So you are a sysadmin responsible for a server, and you have to be sure that the system is hardened in some particular and maybe non-standard way. Then, meet your best friend - the project of the ComplianceAsCode initiative.
It features checks and hardening snippets in Ansible, Bash and SCAP-compliant formats, so you can use automation to determine the system's state and to keep the system hardened. Discover the smart way of system hardening - learn how to leverage the project:
- Extend it - write your custom rules,
- tailor existing rules to exactly suit your needs,
- compose rules into your security profiles that you can use to audit your system against, and
- test your custom content for robustness.
For the best interactive experience, bring a laptop with
- these packages installed: git, Ansible, openscap and Python with the pytest, jinja2 and PyYAML Python packages.
- the ComplianceAsCode/content repository cloned (or updated to it's current master branch).
- the ComplianceAsCode/demo repository cloned. Check out it's README for useful tips and tricks for the workshop!
- libvirt-powered Fedora VM, where the root user accepts your unlocked/passwordless SSH key (this is needed only to run tests).