Book description
Automate security-related tasks in a structured, modular fashion using the best open source automation tool available
About This Book
- Leverage the agentless, push-based power of Ansible 2 to automate security tasks
- Learn to write playbooks that apply security to any part of your system
- This recipe-based guide will teach you to use Ansible 2 for various use cases such as fraud detection, network security, governance, and more
Who This Book Is For
If you are a system administrator or a DevOps engineer with responsibility for finding loop holes in your system or application, then this book is for you. It’s also useful for security consultants looking to automate their infrastructure’s security model.
What You Will Learn
- Use Ansible playbooks, roles, modules, and templating to build generic, testable playbooks
- Manage Linux and Windows hosts remotely in a repeatable and predictable manner
- See how to perform security patch management, and security hardening with scheduling and automation
- Set up AWS Lambda for a serverless automated defense
- Run continuous security scans against your hosts and automatically fix and harden the gaps
- Extend Ansible to write your custom modules and use them as part of your already existing security automation programs
- Perform automation security audit checks for applications using Ansible
- Manage secrets in Ansible using Ansible Vault
In Detail
Security automation is one of the most interesting skills to have nowadays. Ansible allows you to write automation procedures once and use them across your entire infrastructure. This book will teach you the best way to use Ansible for seemingly complex tasks by using the various building blocks available and creating solutions that are easy to teach others, store for later, perform version control on, and repeat.
We’ll start by covering various popular modules and writing simple playbooks to showcase those modules. You’ll see how this can be applied over a variety of platforms and operating systems, whether they are Windows/Linux bare metal servers or containers on a cloud platform. Once the bare bones automation is in place, you’ll learn how to leverage tools such as Ansible Tower or even Jenkins to create scheduled repeatable processes around security patching, security hardening, compliance reports, monitoring of systems, and so on.
Moving on, you’ll delve into useful security automation techniques and approaches, and learn how to extend Ansible for enhanced security. While on the way, we will tackle topics like how to manage secrets, how to manage all the playbooks that we will create and how to enable collaboration using Ansible Galaxy. In the final stretch, we’ll tackle how to extend the modules of Ansible for our use, and do all the previous tasks in a programmatic manner to get even more powerful automation frameworks and rigs.
Style and approach
This comprehensive guide will teach you to manage Linux and Windows hosts remotely in a repeatable and predictable manner. The book takes an in-depth approach and helps you understand how to set up complicated stacks of software with codified and easy-to-share best practices.
Table of contents
- Preface
- Introduction to Ansible Playbooks and Roles
- Ansible Tower, Jenkins, and Other Automation Tools
-
Setting Up a Hardened WordPress with Encrypted Automated Backups
- CLI for WordPress
- Why Ansible for this setup?
-
A complete WordPress installation step-by-step
- Setting up nginx web server
- Setting up prerequisites
- Setting up MySQL database
- Installing PHP for WordPress setup
- Installing WordPress using WP-CLI
- Hardening SSH service
- Hardening a database service
- Hardening nginx
- Hardening WordPress
- Hardening a host firewall service
- Setting up automated encrypted backups in AWS S3
- Executing playbook against an Ubuntu 16.04 server using Ansible Tower
- Secure automated the WordPress updates
- Setting up Apache2 web server
- Enabling TLS/SSL with Let's Encrypt
- What if you don't want to roll your own? The Trellis stack
- WordPress on Windows
- Summary
-
Log Monitoring and Serverless Automated Defense (Elastic Stack in AWS)
-
Introduction to Elastic Stack
- Elasticsearch
- Logstash
- Kibana
- Beats
- Why should we use Elastic Stack for security monitoring and alerting?
- Prerequisites for setting up Elastic Stack
- Setting up the Elastic Stack
- Installing Elasticsearch
- Installing Logstash
- Logstash configuration
- Installing Kibana
- Setting up nginx reverse proxy
- Installing Beats to send logs to Elastic Stack
- ElastAlert for alerting
- Configuring the Let's Encrypt service
- ElastAlert rule configuration
- Kibana dashboards
- Automated defense?
- Summary
-
Introduction to Elastic Stack
- Automating Web Application Security Testing Using OWASP ZAP
- Vulnerability Scanning with Nessus
-
Security Hardening for Applications and Networks
-
Security hardening with benchmarks such as CIS, STIGs, and NIST
- Operating system hardening for baseline using an Ansible playbook
- STIGs Ansible role for automated security hardening for Linux hosts
- Continuous security scans and reports for OpenSCAP using Ansible Tower
- CIS Benchmarks
- Lynis – open source security auditing tool for Unix/Linux systems
- Windows server audit using Ansible playbooks
- Automating security audit checks for networking devices using Ansible
- Automation security audit checks for applications using Ansible
- Automated patching approaches using Ansible
- Summary
-
Security hardening with benchmarks such as CIS, STIGs, and NIST
-
Continuous Security Scanning for Docker Containers
- Understanding continuous security concepts
- Automating vulnerability assessments of Docker containers using Ansible
- Scheduled scans using Ansible Tower for Docker security
- Scheduled scans using Ansible Tower for operating systems and kernel security
- Scheduled scans for file integrity checks, host-level monitoring using Ansible for various compliance initiatives
- Summary
-
Automating Lab Setups for Forensics Collection and Malware Analysis
- Creating Ansible playbooks for labs for isolated environments
- Creating Ansible playbooks for collection and storage with secure backup of forensic artifacts
- Summary
- Writing an Ansible Module for Security Testing
- Ansible Security Best Practices, References, and Further Reading
Product information
- Title: Security Automation with Ansible 2
- Author(s):
- Release date: December 2017
- Publisher(s): Packt Publishing
- ISBN: 9781788394512
You might also like
book
Implementing DevOps with Ansible 2
Leverage the power of Ansible 2 and related tools and scale DevOps processes About This Book …
book
Learning Ansible 2 - Second Edition
Learn everything you need to manage and handle your systems with ease with Ansible 2 using …
book
Practical Security Automation and Testing
Your one stop guide to automating infrastructure security using DevOps and DevSecOps Key Features Secure and …
book
Network Automation Cookbook
Take your network automation skills to the next level with practical recipes on managing network devices …