Hacker News new | past | comments | ask | show | jobs | submit login

Right, I was thinking myself... why not have a chef recipe do this, and walk through the systems as you do that.

Ideally the server comes up and applies chef, doing the needful to secure it. Hand-cooking a server is extremely painful.




I mention Ansible and other tools in the article. The idea, as others have mentioned, is to teach a man to fish. You're much better off with having an automated way to perform this, but you shouldn't ever run anything automated that you don't understand.

We'll release an Ansible Playbook over the next week or so that follows these steps.


See related (as inspiration, or an upstream):

  - https://github.com/openstack/openstack-ansible-security
  - https://github.com/geerlingguy/ansible-role-security


Thanks man! I'll take a look.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: