Security Automation with Ansible 2
Madhu Akula, Akash Mahajan
- Leverage the agentless, push-based power of Ansible 2 to automate security tasks.
- Learn to write Playbooks to apply security at any part of your system.
- A recipe-based guide that will teach you to use Ansible 2 for various use cases like fraud detection, network security, governance and so on.
Security automation is one of the most interesting skills to have nowadays. Ansible allows you to write automation procedures once and use them across your entire infrastructure. This book will teach you the best way to use Ansible for completing seemingly complex tasks by using various building blocks available and create solutions that are easy to teach others, store for later, perform version control on and allow for repeatability.
We will start by covering various popular modules and write simple playbooks to showcase those modules. We will see how this can be applied over a variety of platforms and operating systems whether be it Windows/Linux bare metal servers or containers on a cloud platform. Once the bare bones automation is in place, we will learn how to leverage tools like Ansible Tower or even Jenkins to create scheduled repeatable processes around security patching, security hardening, compliance reports, monitoring of systems and so on. You will then delve into useful security automation techniques and approaches and learn to extend Ansible for enhanced security. While on the way, we will engage topics like how to manage secrets, how to manage all the playbooks that we will create and how to enable collaboration around them. The final stretch will see us tackling on how we can extend the modules of Ansible for our use and do all the above in a programmatic manner for even more powerful automation frameworks and rigs.
What you will learn
- Use Ansible playbooks, roles, modules and templating to build generic, testable playbooks
- Manage Linux and Windows hosts remotely in a repeatable and predictable manner
- Learn how to do security patch management, security hardening with scheduling and automation
- Setup AWS Lambda for server-less automated defense
- Run continuous security scans against your hosts and automatically fix and harden the gaps
- Extend Ansible to write your custom modules and use it as part of your already existing security automation programs
- Perform automation security audit checks for Applications using Ansible
- Manage secrets in Ansible using Ansible vault