Update [2015-07-07]: Puppet module is practically done for hardening AWS Linux 2014.09, you can check it out here: https://github.com/proletaryo/cis-puppet
It’s been almost a year since I posted here. Work is very challenging nowadays…
The latest project that I’m part of is now dealing with financial services. Yup, this means a lot of security exercises that need to be done to comply with PCI-DSS (Payment Card Industry Data Security Standards). I find these exercises challenging, a new lens that let’s you understand a lot of things and even makes you paranoid sometimes. IT Security is core – I learned a lot in this area for the past few months.
Anyway, right now I’m working with OS hardening based on the benchmark provided by Center for Internet Security. They provide guidelines on how to do this. Just download the document for your OS here: https://benchmarks.cisecurity.org/downloads/multiform/index.cfm
I’m working mostly in AWS nowadays – It’s a good thing that CIS released a benchmark for AWS Linux 2014.09 version.
We’re a Puppet shop so the first thing I did was to check if there are modules for AWS Linux. the closest one that I’ve found is for RHEL: https://github.com/arildjensen/cis-puppet
Close but not close enough… but definitely better than nothing 🙂
The beauty of OSS is you can always fork a project and Github is a wonder-tool! So fork I went… I’m already done with CIS Scored guidelines 1.x.x to 3.x.x — a few more to go. Once done, I’m hoping that I can merge this back to master if the original author will allow 🙂
If you’re interested in this project, just drop me a message here: https://github.com/proletaryo/cis-puppet