Learning Puppet Security

Secure your IT environments with the powerful security tools of Puppet

About This Book

• Pass a compliance audit by showing the concrete state of your systems using Puppet
• Secure your Puppet server to minimize risks associated with misconfigured installations using the gdsoperations/auditd module
• Attain in-depth knowledge of all the security aspects related to Puppet with the help of a step-by-step approach and attain the practical skills required to develop applications

Who This Book Is For

If you are a security professional whose workload is increasing, or a Puppet professional looking to increase your knowledge of security, or even an experienced systems administrator, then this book is for you. This book will take you to the next level of security automation using Puppet. The book requires no prior knowledge of Puppet to get started.

What You Will Learn

• Use Puppet manifests to show system compliance and track changes to the operating system resources
• Generate security reports using PuppetDB to show that the systems are up to date
• Automate CIS compliance using community modules
• Configure firewalls automatically based on roles
• Demystify the Puppet SSL stack
• Set up centralized logging with dashboard search functionality using Elasticsearch, Logstash, and Kibana
• Configure your systems to be secure automatically using SELinux with Puppet
• Use Puppet to assist with PCI DSS compliance

In Detail

As application and server environments become more complex, managing security and compliance becomes a challenging situation. By utilizing Puppet and the tools associated with it, you can simplify and automate many of the more repetitive security-related tasks.

Beginning with the simplest cases, you will quickly get up and running by looking at an example Puppet manifest. Moving on, you will learn how to use Puppet to track changes to environments and how this can be used for compliance. As your knowledge increases, you will then get to explore community modules and learn how they can help simplify the deployment of your Puppet environment by using pre-written code contributed by community members. By the end of this book, you will be able to implement a complete centralized logging solution using Logstash and community modules.

使用 Puppet 的強大安全工具來保護您的 IT 環境

關於本書
- 使用 Puppet 顯示系統的具體狀態，通過合規審核
- 使用 gdsoperations/auditd 模組，保護 Puppet 伺服器以減少錯誤配置安裝所帶來的風險
- 透過逐步方法瞭解與 Puppet 相關的所有安全方面，並獲得開發應用所需的實際技能

本書適合對安全工作負荷增加的安全專業人員、希望增加對安全知識的 Puppet 專業人員，以及有經驗的系統管理員。本書將帶您進入使用 Puppet 進行安全自動化的下一個層次。本書無需事先了解 Puppet 即可開始。

學到什麼
- 使用 Puppet manifest 顯示系統合規性並追蹤操作系統資源的變化
- 使用 PuppetDB 生成安全報告，顯示系統是否為最新狀態
- 使用社群模組自動實現 CIS 合規性
- 根據角色自動配置防火牆
- 解密 Puppet SSL 堆疊
- 使用 Elasticsearch、Logstash 和 Kibana 設置具有儀表板搜索功能的集中式日誌記錄
- 使用 Puppet 自動配置 SELinux 以實現系統安全
- 使用 Puppet 協助實現 PCI DSS 合規性

詳細內容
隨著應用和伺服器環境變得越來越複雜，管理安全和合規性變得具有挑戰性。通過使用 Puppet 及其相關工具，您可以簡化和自動化許多重複性的安全相關任務。

從最簡單的情況開始，您將通過查看一個示例 Puppet manifest 快速上手。隨著知識的增加，您將學習如何使用 Puppet 追蹤環境的變化，以及如何用於合規性。隨著您的知識增加，您將探索社群模組，並學習如何使用社群成員貢獻的預先編寫的代碼來簡化 Puppet 環境的部署。通過本書的學習，您將能夠使用 Logstash 和社群模組實現完整的集中式日誌記錄解決方案。