Name: opsy
Author: perlogix

Primary Use Case

Opsy is designed for developers and system administrators who want to quickly set up secure Linux environments and containerized applications using established DevSecOps patterns. It provides templates and scripts to automate security hardening, vulnerability scanning, secrets management, and Kubernetes local development, making it ideal for small deployments and local development environments.

Key Features

Docker container templates with build, test, linting, secrets detection, and security scanning stages

Linux server setup scripts for updates, cleaning, and basic hardening supporting Debian, RPM, and ClearLinux

Integration with Trivy for vulnerability scanning

Secrets detection using Gitleaks

Docker image compression with docker-slim

Local Kubernetes development environment via k3s in Vagrant

Slack notifications for build events

Unopinionated and easily customizable configurations

Insights & Recommendations

The default configurations, especially sysctl settings, may be too aggressive for some environments and compliance requirements; users should review and customize scripts accordingly. The install.sh script installs 'cmon' for system metrics reporting to ElasticSearch, which can be removed if not needed. Slack integration requires setting SLACK_TOKEN and SLACK_CHANNELS in start.sh for build notifications.

Installation

Clone the repository
For linux-ops, download and run install.sh with: curl -LO https://raw.githubusercontent.com/perlogix/opsy/main/linux-ops/install.sh && chmod 0755 ./install.sh && ./install.sh
For vagrant-envs, navigate to the vagrant-envs directory and run: vagrant up
SSH into the Vagrant VM using: vagrant ssh
Copy app-starter language files to your project
Update Docker build stages and start.sh script as needed

Usage

./start.sh build

Builds the Docker container image

./start.sh run

Runs the Docker container

./start.sh clean

Cleans the Docker system

./start.sh mkcert

Generates a self-signed certificate

./start.sh

Runs custom commands by uncommenting function calls at the bottom of start.sh

curl -LO https://raw.githubusercontent.com/perlogix/opsy/main/linux-ops/install.sh && chmod 0755 ./install.sh && ./install.sh

Installs and runs linux-ops scripts for server setup and hardening

vagrant up

Starts the Vagrant Linux VM with k3s environment

vagrant ssh

SSH into the Vagrant VM

Smart Usage Notes

Integrate Opsy into CI/CD pipelines to automate vulnerability scanning and secrets detection early in development.Customize and extend the Linux hardening scripts to enforce organization-specific security baselines.Leverage Slack notifications for real-time build and security event awareness to improve incident response times.Use the local Kubernetes environment (k3s via Vagrant) for safe testing of container security policies and DevSecOps workflows.Combine Opsy with centralized logging and SIEM tools to enhance detection and analysis capabilities across environments.

OpenSec Atlas

opsy

About This Tool

Primary Use Case

Key Features

Insights & Recommendations

Installation

Usage

Smart Usage Notes

Security Capability Profile

Tags

You Might Also Like