Thursday, June 16, 2016

Dev-Sec.io Automated Hardening Framework

Automated configuration management tools like Ansible, Chef and Puppet are changing the way that organizations provision and manage their IT infrastructure. These tools allow engineers to programmatically define how systems are set up, and automatically install and configure software packages. System provisioning and configuration becomes testable, auditable, efficient, scalable and consistent, from tens to hundreds or thousands of hosts.

These tools also change the way that system hardening is done. Instead of following a checklist or a guidebook like one of the CIS Benchmarks, and manually applying or scripting changes, you can automatically enforce hardening policies or audit system configurations against recognized best practices, using pre-defined hardening rules programmed into code.

An excellent resource for automated hardening is a set of open source templates originally developed at Deutsche Telekom, under the project name "Hardening.io". The authors have recently had to rename this hardening framework to Dev-Sec.io

It includes Chef recipes and Puppet manifests for hardening base Linux, as well as for SSH, MySQL and PostgreSQL, Apache and Nginx. Ansible support at this time is limited to playbooks for base Linux and SSH. Dev-Sec.io works on Ubuntu, Debian, RHEL, CenOS and Oracle Linux distros.

For container security, the project team have just added an InSpec profile for Chef Compliance against the CIS Docker 1.11.0 benchmark.

Dev-Sec.io is comprehensive and at the same time accessible. And it’s open, actively maintained, and free. You can review the rules, adopt them wholesale, or cherry pick or customize them if needed. It’s definitely worth your time to check it out on GitHub: https://github.com/dev-sec

8 comments:

devops online training said...

nice information About DevOps Thanks For Sharing
any one want to learn devops or DevOps Online Training visit Us:
DevOps Online Training

infotechbrn1@gmail.com said...

This is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article.
iphone training institute in bangalore
best iphone training institute bangalore
ios app development in hyderabad

Radha Sai said...

Well written. Keep updating
Devops Online Course

infotechbrn1@gmail.com said...


Thank you for your post. This is excellent information. It is amazing and wonderful to visit your blog.
Best ios training institute in bangalore
iOS app training in bangalore
iPhone job oriented course in bangalore
iPhone training classes in bangalore

infotechbrn1@gmail.com said...

Great Information, Thank you for sharing this post.
best iphone training institute bangalore
iphone job training center in bangalore

infotechbrn1@gmail.com said...

Useful Information, your blog is sharing unique information....
Thanks for sharing!!!
php developers in hyderabad
php developers in kukatpally
php developers in gachibowli

Anjali Siva said...

Thanks for taking time to share this page, really helpful.
DevOps Training in Chennai
DevOps Certification Chennai
AWS course in Chennai
AWS Certification in Chennai
R Programming Training in Chennai
Angular 6 Training in Chennai
Robotics Process Automation Training in Chennai

cityspideyseo said...

CitySpidey is India's first and definitive platform for hyper local community news, RWA Management Solutions and Account Billing Software for Housing Societies. We also offer air quaity index and residential soceity news of Noida, Dwarka, Indirapuram, Gurgaon and Faridabad. You can place advertisement for your business on city spidey.

Gate Management System
Society Management App
Society Management
rwa Management App
Neighbourhood Management App
Apartment Management App
Apartment Management System
Visitors Management System
Apartment Management Software
Air Quality Index, Air Pollution
Noida News
Gurgaon News
Ghaziabad News
Delhi News
Indirapuram News
Dwarka News

Site Meter