Security hardening is the most obvious task for any security-conscious endeavor. By doing the effort of securing systems, applications, and networks, one can achieve multiple security goals given as follows:
- Ensuring that applications and networks are not compromised (sometimes)
- Making it difficult for compromises to stay hidden for long
- Securing by default ensures that compromises in one part of the network don't propagate further and more
The Ansible way of thinking about automation around security is a great fit for automating security hardening. In this chapter, we will introduce security benchmarks and frameworks that can be used to build playbooks that will allow us to do the following things:
- Secure our master images so that as soon as the applications and systems are part of the network, they offer decent security...