Scheduled scans for file integrity checks, host-level monitoring using Ansible for various compliance initiatives
One of the many advantages of being able to execute commands on the host using Ansible is the ability to get internal system information, such as:
- File hashes
- Network connections
- List of running processes
It can act as a lightweight Host-Based Intrusion Detection System (HIDS). While this may not eliminate the case for a purpose-built HIDS in many cases, we can execute the same kind of security tasks using a tool such as Facebook's osquery
along with Ansible.
osquery
osquery
is an operating system instrumentation framework by Facebook and written in C++, that supports Windows, Linux, OS X (macOS), and other operating systems. It provides an interface to query an operating system using an SQL like syntax. By using this, we can perform low-level activities such as running processes, kernel configurations, network connections, and file integrity checks. Overall it's like a host-based...