You can install and remove specific packages, but not specify a whitelist. (Unless you wanted to do creative things with facts, templates, and puppetized scripts. I'm assuming you think it's better to hose your server due to a typo than run with a single unpermitted package. And then how are you going to deal with the /var/tmp/... style of file-upload packages used by various script kiddies?)
On Tue, May 01, 2012 at 01:38:34PM -0700, bainar wrote: > Can anyone tell me if it is possible to explicitly specify the only > allowed packages on a host (modules on a node?) - i.e. a white list? > This is for hardening a VPS in the cloud. > > Thanks in advance > Andrew > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
