Remember the basic hardening we did? No? Well, go forth and read here. I’ll wait.

…

Done? Ok, so you are with us on the promise and premise of cloud and short lived application servers. Cattle all the things! You are also with me on the idea that even cattle need to be vaccinated from some common issues, right? Thought so. Finally, you like the promise of automation via OpenStack Orchestration (Heat), right?

So specifying that as user-data every time is going to get cumbersome, as will managing your build scripts if you are using CLI tools and the like. A better way, is to build it into a Heat Template. This allows for some flexibility in both version controlling it as well as layering HOT templates to a desired end state (HOT allows for template nesting.

Our Template!

This will be the ‘hardening’ template. Go ahead and drop this into a text file and save it as “hardening.yaml”. If you read the above linked ‘hardening’ post, it’s just a translation of the same.

There isn’t anything too particularly interesting in here. In fact it is more or less an amalgamation of the spiderfoot bits from here & the hardening bits from before.

Enjoy!