Version information
This version is compatible with:
- Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 4.7.0 < 6.0.0
Start using this module
Add this module to your Puppetfile:
mod 'icann-nexpose', '0.2.0'Learn more about managing modules with a PuppetfileDocumentation
nexpose
Table of Contents
- Overview
- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with nexpose
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Overview
This module attempts to configuer nexpose basic config
Module Description
The module currently supports configuering the basic web server parmaters of the security console including configuering ldap authentication source. It also adds a new custome type nexpose_host this allows for exporting resources and realising them on the nexpose console
Setup
What nexpose affects
This module is configuered to work with the virtual machine provided by nexpose. The following files are altered during configeration
- /opt/rapid7/nexpose/nsc/conf/httpd.xml (via a template)
- /opt/rapid7/nexpose/nsc/conf/nsc.xml (using augeas)
It also uses the augeas api to add resources directly to the nexpos console. The policy will install the nexpose gem and configure the system for ruby 1.9.3.
If you are using puppet enterprise you will need to install the puppet gem manully with the following command
/opt/puppet/bin/gem install nexpose
We also introduce three custom types
- nexpose_host
- nexpose_site
- nexpose_user
Setup Requirements
- puppetlabs/puppetlabs-ruby
Beginning with nexpose
to configure nexpose with default settings add the following:
class {'::nexpose': }
To configure ldap ad the following to your manifest
class {'::nexpose:ldap':
ldap\_server => 'ldap.example.com',
ldap\_base => 'DC=example,DC=com',
}
To export a resource use the follwing
@@nexpose_host {
$::fqdn:
ensure => present,
site => 'site_name',
require => Nexpose_site['site_name'];
}
And to realise it use
Nexpose\_host <<||>>
To add a site to the nexpose console
nexpose_site {
'site_name'
ensure => present,
description => 'description',
scan_template => 'scan_template',
}
The following scan_templates are supported
- cis
- disa
- dos-audit
- discovery
- aggressive-discovery
- exhaustive-audit
- fdcc-1_2_1_0
- full-audit
- full-audit-without-web-spider
- hipaa-audit
- internet-audit
- linux-rpm
- microsoft-hotfix
- pci-audit
- pentest-audit
- scada
- network-audit
- sox-audit
- usgcb-1_2_1_0
- web-audit
To add a user to the nexpose console
nexpose\_user {
'nxadmin'
ensure => present,
enabled => true,
password => 'nxpassword',
full_name => 'Default User',
role => 'global-admin';
}
If the password is not present then the account will be created with a password of nxpassword. The following roles are supported
- user
- system-admin
- controls-insight-only
- global-admin
- security-manager
- site-admin
Usage
Put the classes, types, and resources for customizing, configuring, and doing the fancy stuff with your module here.
Reference
Here, list the classes, types, providers, facts, etc contained in your module. This section should include all of the under-the-hood workings of your module so people know what the module is touching on their system but don't need to mess with things. (We are working on automating this section!)
Limitations
Only tested with the rapid7 nexpose VM. Currently restarts the nexposeconsole when making changes which takes a long time.
- When using absent with nexpose_host it will remove the host from all templates
- if you change the site property of nexpose_host it will add the host to the new site but it will remain in old site (this should probably be an array however in the back end it creates two devices on the backend so still not convinced)
Development
Any feedback or pull requests welcom
Dependencies
- puppetlabs-stdlib (>= 4.13.0 <5.0.0)
Copyright (c) 2014, b4ldr All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.