Puppet users - Dec 2012 - How do I check content of a file in puppet

How do I check content of a file in puppet?
ex: I want to see if "PermitRootLogin" is "no" in
/etc/ssh/sshd_config file
(RHEL). If it''s "yes" i want to show it on compliance report.
For now I
don''t want make any changes to the sshd_config file through puppet.

Here is something I have:

define line($file, $line, $ensure = ''present'') {
        $line = "PermitRootLogin no"
        $file = "/etc/ssh/sshd_config"
    case $ensure {
        default : { err ( "unknown ensure value ${ensure}" ) }
        present: {
            warning/flag code:
                unless => "/bin/grep ''${line}''
''${file}''"
            }
        }
}

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

You might be better off putting together a custom fact about this. Then you can
check fact(s) on the host(s) without trying to manage-but-not-manage something
inside puppet.

On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote:
>    How do I check content of a file in puppet?
>    ex: I want to see if "PermitRootLogin" is "no"
in /etc/ssh/sshd_config
>    file (RHEL). If it''s "yes" i want to show it on
compliance report. For now
>    I don''t want make any changes to the sshd_config file through
puppet.
>    Here is something I have:
>    define line($file, $line, $ensure = ''present'') {
>            $line = "PermitRootLogin no"
>            $file = "/etc/ssh/sshd_config"
>        case $ensure {
>            default : { err ( "unknown ensure value ${ensure}" ) }
>            present: {
>                warning/flag code:
>                    unless => "/bin/grep ''${line}''
''${file}''"
>                }
>            }
>    }
> 
>    --
>    You received this message because you are subscribed to the Google
Groups
>    "Puppet Users" group.
>    To view this discussion on the web visit
>    [1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J.
>    To post to this group, send email to puppet-users@googlegroups.com.
>    To unsubscribe from this group, send email to
>    puppet-users+unsubscribe@googlegroups.com.
>    For more options, visit this group at
>    http://groups.google.com/group/puppet-users?hl=en.
> 
> References
> 
>    Visible links
>    1. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Understood, but is it possible to get it done via puppet? I''ve
management
requirement.

On Thursday, December 27, 2012 2:52:31 PM UTC-5, Christopher Wood
wrote:
>
> You might be better off putting together a custom fact about this. Then 
> you can check fact(s) on the host(s) without trying to 
> manage-but-not-manage something inside puppet. 
>
> On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote: 
> >    How do I check content of a file in puppet? 
> >    ex: I want to see if "PermitRootLogin" is "no" 
> in /etc/ssh/sshd_config 
> >    file (RHEL). If it''s "yes" i want to show it on
compliance report.
> For now 
> >    I don''t want make any changes to the sshd_config file
through puppet.
> >    Here is something I have: 
> >    define line($file, $line, $ensure = ''present'') { 
> >            $line = "PermitRootLogin no" 
> >            $file = "/etc/ssh/sshd_config" 
> >        case $ensure { 
> >            default : { err ( "unknown ensure value
${ensure}" ) }
> >            present: { 
> >                warning/flag code: 
> >                    unless => "/bin/grep
''${line}'' ''${file}''"
> >                } 
> >            } 
> >    } 
> > 
> >    -- 
> >    You received this message because you are subscribed to the Google 
> Groups 
> >    "Puppet Users" group. 
> >    To view this discussion on the web visit 
> >    [1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J. 
> >    To post to this group, send email to
puppet...@googlegroups.com<javascript:>.
>
> >    To unsubscribe from this group, send email to 
> >    puppet-users...@googlegroups.com <javascript:>. 
> >    For more options, visit this group at 
> >    http://groups.google.com/group/puppet-users?hl=en. 
> > 
> > References 
> > 
> >    Visible links 
> >    1. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J 
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/2kXlOB5em10J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Metaphorically, your management is asking you to drive nails with a screwdriver.
The right tool for the job here is facter, not puppet. (And puppet already uses
facter, so your management apparently doesn''t understand the stack
here.) While this is ultimately their problem, it sounds like you have to act as
an enabler in order to keep your job and buy your groceries. Anyway, on to the
helpful stuff!

I have no idea what sort of thing is in this compliance report. I will assume
that it is checking which hosts have successfully completed a puppet agent run.
To deliberately fail this in your scenario I might:

-write a script which checks the value of PermitRootLogin
-script should exit with a non-zero status if the value is undesired
-package this script in a deb (or rpm on your platform)
-use puppet to distribute my deb everywhere
-use an exec to run the script

Then you will see the same style of failure as if you ran this:

$ puppet apply -e ''exec { "/bin/false": }''
err: /Stage[main]//Exec[/bin/false]/returns: change from notrun to 0 failed:
/bin/false returned 1 instead of one of [0] at line 1
notice: Finished catalog run in 0.08 seconds

And that means the host is non-compliant.

Another item on my original point: ensure your communications with management on
this matter are all documented via email. When they finally figure out how much
technical debt they are accruing you will not wish to be left holding their bag.


