Security Automation with Ansible 2
上QQ阅读APP看书,第一时间看更新

What this book covers

Chapter 1, Introduction to Ansible Playbooks and Roles, covers the terms that you would already be familiar with, in Ansible. They are explained with sample playbooks and the Ansible commands required to run those playbooks. If you feel your Ansible concepts and skills are a bit rusty, start here.

Chapter 2, Ansible Tower, Jenkins, and Other Automation Tools, is all about automation of automation. We cover the use of scheduling automation tools commonly used with Ansible such as Ansible Tower, Jenkins, and Rundeck. If you start using these tools the mundane and boring tasks of remembering when to schedule and execute playbooks and get notifications about the output can be delegated to the tools rather than in your head. If you haven't used any tools like these, you should read this chapter.

Chapter 3, Setting up a Hardened WordPress with Encrypted Automated Backups, covers the exploration of various security automation techniques and approaches. As with any technique or approach, it is possible that some of what we say doesn't apply for your use case. However, by taking an opinionated approach, we show you one way of doing this, which we think works well largely. WordPress is the most popular website creation software currently. By tackling how to secure it using playbooks (and running in an IT automation tool), we start talking about an IT/ops requirement of keeping running servers safe and making sure we can recover from failure. If you are responsible for managing websites (even if it is just your own), this chapter should be useful. If you don't use WordPress, there is enough in this chapter to get you to think about how to apply this chapter to your use case.

Chapter 4, Log Monitoring and Serverless Automated Defense (Elastic Stack in AWS), covers log monitoring and security automation, which are like peanut butter and jelly. In this chapter, using Ansible we set up a log monitoring server infrastructure on a server in AWS. Based on attack notifications, we create a near real-time dynamic firewall service using AWS services such as AWS Lambda, Dynamo DB, and AWS Cloudwatch.

Chapter 5, Automating Web Application Security Testing Using OWASP ZAP, covers one of the most common security workflows of testing the security of a website using one of the most popular open source tools, that is, OWASP ZAP. Once we have figured out the basic workflow, we supercharge it for continuous scanning of your websites using Ansible and Jenkins. Read this chapter to see how we can work with Docker containers using Ansible, while doing continuous security scanning. A sure win-win!

Chapter 6, Vulnerability Scanning with Nessus, explains the use of Nessus with Ansible for vulnerability scanning. This chapter covers the approach of doing basic network scans, conducting security patch audits, and enumerating vulnerabilities.

Chapter 7, Security Hardening for Applications and Networks, shows that Ansible has enabled us to assert our security thinking declaratively. By utilizing the idea of what the system state should be, we can create security hardening playbooks based on standards, such as CIS and NIST, and guidance provided by the US Department of Defense's STIGs. Familiarize yourself with approaches to hardening applications and servers using existing security documentation, but most importantly, in a repeatable self-documenting way, which is under version control. If you were like us, doing all of this manually for many years, you will appreciate what a game changer this is for security automation.

Chapter 8, Continuous Security Scanning for Docker Containers, covers how to run security scanning tools against Docker containers. A lot of modern applications are deployed using containers, and this chapter will quickly helps you understand whether you have any vulnerable containers, and as always, coupled with Ansible Tower, how to make this a continuous process.

Chapter 9, Automating Lab Setups for Forensics Collection, Malware Analysis, is specially for malware researchers. If you have always wanted to use Cuckoo sandbox and MISP, and have shied away because of the complicated steps involved in setting these up, this chapter has got you covered.

Chapter 10, Writing an Ansible Module for Security Testing, covers how we can extend the functionality offered by Ansible and learn from other projects that are using Ansible to deliver great software solutions. This chapter and the next, bring us to the third section of our book.

Sometimes with all the amazing modules that come with Ansible, they are still not enough for us to do what we want to do. This chapter delves into creating an Ansible module, and if we may say so ourselves, it doesn't try to be very formal about the approach. Remembering that what we want to focus on is security automation, we create a module for running website security scans using a ZAP proxy. With a complete module provided, this will help you writing and using your modules in no time.

Chapter 11, Ansible Security Best Practices, References, and Further reading, covers how to manage secrets and credentials using Ansible Vault. It will help you in setting up your own instance of Ansible Galaxy. We also highlight other projects using Ansible playbooks for security solutions such as DebOps and Algo. We also cover AWX, which is the free and open source version of Ansible Tower and show you how to set it up and use it. We conclude with a short discussion on Ansible 2.5, which is expected to be released in the first or second quarter of 2018.