Audit RHEL/CentOS 6 security benchmarks with ansible

Securing critical systems isn’t easy and that’s why security benchmarks exist. Many groups and communities distribute recommendations for securing servers, including NIST, the US Department of Defense (DoD), and the Center for Internet Security (CIS). Although NIST and DoD are catching up quickly with newer OS releases, I’ve found that the CIS benchmarks are updated very regularly. CIS distributes auditing tools (with paid memberships) that require Java and they’re cumbersome to use, especially on servers where Java isn’t normally installed.

Quickly post gists to GitHub Enterprise and github.com

The gist gem from GitHub allows you to quickly post text into a GitHub gist. You can use it with the public github.com site but you can also configure it to work with a GitHub Enterprise installation. To get started, add two aliases to your ~/.bashrc: alias gist="gist -c" alias workgist="GITHUB_URL=https://github.mycompany.com gist -c" The -c will copy the link to the gist to your keyboard whenever you use the gist tool on the command line.

Automate CentOS 6 deployments with CIS Security Benchmarks already applied

A coworker heard me grumbling about Linux system administration standards and recommended that I review the CIS Security Benchmarks. After downloading the Red Hat Enterprise Linux 6 security benchmark PDF, I quickly started to see the value of the document. Some of the standards were the installation defaults, some were often forgotten settings, and some were completely brand new to me. Automating the standards can be a little treacherous simply due to the number of things to adjust and check.

Fedora 17 released, XenServer kickstarts updated

Fedora 17 was released yesterday and you can download it now! In addition, I made some edits to my kickstarts repository on GitHub to match up with the final release of Fedora 17. The kickstart took less than ten minutes to complete even with a remote repository configured for RPM packages. Fedora & XenServer users: Would posting an actual XVA file for download make it easier for you to get started?

mysql-json-bridge: a simple JSON API for MySQL

My quest to get better at Python led me to create a new project on GitHub. It’s called mysql-json-bridge and it’s ready for you to use. Why do we need a JSON API for MySQL? The real need sprang from a situation I was facing daily at Rackspace. We have a lot of production and pre-production environments which are in flux but we need a way to query data from various MySQL servers for multiple purposes.