On Thu, Dec 27, 2012 at 12:01:08PM -0800, pdiddy wrote:
>    Understood, but is it possible to get it done via puppet? I''ve
management
>    requirement.
> 
>    On Thursday, December 27, 2012 2:52:31 PM UTC-5, Christopher Wood wrote:
> 
>      You might be better off putting together a custom fact about this.
Then
>      you can check fact(s) on the host(s) without trying to
>      manage-but-not-manage something inside puppet.
> 
>      On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote:
>      >    How do I check content of a file in puppet?
>      >    ex: I want to see if "PermitRootLogin" is
"no"
>      in /etc/ssh/sshd_config
>      >    file (RHEL). If it''s "yes" i want to show
it on compliance report.
>      For now
>      >    I don''t want make any changes to the sshd_config file
through
>      puppet.
>      >    Here is something I have:
>      >    define line($file, $line, $ensure =
''present'') {
>      >            $line = "PermitRootLogin no"
>      >            $file = "/etc/ssh/sshd_config"
>      >        case $ensure {
>      >            default : { err ( "unknown ensure value
${ensure}" ) }
>      >            present: {
>      >                warning/flag code:
>      >                    unless => "/bin/grep
''${line}'' ''${file}''"
>      >                }
>      >            }
>      >    }
>      >
>      >    --
>      >    You received this message because you are subscribed to the
Google
>      Groups
>      >    "Puppet Users" group.
>      >    To view this discussion on the web visit
>      >  
 [1][1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J.
>      >    To post to this group, send email to
[2]puppet...@googlegroups.com.
>      >    To unsubscribe from this group, send email to
>      >    [3]puppet-users...@googlegroups.com.
>      >    For more options, visit this group at
>      >    [4]http://groups.google.com/group/puppet-users?hl=en.
>      >
>      > References
>      >
>      >    Visible links
>      >    1.
[5]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
> 
>    --
>    You received this message because you are subscribed to the Google
Groups
>    "Puppet Users" group.
>    To view this discussion on the web visit
>    [6]https://groups.google.com/d/msg/puppet-users/-/2kXlOB5em10J.
>    To post to this group, send email to puppet-users@googlegroups.com.
>    To unsubscribe from this group, send email to
>    puppet-users+unsubscribe@googlegroups.com.
>    For more options, visit this group at
>    http://groups.google.com/group/puppet-users?hl=en.
> 
> References
> 
>    Visible links
>    1. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
>    2. javascript:
>    3. javascript:
>    4. http://groups.google.com/group/puppet-users?hl=en
>    5. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
>    6. https://groups.google.com/d/msg/puppet-users/-/2kXlOB5em10J
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi,

Couldn''t he run --noop as a scanner for hosts out of compliance and
then when one is found, run normal puppet run (obviously you don''t have
to run in noop and just run normal runs and monitor reports).

That way management can see that non compliant host are being made compliant ( a
much more useful report one would think).

So the solution would be to describe the state of the sshd_config file the way
it should be and enforce that.

Reporting options on that are normal puppet reports.

Cheers,
Den

On 28/12/2012, at 7:23, Christopher Wood <christopher_wood@pobox.com>
wrote:
> Metaphorically, your management is asking you to drive nails with a
screwdriver. The right tool for the job here is facter, not puppet. (And puppet
already uses facter, so your management apparently doesn''t understand
the stack here.) While this is ultimately their problem, it sounds like you have
to act as an enabler in order to keep your job and buy your groceries. Anyway,
on to the helpful stuff!
> 
> I have no idea what sort of thing is in this compliance report. I will
assume that it is checking which hosts have successfully completed a puppet
agent run. To deliberately fail this in your scenario I might:
> 
> -write a script which checks the value of PermitRootLogin
> -script should exit with a non-zero status if the value is undesired
> -package this script in a deb (or rpm on your platform)
> -use puppet to distribute my deb everywhere
> -use an exec to run the script
> 
> Then you will see the same style of failure as if you ran this:
> 
> $ puppet apply -e ''exec { "/bin/false": }''
> err: /Stage[main]//Exec[/bin/false]/returns: change from notrun to 0
failed: /bin/false returned 1 instead of one of [0] at line 1
> notice: Finished catalog run in 0.08 seconds
> 
> And that means the host is non-compliant.
> 
> Another item on my original point: ensure your communications with
management on this matter are all documented via email. When they finally figure
out how much technical debt they are accruing you will not wish to be left
holding their bag.
> 
> 
> On Thu, Dec 27, 2012 at 12:01:08PM -0800, pdiddy wrote:
>>   Understood, but is it possible to get it done via puppet?
I''ve management
>>   requirement.
>> 
>>   On Thursday, December 27, 2012 2:52:31 PM UTC-5, Christopher Wood
wrote:
>> 
>>     You might be better off putting together a custom fact about this.
Then
>>     you can check fact(s) on the host(s) without trying to
>>     manage-but-not-manage something inside puppet.
>> 
>>     On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote:
>>>    How do I check content of a file in puppet?
>>>    ex: I want to see if "PermitRootLogin" is
"no"
>>     in /etc/ssh/sshd_config
>>>    file (RHEL). If it''s "yes" i want to show it
on compliance report.
>>     For now
>>>    I don''t want make any changes to the sshd_config file
through
>>     puppet.
>>>    Here is something I have:
>>>    define line($file, $line, $ensure = ''present'')
{
>>>            $line = "PermitRootLogin no"
>>>            $file = "/etc/ssh/sshd_config"
>>>        case $ensure {
>>>            default : { err ( "unknown ensure value
${ensure}" ) }
>>>            present: {
>>>                warning/flag code:
>>>                    unless => "/bin/grep
''${line}'' ''${file}''"
>>>                }
>>>            }
>>>    }
>>> 
>>>    --
>>>    You received this message because you are subscribed to the
Google
>>     Groups
>>>    "Puppet Users" group.
>>>    To view this discussion on the web visit
>>>   
[1][1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J.
>>>    To post to this group, send email to
[2]puppet...@googlegroups.com.
>>>    To unsubscribe from this group, send email to
>>>    [3]puppet-users...@googlegroups.com.
>>>    For more options, visit this group at
>>>    [4]http://groups.google.com/group/puppet-users?hl=en.
>>> 
>>> References
>>> 
>>>    Visible links
>>>    1.
[5]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
>> 
>>   --
>>   You received this message because you are subscribed to the Google
Groups
>>   "Puppet Users" group.
>>   To view this discussion on the web visit
>>   [6]https://groups.google.com/d/msg/puppet-users/-/2kXlOB5em10J.
>>   To post to this group, send email to puppet-users@googlegroups.com.
>>   To unsubscribe from this group, send email to
>>   puppet-users+unsubscribe@googlegroups.com.
>>   For more options, visit this group at
>>   http://groups.google.com/group/puppet-users?hl=en.
>> 
>> References
>> 
>>   Visible links
>>   1. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
>>   2. javascript:
>>   3. javascript:
>>   4. http://groups.google.com/group/puppet-users?hl=en
>>   5. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
>>   6. https://groups.google.com/d/msg/puppet-users/-/2kXlOB5em10J
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> 
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I suppose so, but I haven''t ever worked with puppet reporting. My
questions about the business issue behind this request are more along the lines
of what his management wants the information for. There are a number of
corollary questions that come up, including but not limited to:

-Why are you checking this data? Is for some form of compliance, or something
else?
-Why are you reporting on an invalid (presumably) sshd_config without enforcing
the correct configuration?
-Why only report an issue whenever puppet is run? If it''s important to
audit when sshd_config is changed and/or the daemon is restarted,
shouldn''t you check that between puppet runs too?
-Why only check through puppet? If somebody disables the agent (temporary lab
work, for instance) don''t you still want PermitRootLogin checked?
-Why do a single puppet run? That is still using cpu/io for a whole agent run to
check a single item.
-Why do two puppet agent runs at all? That is twice the cpu/io to find a single
data point.

