Securing Linux with Ansible
-
This video is focused on OpenStack however it works with and without OpenStack. Supports RHEL 7, CentOS 7 and Ubuntu 16.04.
You successfully pitched an OpenStack cloud to your company. Great! But wait -- here comes the security team and the auditors! What do you do now? Help is on the way (in the form of an Ansible role)! The openstack-ansible-security role, first unveiled at the Austin Summit, applies security controls from the Security Technical Implementation Guide (STIG) across OpenStack clouds using Ansible...
-
I made a really good SaltStack state for Linux hardening. Works great, and now pass OpenVAS with flying colours for example.
-
@tim_g said in Securing Linux with Ansible:
I made a really good SaltStack state for Linux hardening. Works great, and now pass OpenVAS with flying colours for example.
Did you post it here? If so, I missed it...
-
@tim_g said in Securing Linux with Ansible:
I made a really good SaltStack state for Linux hardening. Works great, and now pass OpenVAS with flying colours for example.
Where is the ML article about that?
-
@scottalanmiller said in Securing Linux with Ansible:
@tim_g said in Securing Linux with Ansible:
I made a really good SaltStack state for Linux hardening. Works great, and now pass OpenVAS with flying colours for example.
Where is the ML article about that?
I can paste it here for now if ya like... but I have a lot of stuff saved up to put in some blog post drafts I have going. I usually put stuff here afterwards.
-
@scottalanmiller said in Securing Linux with Ansible:
@tim_g said in Securing Linux with Ansible:
I made a really good SaltStack state for Linux hardening. Works great, and now pass OpenVAS with flying colours for example.
Where is the ML article about that?
Damn! I can only upvote this once.
-
Where is the ML article on that?
Now we can upvote it twice
-
@scottalanmiller Done :grinning_face_with_smiling_eyes:
-
And this is why we need a way to post articles/how-to's in something other than a discussion thread. They get lost and forgotten.
-
@kelly said in Securing Linux with Ansible:
And this is why we need a way to post articles/how-to's in something other than a discussion thread. They get lost and forgotten.
Tags help a TON with this. Look up SaltStack tag for example.
-
@tim_g said in Securing Linux with Ansible:
@kelly said in Securing Linux with Ansible:
And this is why we need a way to post articles/how-to's in something other than a discussion thread. They get lost and forgotten.
Tags help a TON with this. Look up SaltStack tag for example.
It helps, but overtime it will still get buried. In addition, if, as happens frequently, the original post receives input from replies, it may no longer be 100% accurate. There is no way to deduce that without reading the entire comment chain. Forums are terrible places to store knowledge imo.
-
@kelly said in Securing Linux with Ansible:
@tim_g said in Securing Linux with Ansible:
@kelly said in Securing Linux with Ansible:
And this is why we need a way to post articles/how-to's in something other than a discussion thread. They get lost and forgotten.
Tags help a TON with this. Look up SaltStack tag for example.
It helps, but overtime it will still get buried. In addition, if, as happens frequently, the original post receives input from replies, it may no longer be 100% accurate. There is no way to deduce that without reading the entire comment chain. Forums are terrible places to store knowledge imo.
That's mostly true, although there are ways to make it work better. Like the Linux Admin book.
-
Hereβs mine based off of the DISA STIGS.