This repo creates a usable Linux platform with adequately security for daily, non-production usage.
TODO: add blurb about reasoning
TODO: add blurb about workflow
Make no mistake this set of playbooks are opinionated and come without any express or implied warranty.
- Protect data with partitioning and encryption
- Set useful base tools
- Restrict physical access
- Restrict network access
- Track audit-worthy change events
- dev-sec/linux-baseline
- dev-sec/linux-patch-baseline
- dev-sec/ssh-baseline
- dev-sec/cis-dil-benchmark
- dev-sec/cis-docker-benchmark
- dev-sec/cis-kubernetes-benchmark
- vibrato/inspec-meltdownspectre
Security hardening guides, best practices, checklists, benchmarks, tools and other resources. Help from :
- US DoD DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
- decalage2/awesome-security-hardening
This project uses :
- Terraform
- dmacvicar/terraform-provider-libvirt for local dev
- aws for remote dev
- Ansible for development and evaluation.
- Taskfile contains most of the magic to get this project working.
make init
- Ansible-galaxy installs required public roles within requirements.yml
- Vagrant pulling down the most recent versions of the boxes currently configured.
- Creating an Ansible Vault to protect sensitive data such as keys / passwords in an encrypted vault. An example decrypted file can be reviewed vault-example.yml, which will become vault.yml.
make enc # encrypt vault.yml
make dec # decrypt vault.yml
make build
make ping
- Vagrant creates test VMs
- Vagrant takes snapshot of the state at baseline to make iterative testing much faster
make start
make stop
make restore # restore baseline snapshot
make destroy # remove all traces
make audit
make play
make audit
OS | Release |
---|---|
Ubuntu | 20.04 - Focal |
19.10 - Eoan | |
18.04 - Bionic | |
16.04 - Xenial | |
Debian | 10 - Buster |
9 - Stretch | |
8 - Jessie | |
ArchLinux | ArchLinux |
CentOS | 8 |
7 |
OS | Release |
---|---|
Ubuntu | 20.10 - Groovy |
14.04 - Trusty | |
CentOS | 6 |
RHEL | 8 |
7 | |
6 |