They all seem to come down to how his management wants to check validity in
puppet rather than enforce it and report what happened. As we''ve both
demonstrated, going down that path automatically requires extra effort making
puppet do something that it''s sensibly not quite designed for.



On Fri, Dec 28, 2012 at 08:19:02AM +1100, Denmat wrote:
> Hi,
> 
> Couldn''t he run --noop as a scanner for hosts out of compliance
and then when one is found, run normal puppet run (obviously you don''t
have to run in noop and just run normal runs and monitor reports).
> 
> That way management can see that non compliant host are being made
compliant ( a much more useful report one would think).
> 
> So the solution would be to describe the state of the sshd_config file the
way it should be and enforce that.
> 
> Reporting options on that are normal puppet reports.
> 
> Cheers,
> Den
> 
> On 28/12/2012, at 7:23, Christopher Wood <christopher_wood@pobox.com>
wrote:
> 
> > Metaphorically, your management is asking you to drive nails with a
screwdriver. The right tool for the job here is facter, not puppet. (And puppet
already uses facter, so your management apparently doesn''t understand
the stack here.) While this is ultimately their problem, it sounds like you have
to act as an enabler in order to keep your job and buy your groceries. Anyway,
on to the helpful stuff!
> > 
> > I have no idea what sort of thing is in this compliance report. I will
assume that it is checking which hosts have successfully completed a puppet
agent run. To deliberately fail this in your scenario I might:
> > 
> > -write a script which checks the value of PermitRootLogin
> > -script should exit with a non-zero status if the value is undesired
> > -package this script in a deb (or rpm on your platform)
> > -use puppet to distribute my deb everywhere
> > -use an exec to run the script
> > 
> > Then you will see the same style of failure as if you ran this:
> > 
> > $ puppet apply -e ''exec { "/bin/false": }''
> > err: /Stage[main]//Exec[/bin/false]/returns: change from notrun to 0
failed: /bin/false returned 1 instead of one of [0] at line 1
> > notice: Finished catalog run in 0.08 seconds
> > 
> > And that means the host is non-compliant.
> > 
> > Another item on my original point: ensure your communications with
management on this matter are all documented via email. When they finally figure
out how much technical debt they are accruing you will not wish to be left
holding their bag.
> > 
> > 
> > On Thu, Dec 27, 2012 at 12:01:08PM -0800, pdiddy wrote:
> >>   Understood, but is it possible to get it done via puppet?
I''ve management
> >>   requirement.
> >> 
> >>   On Thursday, December 27, 2012 2:52:31 PM UTC-5, Christopher
Wood wrote:
> >> 
> >>     You might be better off putting together a custom fact about
this. Then
> >>     you can check fact(s) on the host(s) without trying to
> >>     manage-but-not-manage something inside puppet.
> >> 
> >>     On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote:
> >>>    How do I check content of a file in puppet?
> >>>    ex: I want to see if "PermitRootLogin" is
"no"
> >>     in /etc/ssh/sshd_config
> >>>    file (RHEL). If it''s "yes" i want to
show it on compliance report.
> >>     For now
> >>>    I don''t want make any changes to the sshd_config
file through
> >>     puppet.
> >>>    Here is something I have:
> >>>    define line($file, $line, $ensure =
''present'') {
> >>>            $line = "PermitRootLogin no"
> >>>            $file = "/etc/ssh/sshd_config"
> >>>        case $ensure {
> >>>            default : { err ( "unknown ensure value
${ensure}" ) }
> >>>            present: {
> >>>                warning/flag code:
> >>>                    unless => "/bin/grep
''${line}'' ''${file}''"
> >>>                }
> >>>            }
> >>>    }
> >>> 
> >>>    --
> >>>    You received this message because you are subscribed to the
Google
> >>     Groups
> >>>    "Puppet Users" group.
> >>>    To view this discussion on the web visit
> >>>   
[1][1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J.
> >>>    To post to this group, send email to
[2]puppet...@googlegroups.com.
> >>>    To unsubscribe from this group, send email to
> >>>    [3]puppet-users...@googlegroups.com.
> >>>    For more options, visit this group at
> >>>    [4]http://groups.google.com/group/puppet-users?hl=en.
> >>> 
> >>> References
> >>> 
> >>>    Visible links
> >>>    1.
[5]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
> >> 
> >>   --
> >>   You received this message because you are subscribed to the
Google Groups
> >>   "Puppet Users" group.
> >>   To view this discussion on the web visit
> >>   [6]https://groups.google.com/d/msg/puppet-users/-/2kXlOB5em10J.
> >>   To post to this group, send email to
puppet-users@googlegroups.com.
> >>   To unsubscribe from this group, send email to
> >>   puppet-users+unsubscribe@googlegroups.com.
> >>   For more options, visit this group at
> >>   http://groups.google.com/group/puppet-users?hl=en.
> >> 
> >> References
> >> 
> >>   Visible links
> >>   1. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
> >>   2. javascript:
> >>   3. javascript:
> >>   4. http://groups.google.com/group/puppet-users?hl=en
> >>   5. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
> >>   6. https://groups.google.com/d/msg/puppet-users/-/2kXlOB5em10J
> > 
> > -- 
> > You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> > For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> > 
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> 
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Yes, you can do what you want if you already have a puppet master 
(server) in your puppet environment, but you may need configure or 
install some add-ons.

