Forge Home



5,057 latest version

4.5 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 1.0.2 (latest)
  • 1.0.1 (deleted)
  • 0.0.2
  • 0.0.1
released Oct 18th 2018
This version is compatible with:
  • Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.7.0 < 6.0.0
  • , , , , , , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'abuxton-puppet_audit', '1.0.2'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add abuxton-puppet_audit
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install abuxton-puppet_audit --version 1.0.2

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



abuxton/puppet_audit — version 1.0.2 Oct 18th 2018

####Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with puppet_audit
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module


This module allows you to be alerted of changes to files and directories that you need to audit but do not necessarily want to change.

##Module Description

Puppet has had Tripwire-style functionality for a while, but the previous implementation (using the audit metaparameter in conjunction with the puppet inspect subcommend) had some significant drawbacks. This module provides similar benefits to the puppet inspect method, but does so using regular Puppet resources and reports, so its provides a clean, supported workflow.

It implements a few defined types, puppet_audit::directory, puppet_audit::link, and puppet_audit::file, which will check (but not manage) properties that you assert about the each instantiation of the type. Differences between the desired state and the actual state on the system will trigger a report entry describing the difference, but because each resource has the noop metaparameter set to true, will not change the state of the filesystem.

This is useful if, for example, you work in an environment where a security team is interested in using Puppet for Tripwire / Samhain / Nessus style functionality but does not want to actively manage the files in question, and simply be alerted using Puppet's reporting mechanism if there has been drift.

The puppet_audit module packages 3 defined resource types to check the presence / integrity of sensitive files, directories and symbolic links.

A standalone module which consumes hiera hash data pertinent to files, directories and symbolic links in the following example form:


Install the module from the forge and classify appropriate nodes with a profile class i.e.

Hiera data for example usage:

###What puppet_audit affects

  • Each file, symlink, or directory you want to be informed about needs to have its "correct" properties asserted in the instantiation of its defined type
  • Additionally, for files, the md5 sum needs to be asserted using the $fileMD5 attribute. You can generate this from the system using the md5sum(1) command on Linux systems, the md5 command on Mac OS X, or openssl md5 < *(filename)* on systems which do not have either of these utilities installed.
  • using tags / tagmail?

###Setup Requirements OPTIONAL


###Beginning with puppet_audit

This module expands and abstracts the "Alternate Compliance Workflow" outlined in the Puppet Enterprise documentation.


puppet_audit examples/profiles shows desired usage. ##Reference

Please see: for information on encapsulating data in hiera hashes.


  • The files, links and directories you create using puppet_audit cannot also be managed in other parts of your Puppet configuration as regular resources; doing so will cause a "duplicate resource" error.
  • This module has been tested on Darwin [OSX] and Centos 6.5. Although it simply leverages Puppet resources in a known pattern.


Contributions welcome!

Only the list of files, directories and symlinks specified in the appropriate hiera hashes.

##Release Notes/Contributors/Etc

abuxton dbmoore trlinkin