When I build the server I make sure it meets all the compliance requirements (ex: PermitRootLogin, login banner). However, I would like to double check those compliance requirements on daily basis through Puppet (in case someone has changed them). This is an audit requirement.
I was able to write custom facts and now I see "PermitRootLogin" and "login banner" values in node "inventory" list. I was trying to create same report using following link, but it's not working http://puppetlabs.com/blog/when-puppet-reports-part-2/ dir structure ------------------------------------------ [root@lxpuppet modules]# pwd /opt/puppet/share/puppet/modules [root@lxpuppet modules]# ls -ltR compliance_report compliance_report: total 12 -rw-r--r-- 1 peadmin games 154 Jan 2 10:47 Modulefile drwxr-xr-x 2 peadmin games 4096 Jan 2 10:40 manifests drwxr-xr-x 3 peadmin games 4096 Jan 2 10:25 lib compliance_report/manifests: total 4 -rw-r--r-- 1 peadmin games 467 Jan 2 10:40 init.pp compliance_report/lib: total 4 drwxr-xr-x 3 peadmin games 4096 Jan 2 10:25 puppet compliance_report/lib/puppet: total 4 drwxr-xr-x 2 peadmin games 4096 Jan 2 10:25 reports compliance_report/lib/puppet/reports: total 0 ------------------------------------------------------------------- On Friday, December 28, 2012 10:11:16 AM UTC-5, pdiddy wrote: > > Thanks everyone, I will look into these options...I will write back in few > days... > > On Friday, December 28, 2012 7:36:31 AM UTC-5, Keiran Sweet wrote: >> >> Hi, >> Although I've never used it, this does sound like a task for the auditing >> functionality that was added into Puppet 2.6. >> Some information about it can be found here: >> http://puppetlabs.com/blog/all-about-auditing-with-puppet/ >> >> You may also find the Puppet enterprise documentation on audit and >> compliance of some use, as it uses the audit metaparams to achieve this >> functionality. >> http://docs.puppetlabs.com/pe/2.7/compliance_basics.html >> >> From what I understand, you can build your own >> auditing/reporting/compliance tool using your existing puppet framework and >> a modified report processor that fits your needs. >> >> Hope this helps. >> >> K >> >> >> >> >> >> >> >> On Thursday, December 27, 2012 10:27:53 PM UTC, Jason Edgecombe wrote: >>> >>> Yes, you can do what you want if you already have a puppet master >>> (server) in your puppet environment, but you may need configure or >>> install some add-ons. >>> >>> All puppet installations include a tool called "facter". Facter gathers >>> various facts or data about your systems. The system can be configured >>> to sent this data back to the puppet server. Various puppet add-ons >>> offer the ability to create reports based on the data that was sent back >>> to the server. For you needs, you will likely need to write a custom >>> fact. >>> >>> Here are some links that might be helpful: >>> >>> Info on facter: >>> http://puppetlabs.com/blog/facter-part-1-facter-101/ >>> >>> How to do custom facts: >>> http://docs.puppetlabs.com/guides/custom_facts.html >>> >>> Puppet reporting: >>> http://docs.puppetlabs.com/guides/reporting.html >>> >>> If you don't use a puppet server, then I think there are other options >>> for gathering the reporting data. >>> >>> Sincerely, >>> Jason >>> >>> >>> P.S. My apologies to other posters, but I didn't see a clear answer to >>> the question. >>> >>> On 12/27/2012 03:01 PM, pdiddy wrote: >>> > Understood, but is it possible to get it done via puppet? I've >>> management >>> > requirement. >>> > >>> > On Thursday, December 27, 2012 2:52:31 PM UTC-5, Christopher Wood >>> wrote: >>> >> You might be better off putting together a custom fact about this. >>> Then >>> >> you can check fact(s) on the host(s) without trying to >>> >> manage-but-not-manage something inside puppet. >>> >> >>> >> On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote: >>> >>> How do I check content of a file in puppet? >>> >>> ex: I want to see if "PermitRootLogin" is "no" >>> >> in /etc/ssh/sshd_config >>> >>> file (RHEL). If it's "yes" i want to show it on compliance >>> report. >>> >> For now >>> >>> I don't want make any changes to the sshd_config file through >>> puppet. >>> >>> Here is something I have: >>> >>> define line($file, $line, $ensure = 'present') { >>> >>> $line = "PermitRootLogin no" >>> >>> $file = "/etc/ssh/sshd_config" >>> >>> case $ensure { >>> >>> default : { err ( "unknown ensure value ${ensure}" ) } >>> >>> present: { >>> >>> warning/flag code: >>> >>> unless => "/bin/grep '${line}' '${file}'" >>> >>> } >>> >>> } >>> >>> } >>> >>> >>> >>> -- >>> >>> You received this message because you are subscribed to the >>> Google >>> >> Groups >>> >>> "Puppet Users" group. >>> >>> To view this discussion on the web visit >>> >>> [1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J. >>> >>> To post to this group, send email to >>> >>> [email protected]<javascript:>. >>> >>> >>> To unsubscribe from this group, send email to >>> >>> [email protected] <javascript:>. >>> >>> For more options, visit this group at >>> >>> http://groups.google.com/group/puppet-users?hl=en. >>> >>> >>> >>> References >>> >>> >>> >>> Visible links >>> >>> 1. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J >>> >>> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/vvRZCQSRZt8J. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
<<attachment: host-inventory.PNG>>
