General discussion about Chef

[chef] Re: Re: Re: should chef be used for initial server updating/hardening?


Chronological Thread 
  • From: S Ahmed < >
  • To:
  • Subject: [chef] Re: Re: Re: should chef be used for initial server updating/hardening?
  • Date: Fri, 20 Jan 2012 11:40:14 -0500
For hardening, what I'm ideally looking for is an example repo that has general server hardening.

I realize it server hardening is scenario specific, but this is for a web app and I was hoping to LEARN from a good hardening recipe with 'best practises'.



On Fri, Jan 20, 2012 at 11:23 AM, Daniel DeLeo < "> > wrote:


On Friday, January 20, 2012 at 8:20 AM, Ranjib Dey wrote:

> yup. absolutely. Not sure about ubuntu, but i have used bastille on centos/linux. along with custom ipatbels, rokhunter and psad , just to harden vanilla vm. And again server, app, framework level patches/security measures (like LAMP etc)
>
>
>
> On Fri, Jan 20, 2012 at 9:40 PM, S Ahmed < "> (mailto: "> )> wrote:
> > Is it good practise to use chef to update repos i.e. sugo apt-get update && sudo apt-get upgrade
> >
> > And general server hardening like iptables etc?
> >
> > If yes, any good examples for ubuntu hardening that you can point me to?
The apt cookbook does what you describe:

http://community.opscode.com/cookbooks/apt

It's actually pretty essential, since package resources may fail if apt's cache is out of date. As for other kinds of hardening, I'm not sure what you have in mind, but Chef can automate them.

--
Dan DeLeo





Archive powered by MHonArc 2.6.16.

§