Security Automation with Ansible 2

Book description

Automate security-related tasks in a structured, modular fashion using the best open source automation tool available

About This Book

  • Leverage the agentless, push-based power of Ansible 2 to automate security tasks
  • Learn to write playbooks that apply security to any part of your system
  • This recipe-based guide will teach you to use Ansible 2 for various use cases such as fraud detection, network security, governance, and more

Who This Book Is For

If you are a system administrator or a DevOps engineer with responsibility for finding loop holes in your system or application, then this book is for you. It’s also useful for security consultants looking to automate their infrastructure’s security model.

What You Will Learn

  • Use Ansible playbooks, roles, modules, and templating to build generic, testable playbooks
  • Manage Linux and Windows hosts remotely in a repeatable and predictable manner
  • See how to perform security patch management, and security hardening with scheduling and automation
  • Set up AWS Lambda for a serverless automated defense
  • Run continuous security scans against your hosts and automatically fix and harden the gaps
  • Extend Ansible to write your custom modules and use them as part of your already existing security automation programs
  • Perform automation security audit checks for applications using Ansible
  • Manage secrets in Ansible using Ansible Vault

In Detail

Security automation is one of the most interesting skills to have nowadays. Ansible allows you to write automation procedures once and use them across your entire infrastructure. This book will teach you the best way to use Ansible for seemingly complex tasks by using the various building blocks available and creating solutions that are easy to teach others, store for later, perform version control on, and repeat.

We’ll start by covering various popular modules and writing simple playbooks to showcase those modules. You’ll see how this can be applied over a variety of platforms and operating systems, whether they are Windows/Linux bare metal servers or containers on a cloud platform. Once the bare bones automation is in place, you’ll learn how to leverage tools such as Ansible Tower or even Jenkins to create scheduled repeatable processes around security patching, security hardening, compliance reports, monitoring of systems, and so on.

Moving on, you’ll delve into useful security automation techniques and approaches, and learn how to extend Ansible for enhanced security. While on the way, we will tackle topics like how to manage secrets, how to manage all the playbooks that we will create and how to enable collaboration using Ansible Galaxy. In the final stretch, we’ll tackle how to extend the modules of Ansible for our use, and do all the previous tasks in a programmatic manner to get even more powerful automation frameworks and rigs.

Style and approach

This comprehensive guide will teach you to manage Linux and Windows hosts remotely in a repeatable and predictable manner. The book takes an in-depth approach and helps you understand how to set up complicated stacks of software with codified and easy-to-share best practices.

