Hi guys!. I want to use puppet to automate initial linux hardening and to maintain a security configuration standard. Does any one knows if there are modules going around that take care of the usual hardening steps?. If not, i will work on them and share them. thanks! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nicolas Arias wrote:> Hi guys!. > > I want to use puppet to automate initial linux hardening and to > maintain a security configuration standard. > > Does any one knows if there are modules going around that take care of > the usual hardening steps?. > > If not, i will work on them and share them. >I started this modeled on the CIS Linux Security guidelines. https://github.com/jamtur01/puppet-hardening It''s not complete but covers a selection of the controls. You''re welcome to fork/hack on it. Patches welcome etc. Regards James -- James Turnbull Puppet Labs 1-503-734-8571 Join us for PuppetConf <http://www.bit.ly/puppetconfsig>, September 22nd and 23rd in Portland, Oregon, USA. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Fri, Jul 1, 2011 at 3:48 PM, James Turnbull <james@puppetlabs.com> wrote:> Nicolas Arias wrote: > >> Hi guys!. >> >> I want to use puppet to automate initial linux hardening and to >> maintain a security configuration standard. >> >> Does any one knows if there are modules going around that take care of >> the usual hardening steps?. >> >> If not, i will work on them and share them. >> >> > I started this modeled on the CIS Linux Security guidelines. > > https://github.com/jamtur01/**puppet-hardening<https://github.com/jamtur01/puppet-hardening> > > It''s not complete but covers a selection of the controls. You''re welcome > to fork/hack on it. Patches welcome etc. > > Regards > >This raises an interesting question. I had been doing something similar recently, and I had implemented the hardening within the specific puppet modules that they were related to. However, you''ve written a totally separate module. Which is better? Doug. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Douglas Garstang wrote:> > This raises an interesting question. I had been doing something similar > recently, and I had implemented the hardening within the specific puppet > modules that they were related to. However, you''ve written a totally > separate module. Which is better? >I was specifically trying to provide an example of a module to apply a particular standard. I don''t it makes much difference which approach you take. Although if you break the hardening into classes though you can make exceptions to which nodes they are applied. Regards James -- James Turnbull Puppet Labs 1-503-734-8571 Join us for PuppetConf <http://www.bit.ly/puppetconfsig>, September 22nd and 23rd in Portland, Oregon, USA. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.