DevOps Server Hardening
The Hardening Framework combines DevOps with Security. It implements hardening for Puppet, Chef and Ansible.
One of the main goals for the Hardening Framework it to provide security as a plug-in mechanism. All modules are implemented as overlay modules and work in conjunction with the corresponding open source module like apache or nginx. This enables you to drop in hardening
for your staging and production environments and reuse existing developments.
Components
The framework consists of multiple hardening components:
- Linux System Baseline
- SSH Baseline
- Windows System Baseline
- Apache Baseline
- Nginx Baseline
- Mysql Baseline
- Postgres Baseline
- PHP Baseline
- SSL/TLS Baseline
Most components are implemented in Ansible, Chef and Puppet.
Layout
This repository contains examples and tools to harden your server. A subfolder for each DevOps tool exists and a readme guides you accordingly:
βββ LICENSE
βββ README.md
βββ ansible-linux
βββ chef-linux
βββ puppet
License and Author
- Author:: Dominik Richter [email protected]
- Author:: Christoph Hartmann [email protected]
- Author:: Sebastian Gumprich [email protected]
- Author:: Deutsche Telekom AG
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.