Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Hands-On Enterprise Automation on Linux

You're reading from   Hands-On Enterprise Automation on Linux Efficiently perform large-scale Linux infrastructure automation with Ansible

Arrow left icon
Product type Paperback
Published in Jan 2020
Publisher Packt
ISBN-13 9781789131611
Length 512 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
James Freeman James Freeman
Author Profile Icon James Freeman
James Freeman
Arrow right icon
View More author details
Toc

Table of Contents (23) Chapters Close

Preface 1. Section 1: Core Concepts
2. Building a Standard Operating Environment on Linux FREE CHAPTER 3. Automating Your IT Infrastructure with Ansible 4. Streamlining Infrastructure Management with AWX 5. Section 2: Standardizing Your Linux Servers
6. Deployment Methodologies 7. Using Ansible to Build Virtual Machine Templates for Deployment 8. Custom Builds with PXE Booting 9. Configuration Management with Ansible 10. Section 3: Day-to-Day Management
11. Enterprise Repository Management with Pulp 12. Patching with Katello 13. Managing Users on Linux 14. Database Management 15. Performing Routine Maintenance with Ansible 16. Section 4: Securing Your Linux Servers
17. Using CIS Benchmarks 18. CIS Hardening with Ansible 19. Auditing Security Policy with OpenSCAP 20. Tips and Tricks 21. Assessments 22. Other Books You May Enjoy

Testing security policies with Ansible

As we have discussed so far, it is important to ensure that not only can you implement security policies in an efficient and repeatable manner, but that it should also be possible to audit them. There are a variety of tools available for this task, both closed source and open source. Before we consider any other tools, though, it is worthwhile looking at how Ansible itself can assist with this task.

Let's return to one of our original examples, where we were implementing two of the recommendations from section 5 of the CIS Benchmark.

Previously, we ran this with the following command:

$ ansible-playbook -i hosts site.yml

This ran through the two checks, implementing the changes if the system was not already compliant with the security recommendations. However, Ansible also has a mode of operation called check mode. In this mode, Ansible...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime