Any thoughts guys... On Wednesday, January 2, 2013 11:05:41 AM UTC-5, pdiddy wrote: > > When I build the server I make sure it meets all the compliance > requirements (ex: PermitRootLogin, login banner). However, I would like to > double check those compliance requirements on daily basis through Puppet > (in case someone has changed them). This is an audit requirement. > > I was able to write custom facts and now I see "PermitRootLogin" and > "login banner" values in node "inventory" list. > > I was trying to create same report using following link, but it's not > working > http://puppetlabs.com/blog/when-puppet-reports-part-2/ > > dir structure > ------------------------------------------ > [root@lxpuppet modules]# pwd > /opt/puppet/share/puppet/modules > [root@lxpuppet modules]# ls -ltR compliance_report > compliance_report: > total 12 > -rw-r--r-- 1 peadmin games 154 Jan 2 10:47 Modulefile > drwxr-xr-x 2 peadmin games 4096 Jan 2 10:40 manifests > drwxr-xr-x 3 peadmin games 4096 Jan 2 10:25 lib > > compliance_report/manifests: > total 4 > -rw-r--r-- 1 peadmin games 467 Jan 2 10:40 init.pp > > compliance_report/lib: > total 4 > drwxr-xr-x 3 peadmin games 4096 Jan 2 10:25 puppet > > compliance_report/lib/puppet: > total 4 > drwxr-xr-x 2 peadmin games 4096 Jan 2 10:25 reports > > compliance_report/lib/puppet/reports: > total 0 > ------------------------------------------------------------------- > > > > > On Friday, December 28, 2012 10:11:16 AM UTC-5, pdiddy wrote: >> >> Thanks everyone, I will look into these options...I will write back in >> few days... >> >> On Friday, December 28, 2012 7:36:31 AM UTC-5, Keiran Sweet wrote: >>> >>> Hi, >>> Although I've never used it, this does sound like a task for the >>> auditing functionality that was added into Puppet 2.6. >>> Some information about it can be found here: >>> http://puppetlabs.com/blog/all-about-auditing-with-puppet/ >>> >>> You may also find the Puppet enterprise documentation on audit and >>> compliance of some use, as it uses the audit metaparams to achieve this >>> functionality. >>> http://docs.puppetlabs.com/pe/2.7/compliance_basics.html >>> >>> From what I understand, you can build your own >>> auditing/reporting/compliance tool using your existing puppet framework and >>> a modified report processor that fits your needs. >>> >>> Hope this helps. >>> >>> K >>> >>> >>> >>> >>> >>> >>> >>> On Thursday, December 27, 2012 10:27:53 PM UTC, Jason Edgecombe wrote: >>>> >>>> Yes, you can do what you want if you already have a puppet master >>>> (server) in your puppet environment, but you may need configure or >>>> install some add-ons. >>>> >>>> All puppet installations include a tool called "facter". Facter gathers >>>> various facts or data about your systems. The system can be configured >>>> to sent this data back to the puppet server. Various puppet add-ons >>>> offer the ability to create reports based on the data that was sent >>>> back >>>> to the server. For you needs, you will likely need to write a custom >>>> fact. >>>> >>>> Here are some links that might be helpful: >>>> >>>> Info on facter: >>>> http://puppetlabs.com/blog/facter-part-1-facter-101/ >>>> >>>> How to do custom facts: >>>> http://docs.puppetlabs.com/guides/custom_facts.html >>>> >>>> Puppet reporting: >>>> http://docs.puppetlabs.com/guides/reporting.html >>>> >>>> If you don't use a puppet server, then I think there are other options >>>> for gathering the reporting data. >>>> >>>> Sincerely, >>>> Jason >>>> >>>> >>>> P.S. My apologies to other posters, but I didn't see a clear answer to >>>> the question. >>>> >>>> On 12/27/2012 03:01 PM, pdiddy wrote: >>>> > Understood, but is it possible to get it done via puppet? I've >>>> management >>>> > requirement. >>>> > >>>> > On Thursday, December 27, 2012 2:52:31 PM UTC-5, Christopher Wood >>>> wrote: >>>> >> You might be better off putting together a custom fact about this. >>>> Then >>>> >> you can check fact(s) on the host(s) without trying to >>>> >> manage-but-not-manage something inside puppet. >>>> >> >>>> >> On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote: >>>> >>> How do I check content of a file in puppet? >>>> >>> ex: I want to see if "PermitRootLogin" is "no" >>>> >> in /etc/ssh/sshd_config >>>> >>> file (RHEL). If it's "yes" i want to show it on compliance >>>> report. >>>> >> For now >>>> >>> I don't want make any changes to the sshd_config file through >>>> puppet. >>>> >>> Here is something I have: >>>> >>> define line($file, $line, $ensure = 'present') { >>>> >>> $line = "PermitRootLogin no" >>>> >>> $file = "/etc/ssh/sshd_config" >>>> >>> case $ensure { >>>> >>> default : { err ( "unknown ensure value ${ensure}" ) } >>>> >>> present: { >>>> >>> warning/flag code: >>>> >>> unless => "/bin/grep '${line}' '${file}'" >>>> >>> } >>>> >>> } >>>> >>> } >>>> >>> >>>> >>> -- >>>> >>> You received this message because you are subscribed to the >>>> Google >>>> >> Groups >>>> >>> "Puppet Users" group. >>>> >>> To view this discussion on the web visit >>>> >>> [1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J. >>>> >>>> >>> To post to this group, send email to >>>> >>> puppet...@googlegroups.com<javascript:>. >>>> >>>> >>> To unsubscribe from this group, send email to >>>> >>> puppet-users...@googlegroups.com <javascript:>. >>>> >>> For more options, visit this group at >>>> >>> http://groups.google.com/group/puppet-users?hl=en. >>>> >>> >>>> >>> References >>>> >>> >>>> >>> Visible links >>>> >>> 1. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J >>>> >>>>
-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/rAc9P4HMMgQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
