Is there is any other alternative for hardening if level 2 is not supported.
Is there is any other alternative for hardening if level 2 is not supported.
-
- Znuny newbie
- Posts: 12
- Joined: 30 Apr 2020, 15:16
- Znuny Version: 6.0
- Real Name: Bernhard Schmalhofer
- Company: Bernhard Schmalhofer
- Location: Munich
- Contact:
Re: CIS policy on OTRS
Hi,
this might be nonsense, as I'm not really versed in security. Is running OTRS, or OTOBO, in Docker an option? There you would have a defined interface what the application can, and cannot, do. You can take a look at https://hub.docker.com/r/juanluisbaptiste/otrs and at https://hub.docker.com/r/rotheross/otobo.
Best regards,
Bernhard
this might be nonsense, as I'm not really versed in security. Is running OTRS, or OTOBO, in Docker an option? There you would have a defined interface what the application can, and cannot, do. You can take a look at https://hub.docker.com/r/juanluisbaptiste/otrs and at https://hub.docker.com/r/rotheross/otobo.
Best regards,
Bernhard
Re: CIS policy on OTRS
Hardening and requirements have to be checked. So you should first analyse what kind of hardening of the application is missing for operations of OTRSmohsinkhan009 wrote: ↑20 Aug 2020, 08:26 Hi Jojo,
Is there is any other alternative for hardening if level 2 is not supported.
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
-
- Znuny newbie
- Posts: 64
- Joined: 02 Sep 2015, 08:47
- Znuny Version: OTRS-Rel-5
Re: CIS policy on OTRS
Hi Jojo,
“how OTRS functionality will be impacted” if CIS hardening level 2 is implemented on OTRS servers.
can you please provide your input.
“how OTRS functionality will be impacted” if CIS hardening level 2 is implemented on OTRS servers.
can you please provide your input.
Re: CIS policy on OTRS
Hi,
I'm not offering such kind of consultancy for free.
I'm not offering such kind of consultancy for free.
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
-
- Znuny newbie
- Posts: 64
- Joined: 02 Sep 2015, 08:47
- Znuny Version: OTRS-Rel-5
Re: CIS policy on OTRS
Hi Jojo,
I appreciate your effort in helping out in OTRS issue which comes on the forum. as a expert advice your input are valuable
I appreciate your effort in helping out in OTRS issue which comes on the forum. as a expert advice your input are valuable