The OPPOSITE of hardening/remediation cookbooks or scripts!
It uses industry security recommendations(CIS Benchmarks in this case) and configures a RHEL/CentOS 7 machine AGAINST all these practices.
PLEASE firewall the instances that use this cookbook from the public and your internal network. The cookbook installs DHCP and other legacy services like: telnet, rsh, rlogin, etc. These are easily exploitable, especially when setup with their default configs.
A few use-cases:
- Training in penetration testing and security recommendations
- Creating honeypots
- Testing your security/compliance software. We use this to ensure the correctness of compliance reports when using Chef Compliance and the open source InSpec framework
See attributes/default.rb for tweaking how the cookbook works.
Looking forward for any feedback or contributions, cheers!