All puppet installations include a tool called "facter". Facter
gathers
various facts or data about your systems. The system can be configured 
to sent this data back to the puppet server. Various puppet add-ons 
offer the ability to create reports based on the data that was sent back 
to the server. For you needs, you will likely need to write a custom fact.

Here are some links that might be helpful:

     Info on facter:
     http://puppetlabs.com/blog/facter-part-1-facter-101/

     How to do custom facts:
     http://docs.puppetlabs.com/guides/custom_facts.html

     Puppet reporting:
     http://docs.puppetlabs.com/guides/reporting.html

If you don''t use a puppet server, then I think there are other options 
for gathering the reporting data.

Sincerely,
Jason


P.S. My apologies to other posters, but I didn''t see a clear answer to 
the question.

On 12/27/2012 03:01 PM, pdiddy wrote:
> Understood, but is it possible to get it done via puppet? I''ve
management
> requirement.
>
> On Thursday, December 27, 2012 2:52:31 PM UTC-5, Christopher Wood wrote:
>> You might be better off putting together a custom fact about this. Then
>> you can check fact(s) on the host(s) without trying to
>> manage-but-not-manage something inside puppet.
>>
>> On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote:
>>>     How do I check content of a file in puppet?
>>>     ex: I want to see if "PermitRootLogin" is
"no"
>> in /etc/ssh/sshd_config
>>>     file (RHEL). If it''s "yes" i want to show it
on compliance report.
>> For now
>>>     I don''t want make any changes to the sshd_config file
through puppet.
>>>     Here is something I have:
>>>     define line($file, $line, $ensure =
''present'') {
>>>             $line = "PermitRootLogin no"
>>>             $file = "/etc/ssh/sshd_config"
>>>         case $ensure {
>>>             default : { err ( "unknown ensure value
${ensure}" ) }
>>>             present: {
>>>                 warning/flag code:
>>>                     unless => "/bin/grep
''${line}'' ''${file}''"
>>>                 }
>>>             }
>>>     }
>>>
>>>     --
>>>     You received this message because you are subscribed to the
Google
>> Groups
>>>     "Puppet Users" group.
>>>     To view this discussion on the web visit
>>>     [1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J.
>>>     To post to this group, send email to
puppet...@googlegroups.com<javascript:>.
>>>     To unsubscribe from this group, send email to
>>>     puppet-users...@googlegroups.com <javascript:>.
>>>     For more options, visit this group at
>>>     http://groups.google.com/group/puppet-users?hl=en.
>>>
>>> References
>>>
>>>     Visible links
>>>     1. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi,
Although I''ve never used it, this does sound like a task for the
auditing
functionality that was added into Puppet 2.6.
Some information about it can be found here: 
http://puppetlabs.com/blog/all-about-auditing-with-puppet/

You may also find the Puppet enterprise documentation on audit and 
compliance of some use, as it uses the audit metaparams to achieve this 
functionality.
http://docs.puppetlabs.com/pe/2.7/compliance_basics.html

From what I understand, you can build your own 
auditing/reporting/compliance tool using your existing puppet framework and 
a modified report processor that fits your needs.

Hope this helps.

K







On Thursday, December 27, 2012 10:27:53 PM UTC, Jason Edgecombe
wrote:
>
> Yes, you can do what you want if you already have a puppet master 
> (server) in your puppet environment, but you may need configure or 
> install some add-ons. 
>
> All puppet installations include a tool called "facter". Facter
gathers
> various facts or data about your systems. The system can be configured 
> to sent this data back to the puppet server. Various puppet add-ons 
> offer the ability to create reports based on the data that was sent back 
> to the server. For you needs, you will likely need to write a custom fact. 
>
> Here are some links that might be helpful: 
>
>      Info on facter: 
>      http://puppetlabs.com/blog/facter-part-1-facter-101/ 
>
>      How to do custom facts: 
>      http://docs.puppetlabs.com/guides/custom_facts.html 
>
>      Puppet reporting: 
>      http://docs.puppetlabs.com/guides/reporting.html 
>
> If you don''t use a puppet server, then I think there are other
options
> for gathering the reporting data. 
>
> Sincerely, 
> Jason 
>
>
> P.S. My apologies to other posters, but I didn''t see a clear
answer to
> the question. 
>
> On 12/27/2012 03:01 PM, pdiddy wrote: 
> > Understood, but is it possible to get it done via puppet?
I''ve
> management 
> > requirement. 
> > 
> > On Thursday, December 27, 2012 2:52:31 PM UTC-5, Christopher Wood
wrote:
> >> You might be better off putting together a custom fact about this.
Then
> >> you can check fact(s) on the host(s) without trying to 
> >> manage-but-not-manage something inside puppet. 
> >> 
> >> On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote: 
> >>>     How do I check content of a file in puppet? 
> >>>     ex: I want to see if "PermitRootLogin" is
"no"
> >> in /etc/ssh/sshd_config 
> >>>     file (RHEL). If it''s "yes" i want to
show it on compliance report.
> >> For now 
> >>>     I don''t want make any changes to the sshd_config
file through
> puppet. 
> >>>     Here is something I have: 
> >>>     define line($file, $line, $ensure =
''present'') {
> >>>             $line = "PermitRootLogin no" 
> >>>             $file = "/etc/ssh/sshd_config" 
> >>>         case $ensure { 
> >>>             default : { err ( "unknown ensure value
${ensure}" ) }
> >>>             present: { 
> >>>                 warning/flag code: 
> >>>                     unless => "/bin/grep
''${line}'' ''${file}''"
> >>>                 } 
> >>>             } 
> >>>     } 
> >>> 
> >>>     -- 
> >>>     You received this message because you are subscribed to
the Google
> >> Groups 
> >>>     "Puppet Users" group. 
> >>>     To view this discussion on the web visit 
> >>>    
[1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J.
> >>>     To post to this group, send email to
puppet...@googlegroups.com<javascript:>.
>
> >>>     To unsubscribe from this group, send email to 
> >>>     puppet-users...@googlegroups.com <javascript:>. 
> >>>     For more options, visit this group at 
> >>>     http://groups.google.com/group/puppet-users?hl=en. 
> >>> 
> >>> References 
> >>> 
> >>>     Visible links 
> >>>     1.
https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/0pbXzEuApHIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thanks everyone, I will look into these options...I will write back in few 
days...