Publisher resources

Download Example Code

Table of contents

  1. Preface
    1. What this book covers
    2. What you need for this book
    3. Who this book is for
    4. Conventions
    5. Reader feedback
    6. Customer support
      1. Downloading the example code
      2. Downloading the color images of this book
      3. Errata
      4. Piracy
      5. Questions
  2. Introduction to Ansible Playbooks and Roles
    1. Ansible terms to keep in mind 
      1. Playbooks
      2. Ansible modules
      3. YAML syntax for writing Ansible playbooks
      4. Ansible roles
      5. Templates with Jinja2
        1. Jinja templating examples
          1. Conditional example
          2. Loops example
      6. LAMP stack playbook example – combining all the concepts
    2. Summary
  3. Ansible Tower, Jenkins, and Other Automation Tools
    1. Scheduling tools to enable the next abstraction of automation
    2. Getting up and running
      1. Setting up Ansible Tower
      2. Setting up Jenkins
      3. Setting up Rundeck
    3. Security automation use cases
      1. Adding playbooks
        1. Ansible Tower configuration
        2. Jenkins Ansible integration configuration
        3. Rundeck configuration
      2. Authentication and  data security
        1. RBAC for Ansible Tower
        2. TLS/SSL for Ansible Tower
        3. Encryption and data security for Ansible Tower
        4. RBAC for Jenkins
        5. TLS/SSL for Jenkins
        6. Encryption and data security for Jenkins
        7. RBAC for Rundeck
        8. HTTP/TLS for Rundeck
        9. Encryption and data security for Rundeck
      3. Output of the playbooks
        1. Report management for Ansible Tower
        2. Report management for Jenkins 
        3. Report management for Rundeck
      4. Scheduling of jobs
      5. Alerting, notifications, and webhooks
    4. Summary
  4. Setting Up a Hardened WordPress with Encrypted Automated Backups
    1. CLI for WordPress
    2. Why Ansible for this setup?
    3. A complete WordPress installation step-by-step
      1. Setting up nginx web server
      2. Setting up prerequisites
      3. Setting up MySQL database
      4. Installing PHP for WordPress setup
      5. Installing WordPress using WP-CLI
      6. Hardening SSH service
      7. Hardening a database service
      8. Hardening nginx 
      9. Hardening WordPress
      10. Hardening a host firewall service
      11. Setting up automated encrypted backups in AWS S3
      12. Executing playbook against an Ubuntu 16.04 server using Ansible Tower
      13. Secure automated the WordPress updates
        1. Scheduling via Ansible Tower for daily updates
    4. Setting up Apache2 web server
    5. Enabling TLS/SSL with Let's Encrypt
    6. What if you don't want to roll your own? The Trellis stack
      1. Why would we use Trellis, and when is it a good idea to use it?
    7. WordPress on Windows 
      1. How to enable WinRM in Windows
        1. Running Ansible against a Windows server
        2. Installing IIS server using playbook
    8. Summary
  5. Log Monitoring and Serverless Automated Defense (Elastic Stack in AWS)
    1. Introduction to Elastic Stack
      1. Elasticsearch
      2. Logstash
      3. Kibana
      4. Beats
      5. Why should we use Elastic Stack for security monitoring and alerting?
      6. Prerequisites for setting up Elastic Stack
      7. Setting up the Elastic Stack
        1. Logstash integrations
        2. Kibana
        3. ElastAlert
      8. Installing Elasticsearch
      9. Installing Logstash
      10. Logstash configuration
      11. Installing Kibana
      12. Setting up nginx reverse proxy
      13. Installing Beats to send logs to Elastic Stack
      14. ElastAlert for alerting
      15. Configuring the Let's Encrypt service
      16. ElastAlert rule configuration
      17. Kibana dashboards
    2. Automated defense?
      1. AWS services used in setup
        1. DynamoDB
        2. Blacklist lambda function
        3. HandleExpiry lambda function
        4. Cloudwatch
        5. VPC Network ACL
      2. Setup
      3. Configuration
      4. Usage - block an IP address
        1. Request
        2. Response
      5. Automated defense lambda in action
    3. Summary
  6. Automating Web Application Security Testing Using OWASP ZAP
    1. Installing OWASP ZAP
      1. Installing Docker runtime
      2. OWASP ZAP Docker container setup
        1. A specialized tool for working with Containers - Ansible Container 
      3. Configuring ZAP Baseline scan
        1. Running a vulnerable application container
        2. Running an OWASP ZAP Baseline scan
      4. Security testing against web applications and websites
        1. Running ZAP full scan against DVWS
        2. Testing web APIs
      5. Continuous scanning workflow using ZAP and Jenkins
        1. Setting up Jenkins
          1. Setting up the OWASP ZAP Jenkins plugin
          2. Some assembly required
        2. Triggering the build (ZAP scan)
          1. Playbook to do this with automation
        3. ZAP Docker and Jenkins
    2. Summary
  7. Vulnerability Scanning with Nessus
    1. Introduction to Nessus
      1. Installing Nessus for vulnerability assessments
      2. Configuring Nessus for vulnerability scanning
      3. Executing scans against a network
        1. Basic network scanning
      4. Running a scan using AutoNessus
        1. Setting up AutoNessus
        2. Running scans using AutoNessus
          1. Listing current available scans and IDs
