Cargando…

Learning Puppet Security : secure your IT environments with the powerful secuity tools of Puppet /

If you are a security professional whose workload is increasing, or a Puppet professional looking to increase your knowledge of security, or even an experienced systems administrator, then this book is for you. This book will take you to the next level of security automation using Puppet. The book r...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Slagle, Jason (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham, UK : Packt Publishing, 2015.
Colección:Community experience distilled.
Temas:
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Puppet as a Security Tool; What is Puppet?; Declarative versus imperative approaches; The Puppet client-server model; Other Puppet components; PuppetDB; Hiera; Installing and configuring Puppet; Installing the Puppet Labs Yum repository; Installing the Puppet Master; Installing the Puppet agent; Configuring Puppet; Puppet services; Preparing the environment for examples; Installing Vagrant and VirtualBox; Creating our first Vagrantfile; Puppet for security and compliance
  • Example
  • using Puppet to secure opensshStarting the Vagrant virtual machine; Connecting to our virtual machine; Creating the module; Building the module; The openssh configuration file; The site.pp file; Running our new code; Summary; Chapter 2: Tracking Changes to Objects; Change tracking with Puppet; The audit meta-parameter; How it works; What can be audited; Using audit on files; Available attributes; Auditing the password file; Preparation; Creating the manifest; First run of the manifest; Changing the password file and rerunning Puppet; Audit on other resource types; Auditing a package
  • Modifying the module to auditThings to know about audit; Alternatives to auditing; The noop meta-parameter; Purging resources; Using noop; Summary; Chapter 3: Puppet for Compliance; Using manifests to document the system state; Tracking history with version control; Using git to track Puppet configuration; Tracking modules separately; Facts for compliance; The Puppet role's pattern; Using custom facts; The PCI DSS and how Puppet can help; Network-based PCI requirements; Vendor-supplied defaults and the PCI; Protecting the system against malware; Maintaining secure systems
  • Authenticating access to systemsSummary; Chapter 4: Security Reporting with Puppet; Basic Puppet reporting; The store processors; Example
  • showing the last node runtime; PuppetDB and reporting; Example
  • getting recent reports; Example
  • getting event counts; Example
  • a simple PuppetDB dashboard; Reporting for compliance; Example
  • finding heartbleed-vulnerable systems; Summary; Chapter 5: Securing Puppet; Puppet security related configuration; The auth.conf file; Example
  • Puppet authentication; Adding our second Vagrant host; The fileserver.conf file
  • Example
  • adding a restricted file mountSSL and Puppet; Signing certificates; Revoking certificates; Alternative SSL configurations; Autosigning certificates; Naïve autosign; Basic autosign; Policy-based autosign; Summary; Chapter 6: Community Modules for Security; The Puppet Forge; The herculesteam/augeasproviders series of modules; Managing SSH with augeasproviders; The arildjensen/cis module; The saz/sudo module; The hiera-eyaml gem; Summary; Chapter 7: Network Security and Puppet; Introducing the firewall module; The firewall type; The firewallchain type; Creating pre and post rules