What this book covers

Chapter 1, Puppet as a Security Tool, provides an introduction to Puppet. We'll build a development environment that we'll use in all the chapters, and explore some simple examples with Puppet.

Chapter 2, Tracking Changes to Objects, explores various ways to audit changes to resources, such as files. Puppet provides a number of ways to handle this, and we'll review their pros and cons.

Chapter 3, Puppet for Compliance, looks at the use of Puppet for compliance purposes. Version control for our manifests will be introduced, and it will explain how the manifests can be used for auditing and compliance purposes. We'll also review some specific examples of how Puppet can help with the PCI DSS.

Chapter 4, Security Reporting with Puppet, looks at how to report on some of the things we covered in the previous chapters. We'll build reporting on various system facts, as well as some simple reporting covering when Puppet last ran on our hosts.

Chapter 5, Securing Puppet, covers what it takes to secure Puppet itself. Since Puppet is in charge of all of your systems, ensuring that it is secure is important. We'll cover the various security configuration files Puppet uses, as well as how it uses SSL to ensure security.

Chapter 6, Community Modules for Security, takes a look at various modules that are available at the Puppet Forge. We'll explore modules to make managing various configuration files easier, as well as modules that provide some security hardening of hosts.

Chapter 7, Network Security and Puppet, will explore using Puppet to manage the firewall of the local host. We'll primarily be concentrating on the Puppet module, which manages iptables and its associated set of tools that are used to manage firewall rules. We'll also cover how to extend your modules to handle firewall resources.

Chapter 8, Centralized Logging, introduces the use of Puppet to manage centralized logging using Logstash. We'll cover the installation of Logstash as well as its dashboard component, Kibana. We'll then build a simple module to ship logs to a central server.

Chapter 9, Puppet and OS Security Tools, covers using Puppet to manage SELinux and auditd. We'll cover the options available for Puppet for SELinux, as well as community modules for both SELinux and auditd.

Appendix, Going Further, covers information on developing good modules, an analysis of Puppet device management, useful reporting tools, and a brief discussion on the Puppet community.