1. YAML Syntax
Defines structure using indentation and key-value pairs.
app: MyApp
version: 1.0
environment:
  name: production
2. Scalars
Represents strings, numbers, booleans, and null values.
name: "John"
age: 30
active: true
price: 19.99
value: null
3. Lists
Stores ordered collections of items.
servers:
  - web1
  - web2
  - web3
4. Maps
Stores structured key-value data.
database:
  host: localhost
  port: 5432
  username: admin
5. Nesting
Creates hierarchical configuration.
application:
  backend:
    api:
      timeout: 30
6. Multiline Strings
Supports literal and folded block text.
description: |
  Line 1
  Line 2

summary: >
  This becomes
  one line.
7. Anchors & Aliases
Reuse configuration blocks.
defaults: &defaults
  retries: 3
  timeout: 30

service:
  <<: *defaults
  url: api.example.com
8. Type Tags
Explicitly define data types.
port: !!int "8080"
enabled: !!bool "true"
9. Multi-Document YAML
Separate multiple documents in one file.
---
app: frontend
---
app: backend
10. Schema Validation
Validate YAML structure.
type: object
properties:
  name:
    type: string
required:
  - name
11. Docker Compose
Define multi-container apps.
version: "3"
services:
  web:
    image: nginx
    ports:
      - "8080:80"
12. Kubernetes
Deploy container resources.
apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
    - name: nginx
      image: nginx
13. CI/CD
Automate pipelines.
name: CI
on: push
jobs:
  build:
    runs-on: ubuntu-latest
14. Ansible
Automate infrastructure tasks.
- hosts: localhost
  tasks:
    - name: Install nginx
      apt:
        name: nginx
        state: present
15. YAML Security
Prevent unsafe parsing and misconfigurations.
- Validate untrusted YAML
- Avoid yaml.load() without SafeLoader
- Restrict file permissions
16. Real-World YAML Labs (Linux + Cyber Security)
Production-ready YAML examples for Linux users, DevOps engineers, and cybersecurity practitioners.
Install Required Tools (Ubuntu/Debian): 
sudo apt update
sudo apt install docker docker-compose ansible yamllint python3-pip ufw auditd -y
pip install pyyaml

1. Secure Docker Web App with Resource Limits

version: "3.8"
services:
  web:
    image: nginx:latest
    ports:
      - "8080:80"
    deploy:
      resources:
        limits:
          cpus: "0.50"
          memory: 256M
    read_only: true
    restart: always
docker-compose up -d

2. Wazuh SIEM (Security Monitoring)

version: "3"
services:
  wazuh:
    image: wazuh/wazuh:latest
    ports:
      - "1514:1514"
      - "5601:5601"
docker-compose up -d

3. Suricata IDS via Docker

version: "3"
services:
  suricata:
    image: jasonish/suricata
    network_mode: host
    cap_add:
      - NET_ADMIN
    volumes:
      - ./logs:/var/log/suricata

4. OpenVAS Vulnerability Scanner

version: "3"
services:
  openvas:
    image: immauss/openvas
    ports:
      - "8081:9392"

5. Ansible Linux Hardening Playbook

- hosts: localhost
  become: yes
  tasks:
    - name: Disable root SSH login
      lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^PermitRootLogin'
        line: 'PermitRootLogin no'

    - name: Enable UFW
      ufw:
        state: enabled
ansible-playbook hardening.yml

6. UFW Firewall Rules YAML

- hosts: localhost
  become: yes
  tasks:
    - ufw:
        rule: allow
        port: 22
    - ufw:
        rule: allow
        port: 80
    - ufw:
        rule: deny
        port: 23

7. Auditd Monitoring Rule

- hosts: localhost
  become: yes
  tasks:
    - lineinfile:
        path: /etc/audit/rules.d/audit.rules
        line: "-w /etc/passwd -p wa -k passwd_changes"

8. Fail2Ban Jail YAML Concept

jail:
  sshd:
    enabled: true
    port: 22
    maxretry: 5
    bantime: 3600

9. GitHub Actions Security Scan

name: Security Pipeline
on: push
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Run Trivy Scan
        run: |
          sudo apt install wget
          wget https://github.com/aquasecurity/trivy/releases/latest/download/trivy_0.44.0_Linux-64bit.deb
          sudo dpkg -i trivy_0.44.0_Linux-64bit.deb
          trivy fs .

10. Kubernetes Pod Security Context

apiVersion: v1
kind: Pod
metadata:
  name: secure-nginx
spec:
  securityContext:
    runAsUser: 1000
    runAsNonRoot: true
  containers:
    - name: nginx
      image: nginx
      securityContext:
        readOnlyRootFilesystem: true

11. ELK Stack (Basic Logging Stack)

version: "3"
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.9.0
  kibana:
    image: docker.elastic.co/kibana/kibana:8.9.0
    ports:
      - "5601:5601"

12. File Integrity Monitoring Script (YAML Inventory)

files:
  - /etc/passwd
  - /etc/shadow
  - /etc/ssh/sshd_config
Python checker: 
import yaml, hashlib

with open("monitor.yml") as f:
    data = yaml.safe_load(f)

for file in data["files"]:
    with open(file,"rb") as f:
        print(file, hashlib.sha256(f.read()).hexdigest())

13. Automated Backup via Docker

version: "3"
services:
  backup:
    image: alpine
    volumes:
      - /home:/backup
    command: tar -czf /backup/home-backup.tar.gz /backup

14. Validate YAML Files

yamllint docker-compose.yml
yamllint hardening.yml

15. Secure YAML Parsing (Python)

import yaml
with open("config.yml") as f:
    data = yaml.safe_load(f)
Security Rule: 
Never use yaml.load() without SafeLoader.