Re: [Puppet Users] Any pointers to RHEL7 CIS hardening usig puppet

On Mar 31, 2015, at 03:06 AM, Brad Knowles wrote:On Mar 30, 2015, at 9:34 PM, Dan White wrote:To sum up my point of view: (preface this whole block with “I believe…/I think…/IMHO…”)Puppet-izing the CIS Hardening Guidelines should be done throughout the entire catalog as nece

Re: [Puppet Users] Any pointers to RHEL7 CIS hardening usig puppet

Nice discussion we have going here. Comments/responses inline “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” (Bill Waterson: Calvin & Hobbes) On Mar 31, 2015, at 02:46 AM, Peter Pickford wrote: Hi Dan

Re: [Puppet Users] Any pointers to RHEL7 CIS hardening usig puppet

On Mar 30, 2015, at 9:34 PM, Dan White wrote: > To sum up my point of view: (preface this whole block with “I believe…/I > think…/IMHO…”) > Puppet-izing the CIS Hardening Guidelines should be done throughout the > entire catalog as necessary for one’s environment and system requirements. A >

Re: [Puppet Users] Any pointers to RHEL7 CIS hardening usig puppet

Hi Dan, Chris, Many thanks for taking the time to respond, some very useful ideas to ponder. Apologies if this is a bit waffley and repeats itself. Dan's approach is more elegant in the sense that it implements just what is required, but makes me uncomfortable because it distributes hardening im

Re: [Puppet Users] Any pointers to RHEL7 CIS hardening usig puppet

Chris, you make some good points, so I will respond here rather than earlier in the thread. The CIS Benchmarks are guidelines rather than rules. Quoting the overview: "This document, …, provides prescriptive guidance for establishing a secure configuration posture for Red Hat Enterprise Linux

Re: [Puppet Users] Any pointers to RHEL7 CIS hardening usig puppet

On Mon, Mar 30, 2015 at 09:10:03AM -0700, Peter Pickford wrote: >Hi Dan, >Could you expand on why "making a module out of the CIS Hardening >Guidelines is the wrong approach". Not sure what Dan will say and I haven't done it myself. However I have watched another team here produce a h

Re: [Puppet Users] Any pointers to RHEL7 CIS hardening usig puppet

I will reply to this in detail later today when I have time to gather my references. I did not want you to think I was ignoring you. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” (Bill Waterson: Calvin &

Re: [Puppet Users] Any pointers to RHEL7 CIS hardening usig puppet

Hi Dan, Could you expand on why "making a module out of the CIS Hardening Guidelines is the wrong approach". It seems like a good option when the likes of PCI DSS suggest implementing industry standards. Are you referring to the conflicts you end up with when using more specific, and usually more

Re: [Puppet Users] Any pointers to RHEL7 CIS hardening usig puppet

I believe that making a module out of the CIS Hardening Guidelines is the wrong approach. I implemented RHEL 5 and RHEL 6 hardening throughout my catalog. Specific example: Guidelines for ssh_config and sshd_config are in the ssh moduile. “Sometimes I think the surest sign that intelligent l

[Puppet Users] Any pointers to RHEL7 CIS hardening usig puppet

arildjensen-cis seems not to have worked for RHEL7 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discus