Security Automation with Ansible 2

Security Automation with Ansible 2

By : Akash Mahajan, MADHU AKULA

Buy this Book

Security Automation with Ansible 2

By: Akash Mahajan, MADHU AKULA

Buy this Book

Overview of this book

Security automation is one of the most interesting skills to have nowadays. Ansible allows you to write automation procedures once and use them across your entire infrastructure. This book will teach you the best way to use Ansible for seemingly complex tasks by using the various building blocks available and creating solutions that are easy to teach others, store for later, perform version control on, and repeat. We’ll start by covering various popular modules and writing simple playbooks to showcase those modules. You’ll see how this can be applied over a variety of platforms and operating systems, whether they are Windows/Linux bare metal servers or containers on a cloud platform. Once the bare bones automation is in place, you’ll learn how to leverage tools such as Ansible Tower or even Jenkins to create scheduled repeatable processes around security patching, security hardening, compliance reports, monitoring of systems, and so on. Moving on, you’ll delve into useful security automation techniques and approaches, and learn how to extend Ansible for enhanced security. While on the way, we will tackle topics like how to manage secrets, how to manage all the playbooks that we will create and how to enable collaboration using Ansible Galaxy. In the final stretch, we’ll tackle how to extend the modules of Ansible for our use, and do all the previous tasks in a programmatic manner to get even more powerful automation frameworks and rigs.

Title Page

Credits

About the Authors

About the Reviewer

www.PacktPub.com

Customer Feedback

Preface

Free Chapter

Introduction to Ansible Playbooks and Roles

Ansible terms to keep in mind

Summary

Ansible Tower, Jenkins, and Other Automation Tools

Scheduling tools to enable the next abstraction of automation

Getting up and running

Security automation use cases

Summary

Setting Up a Hardened WordPress with Encrypted Automated Backups

CLI for WordPress

Why Ansible for this setup?

A complete WordPress installation step-by-step

Setting up Apache2 web server

Enabling TLS/SSL with Let's Encrypt

What if you don't want to roll your own? The Trellis stack

WordPress on Windows

Summary

Log Monitoring and Serverless Automated Defense (Elastic Stack in AWS)

Introduction to Elastic Stack

Automated defense?

Summary

Automating Web Application Security Testing Using OWASP ZAP

Installing OWASP ZAP

Summary

Vulnerability Scanning with Nessus

Introduction to Nessus

Summary

Security Hardening for Applications and Networks

Security hardening with benchmarks such as CIS, STIGs, and NIST

Automating security audit checks for networking devices using Ansible

Automation security audit checks for applications using Ansible

Automated patching approaches using Ansible

Summary

Continuous Security Scanning for Docker Containers

Understanding continuous security concepts

Automating vulnerability assessments of Docker containers using Ansible

Scheduled scans using Ansible Tower for Docker security

Scheduled scans using Ansible Tower for operating systems and kernel security

Scheduled scans for file integrity checks, host-level monitoring using Ansible for various compliance initiatives

Summary

Automating Lab Setups for Forensics Collection and Malware Analysis

Creating Ansible playbooks for labs for isolated environments

Creating Ansible playbooks for collection and storage with secure backup of forensic artifacts

Summary

Writing an Ansible Module for Security Testing

Getting started with a hello world Ansible module

Setting up the development environment

Planning and what to keep in mind

OWASP ZAP module

Using Ansible as a Python module

Summary

Ansible Security Best Practices, References, and Further Reading

Working with Ansible Vault

Setting up and using Ansible Galaxy

Ansible controller machine security

Best practices and reference playbook projects

Additional references

Coming soon to Ansible 2.5

Summary

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Getting started with a hello world Ansible module

We will pass one argument to our custom module and show if we have success or failure for the module executing based on that.

Since all of this is new to us, we will look at the following things:

The source code of the hello world module
The output of that module for both success and failure
The command that we will use to invoke it

Before we get started, all of this is based on the Ansible Developer Guide! The following code is in Python.

Code

We use Python for many scripting tasks, but we are not experts in it. But we believe this code is simple enough to understand:

from ansible.module_utils.basic import AnsibleModule

module = AnsibleModule(
    argument_spec=dict(
        answer=dict(choices=['yes', 'no'], default='yes'),
    )
)

answer = module.params['answer']
if answer == 'no':
    module.fail_json(changed=True, msg='Failure! We failed because we answered no.')

module.exit_json(changed=True, msg='Success! We passed because we answered yes...

Security Automation with Ansible 2

By : Akash Mahajan, MADHU AKULA

Security Automation with Ansible 2

By: Akash Mahajan, MADHU AKULA

Overview of this book

Related Content you might be interested in

Current Title:

Security Automation with Ansible 2

Implementing DevOps with Ansible 2

Ansible Quick Start Guide

Learn Ansible

Getting started with a hello world Ansible module

Code