Summary The internet is rife with bots and bad actors trying to compromise your servers. To counteract these threats it is necessary to diligently harden your systems to improve server security. Unfortunately, the hardening process can be complex or confusing. In this week’s episode 18 year old Orhun Parmaksiz shares the story of how he and his friends created the GrapheneX framework to simplify the process of securing and maintaining your servers using the power and flexibility of Python. If you run your own software then this is definitely worth a listen. Announcements Hello and welcome to Podcast.__init__, the podcast about Python and the people who make it great. When you’re ready to launch your next app or want to try a project you hear about on the show, you’ll need somewhere to deploy it, so take a look at our friends over at Linode. With 200 Gbit/s private networking, scalable shared block storage, node balancers, and a 40 Gbit/s public network, all controlled by a brand new API you’ve got everything you need to scale up. And for your tasks that need fast computation, such as training machine learning models, they just launched dedicated CPU instances. Go to pythonpodcast.com/linode to get a $20 credit and launch a new server in under a minute. And don’t forget to thank them for their continued support of this show! Having all of your logs and event data in one place makes your life easier when something breaks, unless that something is your Elastic Search cluster because it’s storing too much data. CHAOSSEARCH frees you from having to worry about data retention, unexpected failures, and expanding operating costs. They give you a fully managed service to search and analyze all of your logs in S3, entirely under your control, all for half the cost of running your own Elastic Search cluster or using a hosted platform. Try it out for yourself at pythonpodcast.com/chaossearch and don’t forget to thank them for supporting the show! You listen to this show to learn and stay up to date with the ways that Python is being used, including the latest in machine learning and data analysis. For even more opportunities to meet, listen, and learn from your peers you don’t want to miss out on this year’s conference season. We have partnered with organizations such as O’Reilly Media, Dataversity, Corinium Global Intelligence, Alluxio, and Data Council. Upcoming events include the combined events of the Data Architecture Summit and Graphorum, the Data Orchestration Summit, and Data Council in NYC. Go to pythonpodcast.com/conferences to learn more about these and other events, and take advantage of our partner discounts to save money when you register today. Your host as usual is Tobias Macey and today I’m interviewing Orhun Parmaksiz about GrapheneX, a framework for simplifying the process of hardening your servers Interview Introductions How did you get introduced to Python? Can you start by explaining what we mean when we talk about hardening of servers? What are the common ways of hardening a system, which techniques can we use for this purpose? What are some of the high level categories of threats that operators should be considering? What is GrapheneX and what was your motivation for creating it? How does GrapheneX aid users in the process of increasing the security of their infrastructure? Is any extra operating system knowledge required for using GrapheneX? Can you talk through the workflow for someone using GrapheneX to harden their systems? What options does it support for managing deployment across a fleet of servers? Some security controls can actually prevent proper operation of the applications and services that are deployed on a server. How do you approach preventing those scenarios or educating the users in determining which controls are appropriate? Why did you choose Python for a project like GrapheneX? How is GrapheneX implemented? How has the design evolved since you first began working on it? If you were to start the project over today, what would you do differently? Do you accept contributions to the framework? If so, what kind of contributions are needed for improving GrapheneX? For someone who is interested in adding a new module to the framework, what is involved? What have you found to be the most interesting or challenging aspects of your work on GrapheneX? What, if any, aspects of server security have you consciously avoided implementing in GrapheneX? What are your future plans about the GrapheneX? Keep In Touch Orhun GitHub Twitter LinkedIn Picks Tobias Chess Orhun Creeping in My Soul by Cryoshell Gravity Hurts by Cryoshell Closing Announcements Thank you for listening! Don’t forget to check out our other show, the Data Engineering Podcast for the latest on modern data management. Visit the site to subscribe to the show, sign up for the mailing list, and read the show notes. If you’ve learned something or tried out a project from the show then tell us about it! Email hosts@podcastinit.com) with your story. To help other people find the show please leave a review on iTunes and tell your friends and co-workers Join the community in the new Zulip chat workspace at pythonpodcast.com/chat Links GrapheneX GitHub Website PyPI Twitter Trello Graphene New Modules for GNU/Linux & Windows (Issue) Flask Flask-SocketIO React trimstray/linux-hardening-checklist The Windows Server Hardening Checklist Firewall Windows Firewall Linux iptables PCI-DSS 2.2 requirement- server hardening standards CIS Benchmarks The intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA