modversion
2011-Nov-13 02:00 UTC
[Puppet Users] can I use puppet for security configuration check in centos
hi all,can I use puppet for security configuration check in centos ? 1.check the kernel version whether great than 2.8.18.237-1 or not. 2.check the glibc,systemtap and udev version whether great than secure version or not. 3.check the php.ini whether set safe_mode to on or not. 4.check the sshd_config whether set PermitRootLogin to no or not. If puppet can make it ,would you like to be kind enough to tell me which class I should use? or which keyword I should search for. Thank you very much ! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Ohad Levy
2011-Nov-14 07:48 UTC
Re: [Puppet Users] can I use puppet for security configuration check in centos
On Sun, Nov 13, 2011 at 4:00 AM, modversion <modversion@gmail.com> wrote:> hi all,can I use puppet for security configuration check in centos ? > 1.check the kernel version whether great than 2.8.18.237-1 or not. > 2.check the glibc,systemtap and udev version whether great than secure > version or not. > 3.check the php.ini whether set safe_mode to on or not. > 4.check the sshd_config whether set PermitRootLogin to no or not. > > If puppet can make it ,would you like to be kind enough to tell me > which class I should use? or which keyword I should search for.You might want to have a look at http://www.open-scap.org, and in particular the secstate tool, which is based on puppet. I never used it myself, and therefore I dont know whats its current state, but it might fit to your needs. Ohad> > Thank you very much ! > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nigel Kersten
2011-Nov-14 08:25 UTC
Re: [Puppet Users] can I use puppet for security configuration check in centos
On Sun, Nov 13, 2011 at 11:48 PM, Ohad Levy <ohadlevy@gmail.com> wrote:> On Sun, Nov 13, 2011 at 4:00 AM, modversion <modversion@gmail.com> wrote: >> hi all,can I use puppet for security configuration check in centos ? >> 1.check the kernel version whether great than 2.8.18.237-1 or not. >> 2.check the glibc,systemtap and udev version whether great than secure >> version or not. >> 3.check the php.ini whether set safe_mode to on or not. >> 4.check the sshd_config whether set PermitRootLogin to no or not. >> >> If puppet can make it ,would you like to be kind enough to tell me >> which class I should use? or which keyword I should search for. > > You might want to have a look at http://www.open-scap.org, and in > particular the secstate tool, which is based on puppet. > > I never used it myself, and therefore I dont know whats its current > state, but it might fit to your needs.You can also just make use of the audit functionality in Puppet. http://puppetlabs.com/blog/all-about-auditing-with-puppet/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
modversion
2011-Nov-22 00:48 UTC
Re: Re: [Puppet Users] can I use puppet for security configuration check in centos
cool! That''s what I need,Thank you very much levy! modversion From: Ohad Levy Date: 2011-11-14 15:48 To: puppet-users Subject: Re: [Puppet Users] can I use puppet for security configuration check in centos On Sun, Nov 13, 2011 at 4:00 AM, modversion <modversion@gmail.com> wrote:> hi all,can I use puppet for security configuration check in centos ? > 1.check the kernel version whether great than 2.8.18.237-1 or not. > 2.check the glibc,systemtap and udev version whether great than secure > version or not. > 3.check the php.ini whether set safe_mode to on or not. > 4.check the sshd_config whether set PermitRootLogin to no or not. > > If puppet can make it ,would you like to be kind enough to tell me > which class I should use? or which keyword I should search for.You might want to have a look at http://www.open-scap.org, and in particular the secstate tool, which is based on puppet. I never used it myself, and therefore I dont know whats its current state, but it might fit to your needs. Ohad> > Thank you very much ! > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.