Book Image

Learning Puppet Security

Book Image

Learning Puppet Security

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Learning Puppet Security
Mar, 2015 | 236 pages
No titles found
Table of Contents (17 chapters)
Learning Puppet Security
Learning Puppet Security
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Puppet as a Security Tool
Puppet as a Security Tool
What is Puppet?
Installing and configuring Puppet
Preparing the environment for examples
Puppet for security and compliance
Example – using Puppet to secure openssh
Summary
2
Tracking Changes to Objects
Tracking Changes to Objects
Change tracking with Puppet
The audit meta-parameter
Using audit on files
Auditing the password file
Audit on other resource types
Auditing a package
Things to know about audit
Alternatives to auditing
Using noop
Summary
3
Puppet for Compliance
Puppet for Compliance
Using manifests to document the system state
Tracking history with version control
Facts for compliance
The PCI DSS and how Puppet can help
Summary
4
Security Reporting with Puppet
Security Reporting with Puppet
Basic Puppet reporting
PuppetDB and reporting
Reporting for compliance
Summary
5
Securing Puppet
Securing Puppet
Puppet security related configuration
SSL and Puppet
Autosigning certificates
Summary
6
Community Modules for Security
Community Modules for Security
The Puppet Forge
The herculesteam/augeasproviders series of modules
The arildjensen/cis module
The saz/sudo module
The hiera-eyaml gem
Summary
7
Network Security and Puppet
Network Security and Puppet
Introducing the firewall module
The firewall type
The firewallchain type
Creating pre and post rules
Adding firewall rules to other modules
Summary
8
Centralized Logging
Centralized Logging
Welcome to logging happiness
Logstash and Puppet
Installing Elasticsearch
Reporting on log data
Configuring hosts to report log data
Summary
9
Puppet and OS Security Tools
Puppet and OS Security Tools
Introducing SELinux and auditd
SELinux and Puppet
Configuring SELinux with community modules
Configuring auditd with community modules
Summary
Going Forward
Going Forward
What we've learned
Where to go next
Final thoughts
Index
Index

Summary

In this chapter, we built a foundation for things we will do in chapters to come. First, we covered what Puppet is, and how it differs from other tools in its space. We gave a brief introduction to some of the other Puppet components we'll be using in this book as well.

Moving on from this, we covered how to install Puppet on CentOS. We went through a full installation example and covered the basics of configuration files.

Then, we covered the configuration and installation of Vagrant and used it to run our first example. In this example, we configured SSH with a secure configuration file.

Finally, we introduced how Puppet fits into a security ecosystem. While keeping with the basics, we've begun exploring how Puppet can be used to process simple configuration tasks to secure your systems.

This chapter focused on several high-level concepts. As we get further into the book, we'll go more in-depth in examples and they will get much more powerful. As an introductory chapter, the hope was to get you up and running with a working manifest. In future chapters, we will assume a base level of knowledge and link to references you can use if needed.

Additionally, if you wish to get some more information on the base Puppet language before we proceed, there are several books available. Some of them were mentioned earlier in this chapter, and we'll cover more as we proceed through the book. The documentation at http://docs.puppetlabs.com is also very informative, if a little dry at times.

In the next chapter, we'll begin to use our knowledge gained here to explore how Puppet can be used to track changes to resources on our filesystems.

Previous Section
End of Chapter 1
Next Chapter