The Egida project is a server orchestration system that allows to perform and deploy security configurations (custom control lists) over a machine infrastructure. These security configurations can shield and protect those servers by implementing the desired security measures depending on the server profile. Controls are sourced from the CIS Benchmarks, and we also need to obtain system information about each of the deployed servers to ensure proper deployment.
To achieve that, Egida is built using a microservices-based architecture composed of the following three modules:
-
egida: This is the main module, in charge of providing the communication interfaces with the user, as well as the process of the specific domain language called Aspida. Using this module, the user can define the different profiles to work with and the actions to be performed.
-
egida-roles: This module contains the definition of the Ansible roles that contains the actions corresponding to the security controls that are defined for each profile that a machine may have assigned. These actions can be either hardening operations (CIS Benchmarks) or setup actions to prepare that machine so it can be used correctly by Egida.
-
egida-api: The functionality of this module is to provide information of each machine to be used by Egida. This information can be varied: the services that are currently running, the operating system version or the score obtained with the Lynis tool… any kind of information that we determine it is interesting to better deploy any security control.
Distributed under the Apache 2.0 License. See LICENSE
for more information.
Authors:
Project Link: https://github.com/egida-kassandra/egida