Thursday, June 16, 2016

Dev-Sec.io Automated Hardening Framework

Automated configuration management tools like Ansible, Chef and Puppet are changing the way that organizations provision and manage their IT infrastructure. These tools allow engineers to programmatically define how systems are set up, and automatically install and configure software packages. System provisioning and configuration becomes testable, auditable, efficient, scalable and consistent, from tens to hundreds or thousands of hosts.

These tools also change the way that system hardening is done. Instead of following a checklist or a guidebook like one of the CIS Benchmarks, and manually applying or scripting changes, you can automatically enforce hardening policies or audit system configurations against recognized best practices, using pre-defined hardening rules programmed into code.

An excellent resource for automated hardening is a set of open source templates originally developed at Deutsche Telekom, under the project name "Hardening.io". The authors have recently had to rename this hardening framework to Dev-Sec.io

It includes Chef recipes and Puppet manifests for hardening base Linux, as well as for SSH, MySQL and PostgreSQL, Apache and Nginx. Ansible support at this time is limited to playbooks for base Linux and SSH. Dev-Sec.io works on Ubuntu, Debian, RHEL, CenOS and Oracle Linux distros.

For container security, the project team have just added an InSpec profile for Chef Compliance against the CIS Docker 1.11.0 benchmark.

Dev-Sec.io is comprehensive and at the same time accessible. And it’s open, actively maintained, and free. You can review the rules, adopt them wholesale, or cherry pick or customize them if needed. It’s definitely worth your time to check it out on GitHub: https://github.com/dev-sec

9 comments:

mytrainingsoline said...


Nice observation and good article,thankyo for sharing your knowledge,keep posting such information that's helpful to others

Devops online training
Best Devops online training
Devops online training in Hyderabad
Devops online training in india

Unknown said...


I have read your article; it is very instructive and valuable to me. I admire the valuable information you offer in your articles. Thanks for posting it.
power bi training in hyderabad
best power bi class room training in hyderabad
power bi class room training in hyderabad
power bi training in india

Roji Gomez said...

Great help but I'd rather hire a custom software application development company coz it's easier.

BrnInfotech said...

Nice Blog, I really wonder to visit your blog, Thanks a lot! for sharing the useful Information.
mobile application training in hyd
iphone app training course
Best ios training in Hyderabad
ios app development course
Mobile App Training Institutes

katetech said...

Thank you for your post. This is useful information.
Here we provide our special one's.
creative website designing services
top Mobile App Development Companies
list of Digital marketing companies

katetech said...

Thank you for your post. This is useful information.
Here we provide our special one's.
creative website designing services
top Mobile App Development Companies
list of Digital marketing companies

Unknown said...


Nice Posting !! Thanks for sharing..
Docker Training in Hyderabad
Docker and Kubernetes Online Training
Docker Training
Docker Online Training
Kubernetes Online Training
Kubernetes Training in Hyderabad
Best Docker and kubernetes training in ameerpet
Docker and Kubernetes Training in Hyderabad

Unknown said...

Membaca gaya bermain lawan. Apabila sebelumnya telah berhasil mengelabui lawan untuk tidak membaca rencana anda. Sekarang giliran anda yang membaca gaya permainan lawan.
asikqq
http://dewaqqq.club/
http://sumoqq.today/
interqq
pionpoker
bandar ceme terbaik
betgratis
paito warna terlengkap
forum prediksi

Unknown said...

Nice article admin thanks for share your atricle keep share your knowledge i am waiting for your new post check hi vis jacket girls knee high socks kindly review and reply me

Site Meter