DevSecOps Best Practices with Ansible

2.1 What is Ansible?

Ansible is an open-source automation tool that simplifies the process of managing servers and applications through code. It uses a simple syntax called YAML (Yet Another Markup Language).

2.2 What is DevSecOps?

DevSecOps is a culture and practice that integrates security into every aspect of the software development lifecycle, ensuring that security is a shared responsibility from development to operations.

3.1 Automate Security Scanning

Integrate security scanning tools into your CI/CD pipeline. Use Ansible to automate the installation and execution of these tools.

3.2 Configuration Management

Ensure that your servers are configured securely by using Ansible playbooks to enforce security policies.

Example Playbook:

- hosts: webservers
  tasks:
    - name: Ensure the latest security updates are installed
      apt:
        upgrade: dist
        update_cache: yes
    - name: Install Fail2Ban
      apt:
        name: fail2ban
        state: present
                

3.3 Infrastructure as Code (IaC)

Use Ansible to define your infrastructure as code. This makes it easier to maintain and audit changes.

4.1 Example: Securing SSH Access

This playbook ensures that SSH is configured securely.

- hosts: all
  tasks:
    - name: Ensure SSH is installed
      apt:
        name: openssh-server
        state: present

    - name: Configure SSH daemon
      lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^PermitRootLogin'
        line: 'PermitRootLogin no'
        notify:
          - restart ssh

  handlers:
    - name: restart ssh
      service:
        name: ssh
        state: restarted