On 22/02/2024 11:58, Michel Verdier <mv...@free.fr> wrote:
On 2024-02-21, Andre Rodier wrote:
> A few years ago, I created a set of Ansible scripts to code what I was already
> doing manually, so I could rebuild my server from scratch.
What makes you chose ansible instead of a debian package applying your
scripts and configurations?
I didn't want to create a new distribution, I wanted scripts to configure a
bare distribution, that anyone could maintain using the standard Debian
procedures afterwards.
Also, if you have a look to the solution, you will see that the integration
between all the packages is not appropriate to the packages modification.
> - What is the best approach to check if there is any vulnerability in the
> packages configuration ?
> - Is there any service that could audit the deployment code or the
> configuration files ?
There is some debian packages for internal checks: rkhunter, tiger,
lynis, checksecurity, john, etc
Also OpenVAS https://openvas.org/ (fork from nessus) and other tools in
Kali Linux (debian-based)