On Friday, December 28, 2012 7:36:31 AM UTC-5, Keiran Sweet
wrote:
>
> Hi,
> Although I''ve never used it, this does sound like a task for the
auditing
> functionality that was added into Puppet 2.6.
> Some information about it can be found here: 
> http://puppetlabs.com/blog/all-about-auditing-with-puppet/
>
> You may also find the Puppet enterprise documentation on audit and 
> compliance of some use, as it uses the audit metaparams to achieve this 
> functionality.
> http://docs.puppetlabs.com/pe/2.7/compliance_basics.html
>
> From what I understand, you can build your own 
> auditing/reporting/compliance tool using your existing puppet framework and
> a modified report processor that fits your needs.
>
> Hope this helps.
>
> K
>
>
>
>
>
>
>
> On Thursday, December 27, 2012 10:27:53 PM UTC, Jason Edgecombe wrote:
>>
>> Yes, you can do what you want if you already have a puppet master 
>> (server) in your puppet environment, but you may need configure or 
>> install some add-ons. 
>>
>> All puppet installations include a tool called "facter".
Facter gathers
>> various facts or data about your systems. The system can be configured 
>> to sent this data back to the puppet server. Various puppet add-ons 
>> offer the ability to create reports based on the data that was sent
back
>> to the server. For you needs, you will likely need to write a custom 
>> fact. 
>>
>> Here are some links that might be helpful: 
>>
>>      Info on facter: 
>>      http://puppetlabs.com/blog/facter-part-1-facter-101/ 
>>
>>      How to do custom facts: 
>>      http://docs.puppetlabs.com/guides/custom_facts.html 
>>
>>      Puppet reporting: 
>>      http://docs.puppetlabs.com/guides/reporting.html 
>>
>> If you don''t use a puppet server, then I think there are other
options
>> for gathering the reporting data. 
>>
>> Sincerely, 
>> Jason 
>>
>>
>> P.S. My apologies to other posters, but I didn''t see a clear
answer to
>> the question. 
>>
>> On 12/27/2012 03:01 PM, pdiddy wrote: 
>> > Understood, but is it possible to get it done via puppet?
I''ve
>> management 
>> > requirement. 
>> > 
>> > On Thursday, December 27, 2012 2:52:31 PM UTC-5, Christopher Wood 
>> wrote: 
>> >> You might be better off putting together a custom fact about
this.
>> Then 
>> >> you can check fact(s) on the host(s) without trying to 
>> >> manage-but-not-manage something inside puppet. 
>> >> 
>> >> On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote: 
>> >>>     How do I check content of a file in puppet? 
>> >>>     ex: I want to see if "PermitRootLogin" is
"no"
>> >> in /etc/ssh/sshd_config 
>> >>>     file (RHEL). If it''s "yes" i want
to show it on compliance
>> report. 
>> >> For now 
>> >>>     I don''t want make any changes to the
sshd_config file through
>> puppet. 
>> >>>     Here is something I have: 
>> >>>     define line($file, $line, $ensure =
''present'') {
>> >>>             $line = "PermitRootLogin no" 
>> >>>             $file = "/etc/ssh/sshd_config" 
>> >>>         case $ensure { 
>> >>>             default : { err ( "unknown ensure value
${ensure}" ) }
>> >>>             present: { 
>> >>>                 warning/flag code: 
>> >>>                     unless => "/bin/grep
''${line}'' ''${file}''"
>> >>>                 } 
>> >>>             } 
>> >>>     } 
>> >>> 
>> >>>     -- 
>> >>>     You received this message because you are subscribed
to the
>> Google 
>> >> Groups 
>> >>>     "Puppet Users" group. 
>> >>>     To view this discussion on the web visit 
>> >>>    
[1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J.
>> >>>     To post to this group, send email to
puppet...@googlegroups.com<javascript:>.
>>
>> >>>     To unsubscribe from this group, send email to 
>> >>>     puppet-users...@googlegroups.com <javascript:>. 
>> >>>     For more options, visit this group at 
>> >>>     http://groups.google.com/group/puppet-users?hl=en. 
>> >>> 
>> >>> References 
>> >>> 
>> >>>     Visible links 
>> >>>     1.
https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
>>
>>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/LcQ8uOZpjysJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

When I build the server I make sure it meets all the compliance 
requirements (ex: PermitRootLogin, login banner). However, I would like to 
double check those compliance requirements on daily basis through Puppet 
(in case someone has changed them). This is an audit requirement.

I was able to write custom facts and now I see "PermitRootLogin" and
"login
banner" values in node "inventory" list.

I was trying to create same report using following link, but it''s not 
working
http://puppetlabs.com/blog/when-puppet-reports-part-2/

dir structure
------------------------------------------
[root@lxpuppet modules]# pwd
/opt/puppet/share/puppet/modules
[root@lxpuppet modules]# ls -ltR compliance_report
compliance_report:
total 12
-rw-r--r-- 1 peadmin games  154 Jan  2 10:47 Modulefile
drwxr-xr-x 2 peadmin games 4096 Jan  2 10:40 manifests
drwxr-xr-x 3 peadmin games 4096 Jan  2 10:25 lib

compliance_report/manifests:
total 4
-rw-r--r-- 1 peadmin games 467 Jan  2 10:40 init.pp

compliance_report/lib:
total 4
drwxr-xr-x 3 peadmin games 4096 Jan  2 10:25 puppet

compliance_report/lib/puppet:
total 4
drwxr-xr-x 2 peadmin games 4096 Jan  2 10:25 reports

compliance_report/lib/puppet/reports:
total 0
-------------------------------------------------------------------




