Sign In Start Free Trial

Book Overview & Buying
Table Of Contents

Learning Puppet Security

By : Slagle

4 (3)

Learning Puppet Security

4 (3)

By: Slagle

Overview of this book

If you are a security professional whose workload is increasing, or a Puppet professional looking to increase your knowledge of security, or even an experienced systems administrator, then this book is for you. This book will take you to the next level of security automation using Puppet. The book requires no prior knowledge of Puppet to get started.

Preface

Preface

What this book covers

What you need for this book

Who this book is for

Convention

Reader feedback

Customer support

Free Chapter

1. Puppet as a Security Tool

1. Puppet as a Security Tool

What is Puppet?

Installing and configuring Puppet

Preparing the environment for examples

Puppet for security and compliance

Example – using Puppet to secure openssh

Summary

2. Tracking Changes to Objects

2. Tracking Changes to Objects

Change tracking with Puppet

The audit meta-parameter

Using audit on files

Auditing the password file

Audit on other resource types

Auditing a package

Things to know about audit

Alternatives to auditing

Using noop

Summary

3. Puppet for Compliance

3. Puppet for Compliance

Using manifests to document the system state

Tracking history with version control

Facts for compliance

The PCI DSS and how Puppet can help

Summary

4. Security Reporting with Puppet

4. Security Reporting with Puppet

Basic Puppet reporting

PuppetDB and reporting

Reporting for compliance

Summary

5. Securing Puppet

5. Securing Puppet

Puppet security related configuration

SSL and Puppet

Autosigning certificates

Summary

6. Community Modules for Security

6. Community Modules for Security

The Puppet Forge

The herculesteam/augeasproviders series of modules

The arildjensen/cis module

The saz/sudo module

The hiera-eyaml gem

Summary

7. Network Security and Puppet

7. Network Security and Puppet

Introducing the firewall module

The firewall type

The firewallchain type

Creating pre and post rules

Adding firewall rules to other modules

Summary

8. Centralized Logging

8. Centralized Logging

Welcome to logging happiness

Logstash and Puppet

Installing Elasticsearch

Reporting on log data

Configuring hosts to report log data

Summary

9. Puppet and OS Security Tools

9. Puppet and OS Security Tools

Introducing SELinux and auditd

SELinux and Puppet

Configuring SELinux with community modules

Configuring auditd with community modules

Summary

A. Going Forward

A. Going Forward

What we've learned

Where to go next

Final thoughts

Index

Index

Chapter 7. Network Security and Puppet

One of the most important things to be done on a system, security-wise, is to ensure that it is safe from network-based attacks.

Ensuring that your system only listens on expected ports and controls access to services at the network level is a tedious, repetitive process. What if services could automatically open the necessary firewall rules? What if the systems running a cluster application could learn about one another and open access to just the other nodes?

With Puppet, all this is possible. We'll cover some of these cases in this chapter. We'll cover the following topics:

Basic information in the firewall module
The firewall type
The firewall chain type
Pre and post rules—what they are and how they're used
Adding firewall rules to your own modules in an extensible way

Let's get rolling with our first topic!

Visually different images

CONTINUE READING

83

Tech Concepts

36

Programming languages

73

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

Learning Puppet Security

Search

Your notes and bookmarks