Puppetize instance hardening tasks #15
Description
There needs to be an option to perform instance hardening tasks such as,
- Cleaning bash history
- Strengthen Java Cryptography
- Restricting SSH access
These are required for deployments public PaaS providers where security hardening of the instances should be done at instance provision time.
These configuration steps should be optional and the default should be opted out. Otherwise debugging failed Puppet runs can be tricky.
For a list of hardening recommended by AWS when creating AMIs, please refer to their guide