If you are still looking for an audit/compliance solution, check out www.metaforsoftware.com. We can track daily changes on your servers and send alerts when we find diffs from one day to the next. Can also do large scale diffs across servers in a cluster. We're in free beta and also working on an integrated Puppet reporting feature right now. Let me know if you'd like to give it a try.
On Friday, January 4, 2013 7:21:19 AM UTC-8, pdiddy wrote: > > Any thoughts guys... > > On Wednesday, January 2, 2013 11:05:41 AM UTC-5, pdiddy wrote: >> >> When I build the server I make sure it meets all the compliance >> requirements (ex: PermitRootLogin, login banner). However, I would like to >> double check those compliance requirements on daily basis through Puppet >> (in case someone has changed them). This is an audit requirement. >> >> I was able to write custom facts and now I see "PermitRootLogin" and >> "login banner" values in node "inventory" list. >> >> I was trying to create same report using following link, but it's not >> working >> http://puppetlabs.com/blog/when-puppet-reports-part-2/ >> >> dir structure >> ------------------------------------------ >> [root@lxpuppet modules]# pwd >> /opt/puppet/share/puppet/modules >> [root@lxpuppet modules]# ls -ltR compliance_report >> compliance_report: >> total 12 >> -rw-r--r-- 1 peadmin games 154 Jan 2 10:47 Modulefile >> drwxr-xr-x 2 peadmin games 4096 Jan 2 10:40 manifests >> drwxr-xr-x 3 peadmin games 4096 Jan 2 10:25 lib >> >> compliance_report/manifests: >> total 4 >> -rw-r--r-- 1 peadmin games 467 Jan 2 10:40 init.pp >> >> compliance_report/lib: >> total 4 >> drwxr-xr-x 3 peadmin games 4096 Jan 2 10:25 puppet >> >> compliance_report/lib/puppet: >> total 4 >> drwxr-xr-x 2 peadmin games 4096 Jan 2 10:25 reports >> >> compliance_report/lib/puppet/reports: >> total 0 >> ------------------------------------------------------------------- >> >> >> >> >> On Friday, December 28, 2012 10:11:16 AM UTC-5, pdiddy wrote: >>> >>> Thanks everyone, I will look into these options...I will write back in >>> few days... >>> >>> On Friday, December 28, 2012 7:36:31 AM UTC-5, Keiran Sweet wrote: >>>> >>>> Hi, >>>> Although I've never used it, this does sound like a task for the >>>> auditing functionality that was added into Puppet 2.6. >>>> Some information about it can be found here: >>>> http://puppetlabs.com/blog/all-about-auditing-with-puppet/ >>>> >>>> You may also find the Puppet enterprise documentation on audit and >>>> compliance of some use, as it uses the audit metaparams to achieve this >>>> functionality. >>>> http://docs.puppetlabs.com/pe/2.7/compliance_basics.html >>>> >>>> From what I understand, you can build your own >>>> auditing/reporting/compliance tool using your existing puppet framework >>>> and >>>> a modified report processor that fits your needs. >>>> >>>> Hope this helps. >>>> >>>> K >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Thursday, December 27, 2012 10:27:53 PM UTC, Jason Edgecombe wrote: >>>>> >>>>> Yes, you can do what you want if you already have a puppet master >>>>> (server) in your puppet environment, but you may need configure or >>>>> install some add-ons. >>>>> >>>>> All puppet installations include a tool called "facter". Facter >>>>> gathers >>>>> various facts or data about your systems. The system can be configured >>>>> to sent this data back to the puppet server. Various puppet add-ons >>>>> offer the ability to create reports based on the data that was sent >>>>> back >>>>> to the server. For you needs, you will likely need to write a custom >>>>> fact. >>>>> >>>>> Here are some links that might be helpful: >>>>> >>>>> Info on facter: >>>>> http://puppetlabs.com/blog/facter-part-1-facter-101/ >>>>> >>>>> How to do custom facts: >>>>> http://docs.puppetlabs.com/guides/custom_facts.html >>>>> >>>>> Puppet reporting: >>>>> http://docs.puppetlabs.com/guides/reporting.html >>>>> >>>>> If you don't use a puppet server, then I think there are other options >>>>> for gathering the reporting data. >>>>> >>>>> Sincerely, >>>>> Jason >>>>> >>>>> >>>>> P.S. My apologies to other posters, but I didn't see a clear answer to >>>>> the question. >>>>> >>>>> On 12/27/2012 03:01 PM, pdiddy wrote: >>>>> > Understood, but is it possible to get it done via puppet? I've >>>>> management >>>>> > requirement. >>>>> > >>>>> > On Thursday, December 27, 2012 2:52:31 PM UTC-5, Christopher Wood >>>>> wrote: >>>>> >> You might be better off putting together a custom fact about this. >>>>> Then >>>>> >> you can check fact(s) on the host(s) without trying to >>>>> >> manage-but-not-manage something inside puppet. >>>>> >> >>>>> >> On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote: >>>>> >>> How do I check content of a file in puppet? >>>>> >>> ex: I want to see if "PermitRootLogin" is "no" >>>>> >> in /etc/ssh/sshd_config >>>>> >>> file (RHEL). If it's "yes" i want to show it on compliance >>>>> report. >>>>> >> For now >>>>> >>> I don't want make any changes to the sshd_config file through >>>>> puppet. >>>>> >>> Here is something I have: >>>>> >>> define line($file, $line, $ensure = 'present') { >>>>> >>> $line = "PermitRootLogin no" >>>>> >>> $file = "/etc/ssh/sshd_config" >>>>> >>> case $ensure { >>>>> >>> default : { err ( "unknown ensure value ${ensure}" ) } >>>>> >>> present: { >>>>> >>> warning/flag code: >>>>> >>> unless => "/bin/grep '${line}' '${file}'" >>>>> >>> } >>>>> >>> } >>>>> >>> } >>>>> >>> >>>>> >>> -- >>>>> >>> You received this message because you are subscribed to the >>>>> Google >>>>> >> Groups >>>>> >>> "Puppet Users" group. >>>>> >>> To view this discussion on the web visit >>>>> >>> [1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J. >>>>> >>>>> >>> To post to this group, send email to >>>>> [email protected]<javascript:>. >>>>> >>> To unsubscribe from this group, send email to >>>>> >>> [email protected] <javascript:>. >>>>> >>> For more options, visit this group at >>>>> >>> http://groups.google.com/group/puppet-users?hl=en. >>>>> >>> >>>>> >>> References >>>>> >>> >>>>> >>> Visible links >>>>> >>> 1. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J >>>>> >>>>> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
