Book Image

Security Automation with Ansible 2

By : Akash Mahajan, MADHU AKULA
Book Image

Security Automation with Ansible 2

By: Akash Mahajan, MADHU AKULA

Overview of this book

Security automation is one of the most interesting skills to have nowadays. Ansible allows you to write automation procedures once and use them across your entire infrastructure. This book will teach you the best way to use Ansible for seemingly complex tasks by using the various building blocks available and creating solutions that are easy to teach others, store for later, perform version control on, and repeat. We’ll start by covering various popular modules and writing simple playbooks to showcase those modules. You’ll see how this can be applied over a variety of platforms and operating systems, whether they are Windows/Linux bare metal servers or containers on a cloud platform. Once the bare bones automation is in place, you’ll learn how to leverage tools such as Ansible Tower or even Jenkins to create scheduled repeatable processes around security patching, security hardening, compliance reports, monitoring of systems, and so on. Moving on, you’ll delve into useful security automation techniques and approaches, and learn how to extend Ansible for enhanced security. While on the way, we will tackle topics like how to manage secrets, how to manage all the playbooks that we will create and how to enable collaboration using Ansible Galaxy. In the final stretch, we’ll tackle how to extend the modules of Ansible for our use, and do all the previous tasks in a programmatic manner to get even more powerful automation frameworks and rigs.
Table of Contents (18 chapters)
Title Page
Credits
About the Authors
About the Reviewer
www.PacktPub.com
Customer Feedback
Preface
Free Chapter
1
Introduction to Ansible Playbooks and Roles
5
Automating Web Application Security Testing Using OWASP ZAP

Security hardening with benchmarks such as CIS, STIGs, and NIST


Benchmarks provide a great way for anyone to gain assurance of their individual security efforts. Created by security experts globally or led by security mature government departments such as NIST, benchmarks cover a whole range of systems, configurations, software, and more.

Hardening for security mostly boils down to do the following: 

  1. Agreeing on what is the minimal set of configuration that qualifies as secure configuration. This is usually defined as a hardening benchmark or framework.
  2. Making changes to all the aspects of the system that are touched by such configuration.
  3. Measuring periodically if the application and system are still in line with the configuration or if there is any deviation.
  4. If any deviation is found, take corrective action to fix that. 
  5. If no deviation is found, log that.
  6. Since software is always getting upgraded, staying on top of the latest configuration guidelines and benchmarks is most important.

The three...