Chef Software is contributing OpenStack Baseline

I am happy to announce that the Chef Partners Team contributed a new OpenStack Baseline to our DevSec project. This Baseline is implementing the OpenStack Security Guide in InSpec. JJ Asghar will continue to be a core maintainer. The baseline is already covering a wide range of checks for: block-storage...


chef-os-hardening 2.0.0 is released

DevSec Hardening Framework project is releasing a new major release chef-os-hardening 2.0.0 today. The major points of this release are listed below, however there are also many changes under the hood like cleanups of documentation, improvements of the cookbook testing. Many thanks for the contributions and help we received from...


chef-ssh-hardening 2.0.0 is released

DevSec Hardening Framework project is releasing a new major release chef-ssh-hardening 2.0.0 today. Highlights and breaking changes: On the modern chef versions (>= 12.10) autodiscovery of openssh version is used in the decision logic of crypto parameters New attribute namespace ['ssh-hardening'] for the entire cookbook Split of attributes to the...


We are happy to announce our new DevSec baselines

Happy New Year DevSec users, from day one of the DevSec Hardening Framework project, we used the same test suites for our Ansible, Chef and Puppet implementations. Those test suites have been implemented in Serverspec and helped us to enforce the same rules for all hardening implementations. The combination with...


Ansible nginx-hardening role released

The next part of server hardening with Ansible is released today: The ansible-nginx-hardening role. This role hardens your existing nginx installations (version 1.0.15 or later). This time we tried to make sure that the hardening role works with popular nginx installation roles, so if you use any of the following...