PRECONDITION

Cyber security is becoming more and more important and securing your server with automation allows us to save a lot of time and respect best practices

PROCEDURE

This guide is based on the great work done by “fervid” who created the puppet able to harden the server with a few clicks:

In my tests, after running the puppet, I checked the server through an AWS service called Inspector:

“Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS”

Inspector found some vulnerabilities that seem not to be fixed by the puppet and I have fixed them in my puppet:

https://github.com/joelgaria/secure_linux_cis.git

In the repository there are two files for install the puppet and clone/launch the repository:

  • install_puppet.sh for install the puppet in the server
  • get_updates.sh (add your repository) for launch the puppet

Under modules -> secure_linux_cis -> manifests -> init.pp you can see the values according to your needs and change it in the node.pp files (::secure_linux_cis):

Copy to Clipboard

and under modules/secure_linux_cis_hardened there are other 4 files for help in server management:

  • firewall_rules.pp:
Copy to Clipboard

and services.pp (to install services):

Copy to Clipboard

and other two files to fix two vulnerability:

fstab.pp and delete_etc_motd.pp:

Copy to Clipboard
Copy to Clipboard

That’s it! The puppet will harden your server!

CONCLUSIONS

Let us know if you have solved the problem!

AWS Certified Solutions Architect Official Study Guide: https://amzn.to/2HQ0UM4

AWS Certified Solutions Architect Associate Practice Tests: https://amzn.to/2T9APwz

Recent Tweets

For privacy reasons Twitter needs your permission to be loaded.
I Accept