The objective of this manual is to create a security standard in our infrastructure setup. For this guide, we will use the Chef Inspec to run our setup tests + Dev sec hardening framework automated with Ansible
Centos 7+
yum -y install ruby ruby-devel make gcc gcc-c++ git curl
Inspect We will inspect our server according to the framework specifications. This inspection can be customized, but at this time we will use the Linux baseline Centos7+
curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P inspec \
&& git clone https://github.com/dev-sec/linux-baseline \
&& inspec exec linux-baseline
You should see something like this:
We will use the Dev-sec framework for Ansible to automate these settings. Centos7+ yum install -y ansible && ansible-galaxy install dev-sec.os-hardening
We have to build a playbook with the rules to be automatically changed. For now, we will use the default settings of dev-sec.os-hardening.
Create a file: foleon-playbook.yml
- hosts: localhost
roles:
- dev-sec.os-hardening
Execute the playbook:
ansible-playbook playbook.yml -f 10
Check results
Just execute the re-inspection command to check that everything has been executed as expected:
inspec exec linux-baseline
If you get something like that, we're safe!