Hello,
Published puppet-module-cve[1] to act as a framework for adding facts
for specific CVE's that tell you if you are vulnerable to them.
Inspiration came after ShellShock where I saw people had written modules
with corresponding facts exclusively for that exploit. Our community
needs a simple module that is easily extended to test for multiple CVE's
instead of managing a bunch of separate modules that each check for one
exploit.
Each CVE has its own flat fact, such as 'cve_2014_6271'.
$ facter -p cve_2014_6271
not_vulnerable
There is a structured fact, 'cve', that returns a list of all tested
CVE's, all vulnerable CVE's, and all CVE's to which you are not
vulnerable.
$ facter -p --yaml cve
---
cve:
vulnerable:
- cve_666
tested:
- cve_777
- cve_2014_6271
- cve_666
not_vulnerable:
- cve_777
- cve_2014_6271
By default the module is quiet, though you can enable the ability to use
notify{} to alert you to which CVE's you are vulnerable.
Looking forward to your help in adding facts to check for more exploits.
[1] - https://github.com/ghoneycutt/puppet-module-cve
Best regards,
-g
--
Garrett Honeycutt
@learnpuppet
Puppet Training with LearnPuppet.com
Mobile: +1.206.414.8658
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/543853CE.3080001%40garretthoneycutt.com.
For more options, visit https://groups.google.com/d/optout.