Many amazing open source tools have been developed and matured over the past couple of years that will help you both be more secure and make your job easier. We have picked five top open source tools that can automate and help secure your IT infrastructure, preparing your organization for future success and compliance.
This open-source endpoint monitoring agent developed by Facebook can be installed on the most common major operating systems (Linux, OSX, Windows) to track your infrastructure. The OSQuery agents on your endpoints can be queried from a central shell session using simple SQL syntax, and return the information you need for a variety of daily sysadmin and security jobs. Yes, it is agent based and we all hate installing agents, but this agent is lightweight, will save you a lot of time, and help rapidly diagnose machine problems once it is installed on your endpoints.
2. AnsibleAnsible is an open source IT software management automation engine, similar to Puppet, Chef, and Salt. Ansible was built by DevOps people for DevOps people, to automate those frustrating repetitive tasks with easy to write “playbooks” and reduce human error causing problems. Originally designed to agentlessly manage Unix-based systems from a central control node over SSH, Ansible has matured over the past year and now boasts many Windows management features and is rapidly being adopted as a network infrastructure automation tool. Software management, configuration monitoring, and application deployments can all be automated so you can spend less time doing the same simple task.
Manually managing cloud infrastructure is unwieldly and seek an automated orchestration tool. Terraform is a cross-cloud provider infrastructure resource provisioning and management tool to automate the tedious parts of cloud management. Terraform was designed to work anywhere from a small, singular instance management to orchestrating data center scale deployments or multi-cloud deployments all while being safe and efficient. It is a great tool for organizations who are likely to scale up the number of cloud servers they are using in the future. But why use Terraform instead of native cloud service orchestration tools like AWS CloudFormation or Google’s Deployment Manager? Well, as many organizations have found out trying to deploy at scale with these tools, there are a lot of hidden limitations in these platforms that hinder deployment. Terraform was designed without these scaling limitation, and because it supports multiple cloud providers you are not forced to stay single cloud provider due to sunk costs.
Package managers on Linux systems like apt-get and yum are wonderfully convenient tools that make software management on Linux easy. Windows never really had good package management, until now. Chocolatey is an open source PowerShell-based package manager for Windows that even Microsoft has adopted and started shipping with Windows 10 and Windows Server 2016 as OneGet. Chocolatey can be installed on machines with Windows 7+ or Windows Server 2003+, and allows easy installation, management, upgrading, and uninstalling of software packages on remote endpoints with a few PowerShell scripts. The only caveat to Chocolatey is that while it offers many good features for free, the paid license version offers the best security and convenience features.
Vagrant is an easy-to-use command line utility for managing virtual machines from creation to destruction, primarily for testing and development purposes. Vagrant works with Virtualbox, VMWare, and more on Linux, OSX, and Windows machines. This tool is great as it offers automated, reliable virtual machine building that can be used to mirror production machines and test things like configuration changes, software updates, new software, etc. Environments can be disposed of and easily rebuilt, so you don’t have to worry about messing anything up and can confidently test a change that would later be deployed to a production environment. Vagrant boxes are highly configurable, and there are a wide variety of pre-made virtual machines that can be downloaded and run as-is or modified to your needed specifications.