Book Image

Hands-On Enterprise Automation on Linux

By : James Freeman
Book Image

Hands-On Enterprise Automation on Linux

By: James Freeman

Overview of this book

Automation is paramount if you want to run Linux in your enterprise effectively. It helps you minimize costs by reducing manual operations, ensuring compliance across data centers, and accelerating deployments for your cloud infrastructures. Complete with detailed explanations, practical examples, and self-assessment questions, this book will teach you how to manage your Linux estate and leverage Ansible to achieve effective levels of automation. You'll learn important concepts on standard operating environments that lend themselves to automation, and then build on this knowledge by applying Ansible to achieve standardization throughout your Linux environments. By the end of this Linux automation book, you'll be able to build, deploy, and manage an entire estate of Linux servers with higher reliability and lower overheads than ever before.
Table of Contents (23 chapters)
1
Section 1: Core Concepts
5
Section 2: Standardizing Your Linux Servers
10
Section 3: Day-to-Day Management
16
Section 4: Securing Your Linux Servers

Testing security policies with Ansible

As we have discussed so far, it is important to ensure that not only can you implement security policies in an efficient and repeatable manner, but that it should also be possible to audit them. There are a variety of tools available for this task, both closed source and open source. Before we consider any other tools, though, it is worthwhile looking at how Ansible itself can assist with this task.

Let's return to one of our original examples, where we were implementing two of the recommendations from section 5 of the CIS Benchmark.

Previously, we ran this with the following command:

$ ansible-playbook -i hosts site.yml

This ran through the two checks, implementing the changes if the system was not already compliant with the security recommendations. However, Ansible also has a mode of operation called check mode. In this mode, Ansible...