          2. Starting a specified scan using scan ID
      5. Storing results
      6. Installing the Nessus REST API Python client
        1. Downloading reports using the Nessus REST API
      7. Nessus configuration
    2. Summary
  8. Security Hardening for Applications and Networks
    1. Security hardening with benchmarks such as CIS, STIGs, and NIST
      1. Operating system hardening for baseline using an Ansible playbook
      2. STIGs Ansible role for automated security hardening for Linux hosts
      3. Continuous security scans and reports for OpenSCAP using Ansible Tower
      4. CIS Benchmarks
        1. Ubuntu CIS Benchmarks (server level)
        2. AWS benchmarks (cloud provider level)
      5. Lynis – open source security auditing tool for Unix/Linux systems
        1. Lynis commands and advanced options
      6. Windows server audit using Ansible playbooks
        1. Windows security updates playbook
        2. Windows workstation and server audit
    2. Automating security audit checks for networking devices using Ansible
      1. Nmap scanning and NSE
        1. Nmap NSE scanning playbook
      2. AWS security audit using Scout2
    3. Automation security audit checks for applications using Ansible
      1. Source code analysis scanners
        1. Brakeman scanner – Rails security scanner
      2. Dependency-checking scanners
        1. OWASP Dependency-Check
      3. Running web application security scanners
        1. Nikto – web server scanner
      4. Framework-specific security scanners
        1. WordPress vulnerability scanner – WPScan
    4. Automated patching approaches using Ansible
      1. Rolling updates
      2. BlueGreen deployments
        1. BlueGreen deployment setup playbook
        2. BlueGreen deployment update playbook
    5. Summary
  9. Continuous Security Scanning for Docker Containers
    1. Understanding continuous security concepts
    2. Automating vulnerability assessments of Docker containers using Ansible
      1. Docker Bench for Security
      2. Clair
    3. Scheduled scans using Ansible Tower for Docker security
      1. Anchore – open container compliance platform 
        1. Anchore Engine service setup
        2. Anchore CLI scanner
    4. Scheduled scans using Ansible Tower for operating systems and kernel security
      1. Vuls – vulnerability scanner
        1. Vuls setup playbook
        2. Vuls scanning playbook
    5. Scheduled scans for file integrity checks, host-level monitoring using Ansible for various compliance initiatives
      1. osquery
    6. Summary
  10. Automating Lab Setups for Forensics Collection and Malware Analysis
    1. Creating Ansible playbooks for labs for isolated environments
      1. Collecting file and domain malware identification and classification
        1. VirusTotal  API tool set up
        2. VirusTotal API scan for malware samples
      2. Setting up the Cuckoo Sandbox environment
        1. Setting up the Cuckoo host
        2. Setting up Cuckoo guest
        3. Submitting samples and reporting using Ansible playbook 
        4. Setting up Cuckoo using Docker containers
      3. Setting up MISP and Threat Sharing
        1. Setting up MISP using Ansible playbook
        2. MISP web user interface
      4. Setting up Viper - binary management and analysis framework
    2. Creating Ansible playbooks for collection and storage with secure backup of forensic artifacts
      1. Collecting log artifacts for incident response
      2. Secure backups for data collection
    3. Summary
  11. Writing an Ansible Module for Security Testing
    1. Getting started with a hello world Ansible module
      1. Code
    2. Setting up the development environment
    3. Planning and what to keep in mind
    4. OWASP ZAP module
      1. Create ZAP using Docker
      2. Creating a vulnerable application
      3. Ansible module template
        1. Metadata
        2. Documenting the module
        3. Source code template 
      4. OWASP ZAP Python API sample script
        1. Complete code listing
      5. Running the module
        1. Playbook for the module
        2. Adding an API key as an argument
        3. Adding scan type as an argument
    5. Using Ansible as a Python module 
    6. Summary
  12. Ansible Security Best Practices, References, and Further Reading
    1. Working with Ansible Vault
      1. How to use Ansible Vault with variables and files
      2. Ansible Vault single encrypted variable
      3. Ansible Vault usage in Ansible Tower
    2. Setting up and using Ansible Galaxy 
      1. Using Ansible Galaxy roles
      2. Publishing our role to Ansible Galaxy
      3. Ansible Galaxy local setup
    3. Ansible controller machine security
      1. Explanation of Ansible OS hardening playbook
    4. Best practices and reference playbook projects
      1. DebOps – your Debian-based data center in a box
        1. Setting up the DebOps controller
      2. Algo – set up a personal IPSEC VPN in the cloud
      3. OpenStack-Ansible
    5. Additional references
      1. Streisand – automated installation and configuration of anti-censorship software
      2. Sovereign – maintain your own private cloud using Ansible playbooks
      3. AWX – open source version of Ansible Tower
    6. Coming soon to Ansible 2.5
    7. Summary

Product information

  • Title: Security Automation with Ansible 2
  • Author(s): Madhu Akula, Akash Mahajan
  • Release date: December 2017
  • Publisher(s): Packt Publishing
  • ISBN: 9781788394512