On Friday, December 28, 2012 10:11:16 AM UTC-5, pdiddy
wrote:
>
> Thanks everyone, I will look into these options...I will write back in few 
> days...
>
> On Friday, December 28, 2012 7:36:31 AM UTC-5, Keiran Sweet wrote:
>>
>> Hi,
>> Although I''ve never used it, this does sound like a task for
the auditing
>> functionality that was added into Puppet 2.6.
>> Some information about it can be found here: 
>> http://puppetlabs.com/blog/all-about-auditing-with-puppet/
>>
>> You may also find the Puppet enterprise documentation on audit and 
>> compliance of some use, as it uses the audit metaparams to achieve this
>> functionality.
>> http://docs.puppetlabs.com/pe/2.7/compliance_basics.html
>>
>> From what I understand, you can build your own 
>> auditing/reporting/compliance tool using your existing puppet framework
and
>> a modified report processor that fits your needs.
>>
>> Hope this helps.
>>
>> K
>>
>>
>>
>>
>>
>>
>>
>> On Thursday, December 27, 2012 10:27:53 PM UTC, Jason Edgecombe wrote:
>>>
>>> Yes, you can do what you want if you already have a puppet master 
>>> (server) in your puppet environment, but you may need configure or 
>>> install some add-ons. 
>>>
>>> All puppet installations include a tool called "facter".
Facter gathers
>>> various facts or data about your systems. The system can be
configured
>>> to sent this data back to the puppet server. Various puppet add-ons
>>> offer the ability to create reports based on the data that was sent
back
>>> to the server. For you needs, you will likely need to write a
custom
>>> fact. 
>>>
>>> Here are some links that might be helpful: 
>>>
>>>      Info on facter: 
>>>      http://puppetlabs.com/blog/facter-part-1-facter-101/ 
>>>
>>>      How to do custom facts: 
>>>      http://docs.puppetlabs.com/guides/custom_facts.html 
>>>
>>>      Puppet reporting: 
>>>      http://docs.puppetlabs.com/guides/reporting.html 
>>>
>>> If you don''t use a puppet server, then I think there are
other options
>>> for gathering the reporting data. 
>>>
>>> Sincerely, 
>>> Jason 
>>>
>>>
>>> P.S. My apologies to other posters, but I didn''t see a
clear answer to
>>> the question. 
>>>
>>> On 12/27/2012 03:01 PM, pdiddy wrote: 
>>> > Understood, but is it possible to get it done via puppet?
I''ve
>>> management 
>>> > requirement. 
>>> > 
>>> > On Thursday, December 27, 2012 2:52:31 PM UTC-5, Christopher
Wood
>>> wrote: 
>>> >> You might be better off putting together a custom fact
about this.
>>> Then 
>>> >> you can check fact(s) on the host(s) without trying to 
>>> >> manage-but-not-manage something inside puppet. 
>>> >> 
>>> >> On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote: 
>>> >>>     How do I check content of a file in puppet? 
>>> >>>     ex: I want to see if "PermitRootLogin"
is "no"
>>> >> in /etc/ssh/sshd_config 
>>> >>>     file (RHEL). If it''s "yes" i
want to show it on compliance
>>> report. 
>>> >> For now 
>>> >>>     I don''t want make any changes to the
sshd_config file through
>>> puppet. 
>>> >>>     Here is something I have: 
>>> >>>     define line($file, $line, $ensure =
''present'') {
>>> >>>             $line = "PermitRootLogin no" 
>>> >>>             $file = "/etc/ssh/sshd_config" 
>>> >>>         case $ensure { 
>>> >>>             default : { err ( "unknown ensure
value ${ensure}" ) }
>>> >>>             present: { 
>>> >>>                 warning/flag code: 
>>> >>>                     unless => "/bin/grep
''${line}'' ''${file}''"
>>> >>>                 } 
>>> >>>             } 
>>> >>>     } 
>>> >>> 
>>> >>>     -- 
>>> >>>     You received this message because you are
subscribed to the
>>> Google 
>>> >> Groups 
>>> >>>     "Puppet Users" group. 
>>> >>>     To view this discussion on the web visit 
>>> >>>    
[1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J.
>>> >>>     To post to this group, send email to
puppet...@googlegroups.com<javascript:>.
>>>
>>> >>>     To unsubscribe from this group, send email to 
>>> >>>     puppet-users...@googlegroups.com
<javascript:>.
>>> >>>     For more options, visit this group at 
>>> >>>     http://groups.google.com/group/puppet-users?hl=en.
>>> >>> 
>>> >>> References 
>>> >>> 
>>> >>>     Visible links 
>>> >>>     1.
https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
>>>
>>>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/vvRZCQSRZt8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Any thoughts guys...

