Enhancing Secure Deployment with Ansible: A Focus on Least Privilege and Automation for Linux

Author First name, Last name, Institution

Eddie Billoir, Université de Toulouse
Romain Laborde, Université de Toulouse
Ahmad Samer Wazan, Zayed UniversityFollow
Yves Rutschle, Université de Toulouse
Abdelmalek Benzekri, Airbus France

Document Type

Conference Proceeding

Source of Publication

ACM International Conference Proceeding Series

Publication Date

7-30-2024

Abstract

As organisations increasingly adopt Infrastructure as Code (IaC), ensuring secure deployment practices becomes paramount. Ansible is a well-known open-source and modular tool for automating IT management tasks. However, Ansible is subject to supply-chain attacks that can compromise all managed hosts. This article presents a semi-automated process that improves Ansible-based deployments to have fine-grained control on administrative privileges granted to Ansible tasks. We describe the integration of the RootAsRole framework to Ansible. Finally, we analyse the limit of the current implementation.

DOI Link

10.1145/3664476.3670929

ISBN

9798400717185

Publisher

ACM

Disciplines

Computer Sciences

Keywords

Ansible, Infrastructure as Code, Principle of Least privilege, Security

Scopus ID

85200368856

Recommended Citation

Billoir, Eddie; Laborde, Romain; Wazan, Ahmad Samer; Rutschle, Yves; and Benzekri, Abdelmalek, "Enhancing Secure Deployment with Ansible: A Focus on Least Privilege and Automation for Linux" (2024). All Works. 6717.
https://zuscholars.zu.ac.ae/works/6717

Indexed in Scopus

yes

Open Access

no