- From: Daniel DeLeo <
>
- To:
- Subject: [chef] Re: Re: should chef be used for initial server updating/hardening?
- Date: Fri, 20 Jan 2012 08:23:43 -0800
On Friday, January 20, 2012 at 8:20 AM, Ranjib Dey wrote:
>
yup. absolutely. Not sure about ubuntu, but i have used bastille on
>
centos/linux. along with custom ipatbels, rokhunter and psad , just to
>
harden vanilla vm. And again server, app, framework level patches/security
>
measures (like LAMP etc)
>
>
>
>
On Fri, Jan 20, 2012 at 9:40 PM, S Ahmed
>
<
>
>
(mailto:
)>
>
wrote:
>
> Is it good practise to use chef to update repos i.e. sugo apt-get update
>
> && sudo apt-get upgrade
>
>
>
> And general server hardening like iptables etc?
>
>
>
> If yes, any good examples for ubuntu hardening that you can point me to?
The apt cookbook does what you describe:
http://community.opscode.com/cookbooks/apt
It's actually pretty essential, since package resources may fail if apt's
cache is out of date. As for other kinds of hardening, I'm not sure what you
have in mind, but Chef can automate them.
--
Dan DeLeo
Archive powered by MHonArc 2.6.16.