On Wednesday, January 2, 2013 11:05:41 AM UTC-5, pdiddy
wrote:
>
> When I build the server I make sure it meets all the compliance 
> requirements (ex: PermitRootLogin, login banner). However, I would like to 
> double check those compliance requirements on daily basis through Puppet 
> (in case someone has changed them). This is an audit requirement.
>
> I was able to write custom facts and now I see "PermitRootLogin"
and
> "login banner" values in node "inventory" list.
>
> I was trying to create same report using following link, but it''s
not
> working
> http://puppetlabs.com/blog/when-puppet-reports-part-2/
>
> dir structure
> ------------------------------------------
> [root@lxpuppet modules]# pwd
> /opt/puppet/share/puppet/modules
> [root@lxpuppet modules]# ls -ltR compliance_report
> compliance_report:
> total 12
> -rw-r--r-- 1 peadmin games  154 Jan  2 10:47 Modulefile
> drwxr-xr-x 2 peadmin games 4096 Jan  2 10:40 manifests
> drwxr-xr-x 3 peadmin games 4096 Jan  2 10:25 lib
>
> compliance_report/manifests:
> total 4
> -rw-r--r-- 1 peadmin games 467 Jan  2 10:40 init.pp
>
> compliance_report/lib:
> total 4
> drwxr-xr-x 3 peadmin games 4096 Jan  2 10:25 puppet
>
> compliance_report/lib/puppet:
> total 4
> drwxr-xr-x 2 peadmin games 4096 Jan  2 10:25 reports
>
> compliance_report/lib/puppet/reports:
> total 0
> -------------------------------------------------------------------
>
>
>
>
> On Friday, December 28, 2012 10:11:16 AM UTC-5, pdiddy wrote:
>>
>> Thanks everyone, I will look into these options...I will write back in 
>> few days...
>>
>> On Friday, December 28, 2012 7:36:31 AM UTC-5, Keiran Sweet wrote:
>>>
>>> Hi,
>>> Although I''ve never used it, this does sound like a task
for the
>>> auditing functionality that was added into Puppet 2.6.
>>> Some information about it can be found here: 
>>> http://puppetlabs.com/blog/all-about-auditing-with-puppet/
>>>
>>> You may also find the Puppet enterprise documentation on audit and 
>>> compliance of some use, as it uses the audit metaparams to achieve
this
>>> functionality.
>>> http://docs.puppetlabs.com/pe/2.7/compliance_basics.html
>>>
>>> From what I understand, you can build your own 
>>> auditing/reporting/compliance tool using your existing puppet
framework and
>>> a modified report processor that fits your needs.
>>>
>>> Hope this helps.
>>>
>>> K
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Thursday, December 27, 2012 10:27:53 PM UTC, Jason Edgecombe
wrote:
>>>>
>>>> Yes, you can do what you want if you already have a puppet
master
>>>> (server) in your puppet environment, but you may need configure
or
>>>> install some add-ons. 
>>>>
>>>> All puppet installations include a tool called
"facter". Facter gathers
>>>> various facts or data about your systems. The system can be
configured
>>>> to sent this data back to the puppet server. Various puppet
add-ons
>>>> offer the ability to create reports based on the data that was
sent
>>>> back 
>>>> to the server. For you needs, you will likely need to write a
custom
>>>> fact. 
>>>>
>>>> Here are some links that might be helpful: 
>>>>
>>>>      Info on facter: 
>>>>      http://puppetlabs.com/blog/facter-part-1-facter-101/ 
>>>>
>>>>      How to do custom facts: 
>>>>      http://docs.puppetlabs.com/guides/custom_facts.html 
>>>>
>>>>      Puppet reporting: 
>>>>      http://docs.puppetlabs.com/guides/reporting.html 
>>>>
>>>> If you don''t use a puppet server, then I think there
are other options
>>>> for gathering the reporting data. 
>>>>
>>>> Sincerely, 
>>>> Jason 
>>>>
>>>>
>>>> P.S. My apologies to other posters, but I didn''t see a
clear answer to
>>>> the question. 
>>>>
>>>> On 12/27/2012 03:01 PM, pdiddy wrote: 
>>>> > Understood, but is it possible to get it done via puppet?
I''ve
>>>> management 
>>>> > requirement. 
>>>> > 
>>>> > On Thursday, December 27, 2012 2:52:31 PM UTC-5,
Christopher Wood
>>>> wrote: 
>>>> >> You might be better off putting together a custom fact
about this.
>>>> Then 
>>>> >> you can check fact(s) on the host(s) without trying to
>>>> >> manage-but-not-manage something inside puppet. 
>>>> >> 
>>>> >> On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy
wrote:
>>>> >>>     How do I check content of a file in puppet? 
>>>> >>>     ex: I want to see if
"PermitRootLogin" is "no"
>>>> >> in /etc/ssh/sshd_config 
>>>> >>>     file (RHEL). If it''s "yes"
i want to show it on compliance
>>>> report. 
>>>> >> For now 
>>>> >>>     I don''t want make any changes to the
sshd_config file through
>>>> puppet. 
>>>> >>>     Here is something I have: 
>>>> >>>     define line($file, $line, $ensure =
''present'') {
>>>> >>>             $line = "PermitRootLogin no"
>>>> >>>             $file =
"/etc/ssh/sshd_config"
>>>> >>>         case $ensure { 
>>>> >>>             default : { err ( "unknown ensure
value ${ensure}" ) }
>>>> >>>             present: { 
>>>> >>>                 warning/flag code: 
>>>> >>>                     unless => "/bin/grep
''${line}'' ''${file}''"
>>>> >>>                 } 
>>>> >>>             } 
>>>> >>>     } 
>>>> >>> 
>>>> >>>     -- 
>>>> >>>     You received this message because you are
subscribed to the
>>>> Google 
>>>> >> Groups 
>>>> >>>     "Puppet Users" group. 
>>>> >>>     To view this discussion on the web visit 
>>>> >>>    
[1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J.
>>>>
>>>> >>>     To post to this group, send email to
puppet...@googlegroups.com<javascript:>.
>>>>
>>>> >>>     To unsubscribe from this group, send email to 
>>>> >>>     puppet-users...@googlegroups.com
<javascript:>.
>>>> >>>     For more options, visit this group at 
>>>> >>>    
http://groups.google.com/group/puppet-users?hl=en.
>>>> >>> 
>>>> >>> References 
>>>> >>> 
>>>> >>>     Visible links 
>>>> >>>     1.
https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
>>>>
>>>>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/rAc9P4HMMgQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

If  you are still looking for an audit/compliance solution, check out 
www.metaforsoftware.com.  We can track daily changes on your servers and 
send alerts when we find diffs from one day to the next.  Can also do large 
scale diffs across servers in a cluster. We''re in free beta and also 
working on an integrated Puppet reporting feature right now.  Let me know 
if you''d like to give it a try.

