更新时间:2021-07-23 19:49:57
coverpage
Learning Puppet Security
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files eBooks discount offers and more
Preface
What this book covers
What you need for this book
Who this book is for
Convention
Reader feedback
Customer support
Chapter 1. Puppet as a Security Tool
What is Puppet?
Installing and configuring Puppet
Preparing the environment for examples
Puppet for security and compliance
Example – using Puppet to secure openssh
Summary
Chapter 2. Tracking Changes to Objects
Change tracking with Puppet
The audit meta-parameter
Using audit on files
Auditing the password file
Audit on other resource types
Auditing a package
Things to know about audit
Alternatives to auditing
Using noop
Chapter 3. Puppet for Compliance
Using manifests to document the system state
Tracking history with version control
Facts for compliance
The PCI DSS and how Puppet can help
Chapter 4. Security Reporting with Puppet
Basic Puppet reporting
PuppetDB and reporting
Reporting for compliance
Chapter 5. Securing Puppet
Puppet security related configuration
SSL and Puppet
Autosigning certificates
Chapter 6. Community Modules for Security
The Puppet Forge
The herculesteam/augeasproviders series of modules
The arildjensen/cis module
The saz/sudo module
The hiera-eyaml gem
Chapter 7. Network Security and Puppet
Introducing the firewall module
The firewall type
The firewallchain type
Creating pre and post rules
Adding firewall rules to other modules
Chapter 8. Centralized Logging
Welcome to logging happiness
Logstash and Puppet
Installing Elasticsearch
Reporting on log data
Configuring hosts to report log data
Chapter 9. Puppet and OS Security Tools
Introducing SELinux and auditd
SELinux and Puppet
Configuring SELinux with community modules
Configuring auditd with community modules
Appendix A. Going Forward
What we've learned
Where to go next
Final thoughts
Index
