FAQ
When I build the server I make sure it meets all the compliance
requirements (ex: PermitRootLogin, login banner). However, I would like to
double check those compliance requirements on daily basis through Puppet
(in case someone has changed them). This is an audit requirement.

I was able to write custom facts and now I see "PermitRootLogin" and "login
banner" values in node "inventory" list.

I was trying to create same report using following link, but it's not
working
http://puppetlabs.com/blog/when-puppet-reports-part-2/

dir structure
------------------------------------------
[root@lxpuppet modules]# pwd
/opt/puppet/share/puppet/modules
[root@lxpuppet modules]# ls -ltR compliance_report
compliance_report:
total 12
-rw-r--r-- 1 peadmin games 154 Jan 2 10:47 Modulefile
drwxr-xr-x 2 peadmin games 4096 Jan 2 10:40 manifests
drwxr-xr-x 3 peadmin games 4096 Jan 2 10:25 lib

compliance_report/manifests:
total 4
-rw-r--r-- 1 peadmin games 467 Jan 2 10:40 init.pp

compliance_report/lib:
total 4
drwxr-xr-x 3 peadmin games 4096 Jan 2 10:25 puppet

compliance_report/lib/puppet:
total 4
drwxr-xr-x 2 peadmin games 4096 Jan 2 10:25 reports

compliance_report/lib/puppet/reports:
total 0
-------------------------------------------------------------------



On Friday, December 28, 2012 10:11:16 AM UTC-5, pdiddy wrote:

Thanks everyone, I will look into these options...I will write back in few
days...
On Friday, December 28, 2012 7:36:31 AM UTC-5, Keiran Sweet wrote:

Hi,
Although I've never used it, this does sound like a task for the auditing
functionality that was added into Puppet 2.6.
Some information about it can be found here:
http://puppetlabs.com/blog/all-about-auditing-with-puppet/

You may also find the Puppet enterprise documentation on audit and
compliance of some use, as it uses the audit metaparams to achieve this
functionality.
http://docs.puppetlabs.com/pe/2.7/compliance_basics.html

From what I understand, you can build your own
auditing/reporting/compliance tool using your existing puppet framework and
a modified report processor that fits your needs.

Hope this helps.

K






On Thursday, December 27, 2012 10:27:53 PM UTC, Jason Edgecombe wrote:

Yes, you can do what you want if you already have a puppet master
(server) in your puppet environment, but you may need configure or
install some add-ons.

All puppet installations include a tool called "facter". Facter gathers
various facts or data about your systems. The system can be configured
to sent this data back to the puppet server. Various puppet add-ons
offer the ability to create reports based on the data that was sent back
to the server. For you needs, you will likely need to write a custom
fact.

Here are some links that might be helpful:

Info on facter:
http://puppetlabs.com/blog/facter-part-1-facter-101/

How to do custom facts:
http://docs.puppetlabs.com/guides/custom_facts.html

Puppet reporting:
http://docs.puppetlabs.com/guides/reporting.html

If you don't use a puppet server, then I think there are other options
for gathering the reporting data.

Sincerely,
Jason


P.S. My apologies to other posters, but I didn't see a clear answer to
the question.
On 12/27/2012 03:01 PM, pdiddy wrote:
Understood, but is it possible to get it done via puppet? I've
management
requirement.

On Thursday, December 27, 2012 2:52:31 PM UTC-5, Christopher Wood
wrote:
You might be better off putting together a custom fact about this.
Then
you can check fact(s) on the host(s) without trying to
manage-but-not-manage something inside puppet.
On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote:
How do I check content of a file in puppet?
ex: I want to see if "PermitRootLogin" is "no"
in /etc/ssh/sshd_config
file (RHEL). If it's "yes" i want to show it on compliance
report.
For now
I don't want make any changes to the sshd_config file through
puppet.
Here is something I have:
define line($file, $line, $ensure = 'present') {
$line = "PermitRootLogin no"
$file = "/etc/ssh/sshd_config"
case $ensure {
default : { err ( "unknown ensure value ${ensure}" ) }
present: {
warning/flag code:
unless => "/bin/grep '${line}' '${file}'"
}
}
}

--
You received this message because you are subscribed to the
Google
Groups
"Puppet Users" group.
To view this discussion on the web visit
[1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J.
To post to this group, send email to puppet...@googlegroups.com<javascript:>.
To unsubscribe from this group, send email to
puppet-users...@googlegroups.com <javascript:>.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

References

Visible links
1. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/vvRZCQSRZt8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 10 of 12 | next ›
Discussion Overview
grouppuppet-users @
categoriespuppet
postedDec 27, '12 at 7:18p
activeApr 9, '13 at 1:49a
posts12
users6
websitepuppetlabs.com

People

Translate

site design / logo © 2022 Grokbase