On Friday, January 4, 2013 7:21:19 AM UTC-8, pdiddy
wrote:
>
> Any thoughts guys...
>
> On Wednesday, January 2, 2013 11:05:41 AM UTC-5, pdiddy wrote:
>>
>> When I build the server I make sure it meets all the compliance 
>> requirements (ex: PermitRootLogin, login banner). However, I would like
to
>> double check those compliance requirements on daily basis through
Puppet
>> (in case someone has changed them). This is an audit requirement.
>>
>> I was able to write custom facts and now I see
"PermitRootLogin" and
>> "login banner" values in node "inventory" list.
>>
>> I was trying to create same report using following link, but
it''s not
>> working
>> http://puppetlabs.com/blog/when-puppet-reports-part-2/
>>
>> dir structure
>> ------------------------------------------
>> [root@lxpuppet modules]# pwd
>> /opt/puppet/share/puppet/modules
>> [root@lxpuppet modules]# ls -ltR compliance_report
>> compliance_report:
>> total 12
>> -rw-r--r-- 1 peadmin games  154 Jan  2 10:47 Modulefile
>> drwxr-xr-x 2 peadmin games 4096 Jan  2 10:40 manifests
>> drwxr-xr-x 3 peadmin games 4096 Jan  2 10:25 lib
>>
>> compliance_report/manifests:
>> total 4
>> -rw-r--r-- 1 peadmin games 467 Jan  2 10:40 init.pp
>>
>> compliance_report/lib:
>> total 4
>> drwxr-xr-x 3 peadmin games 4096 Jan  2 10:25 puppet
>>
>> compliance_report/lib/puppet:
>> total 4
>> drwxr-xr-x 2 peadmin games 4096 Jan  2 10:25 reports
>>
>> compliance_report/lib/puppet/reports:
>> total 0
>> -------------------------------------------------------------------
>>
>>
>>
>>
>> On Friday, December 28, 2012 10:11:16 AM UTC-5, pdiddy wrote:
>>>
>>> Thanks everyone, I will look into these options...I will write back
in
>>> few days...
>>>
>>> On Friday, December 28, 2012 7:36:31 AM UTC-5, Keiran Sweet wrote:
>>>>
>>>> Hi,
>>>> Although I''ve never used it, this does sound like a
task for the
>>>> auditing functionality that was added into Puppet 2.6.
>>>> Some information about it can be found here: 
>>>> http://puppetlabs.com/blog/all-about-auditing-with-puppet/
>>>>
>>>> You may also find the Puppet enterprise documentation on audit
and
>>>> compliance of some use, as it uses the audit metaparams to
achieve this
>>>> functionality.
>>>> http://docs.puppetlabs.com/pe/2.7/compliance_basics.html
>>>>
>>>> From what I understand, you can build your own 
>>>> auditing/reporting/compliance tool using your existing puppet
framework and
>>>> a modified report processor that fits your needs.
>>>>
>>>> Hope this helps.
>>>>
>>>> K
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Thursday, December 27, 2012 10:27:53 PM UTC, Jason Edgecombe
wrote:
>>>>>
>>>>> Yes, you can do what you want if you already have a puppet
master
>>>>> (server) in your puppet environment, but you may need
configure or
>>>>> install some add-ons. 
>>>>>
>>>>> All puppet installations include a tool called
"facter". Facter
>>>>> gathers 
>>>>> various facts or data about your systems. The system can be
configured
>>>>> to sent this data back to the puppet server. Various puppet
add-ons
>>>>> offer the ability to create reports based on the data that
was sent
>>>>> back 
>>>>> to the server. For you needs, you will likely need to write
a custom
>>>>> fact. 
>>>>>
>>>>> Here are some links that might be helpful: 
>>>>>
>>>>>      Info on facter: 
>>>>>      http://puppetlabs.com/blog/facter-part-1-facter-101/ 
>>>>>
>>>>>      How to do custom facts: 
>>>>>      http://docs.puppetlabs.com/guides/custom_facts.html 
>>>>>
>>>>>      Puppet reporting: 
>>>>>      http://docs.puppetlabs.com/guides/reporting.html 
>>>>>
>>>>> If you don''t use a puppet server, then I think
there are other options
>>>>> for gathering the reporting data. 
>>>>>
>>>>> Sincerely, 
>>>>> Jason 
>>>>>
>>>>>
>>>>> P.S. My apologies to other posters, but I didn''t
see a clear answer to
>>>>> the question. 
>>>>>
>>>>> On 12/27/2012 03:01 PM, pdiddy wrote: 
>>>>> > Understood, but is it possible to get it done via
puppet? I''ve
>>>>> management 
>>>>> > requirement. 
>>>>> > 
>>>>> > On Thursday, December 27, 2012 2:52:31 PM UTC-5,
Christopher Wood
>>>>> wrote: 
>>>>> >> You might be better off putting together a custom
fact about this.
>>>>> Then 
>>>>> >> you can check fact(s) on the host(s) without
trying to
>>>>> >> manage-but-not-manage something inside puppet. 
>>>>> >> 
>>>>> >> On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy
wrote:
>>>>> >>>     How do I check content of a file in
puppet?
>>>>> >>>     ex: I want to see if
"PermitRootLogin" is "no"
>>>>> >> in /etc/ssh/sshd_config 
>>>>> >>>     file (RHEL). If it''s
"yes" i want to show it on compliance
>>>>> report. 
>>>>> >> For now 
>>>>> >>>     I don''t want make any changes to
the sshd_config file through
>>>>> puppet. 
>>>>> >>>     Here is something I have: 
>>>>> >>>     define line($file, $line, $ensure =
''present'') {
>>>>> >>>             $line = "PermitRootLogin
no"
>>>>> >>>             $file =
"/etc/ssh/sshd_config"
>>>>> >>>         case $ensure { 
>>>>> >>>             default : { err ( "unknown
ensure value ${ensure}" ) }
>>>>> >>>             present: { 
>>>>> >>>                 warning/flag code: 
>>>>> >>>                     unless =>
"/bin/grep ''${line}'' ''${file}''"
>>>>> >>>                 } 
>>>>> >>>             } 
>>>>> >>>     } 
>>>>> >>> 
>>>>> >>>     -- 
>>>>> >>>     You received this message because you are
subscribed to the
>>>>> Google 
>>>>> >> Groups 
>>>>> >>>     "Puppet Users" group. 
>>>>> >>>     To view this discussion on the web visit 
>>>>> >>>    
[1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J.
>>>>>
>>>>> >>>     To post to this group, send email to 
>>>>> puppet...@googlegroups.com<javascript:>. 
>>>>> >>>     To unsubscribe from this group, send email
to
>>>>> >>>     puppet-users...@googlegroups.com
<javascript:>.
>>>>> >>>     For more options, visit this group at 
>>>>> >>>    
http://groups.google.com/group/puppet-users?hl=en.
>>>>> >>> 
>>>>> >>> References 
>>>>> >>> 
>>>>> >>>     Visible links 
>>>>> >>>     1.
https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J
>>>>>
>>>>>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.