Forge Home
Premium module


Compliance Enforcement Module for Linux


177 latest version

Version information

  • 1.9.1 (latest)
  • 1.9.0
  • 1.8.0
  • 1.7.1
  • 1.7.0
  • 1.6.3
  • 1.6.2
  • 1.6.1
  • 1.6.0
  • 1.5.2
  • 1.5.1
  • 1.5.0
  • 1.4.3
  • 1.4.2
  • 1.4.1
  • 1.4.0
  • 1.3.2
  • 1.3.1
  • 1.3.0
  • 1.2.0
  • 1.1.4
  • 1.1.3
  • 1.1.2
  • 1.1.1
  • 1.1.0
  • 1.0.0
released Mar 16th 2022
This version is compatible with:
  • Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.23.0 < 8.0.0
  • ,
  • audit_authselect
  • audit_duplicate_gid
  • audit_duplicate_group_names
  • audit_duplicate_uid
  • audit_duplicate_user_names
  • audit_etcpasswd_groups
  • audit_pw_change_date
  • and 15 more. See all tasks


puppetlabs/cem_linux — version 1.1.2 Mar 16th 2022


Table of Contents


Public Classes

Private Classes

  • cem_linux::utils::bootloader::grub2::password: Creates and manages a grub2 password file.
  • cem_linux::utils::bootloader::grub2::permissions: Ensures proper permissions are set on grub2 bootloader

Defined types

Resource types

  • cem_augeasprovider: Dumb Augeas provider type
  • cem_authselect_manage_profile: Sets the active authselect profile. Autorequires: If Puppet is managing the packages authselect, sssd, realm, sssd-ad, `winbindd
  • cem_file_perms: Manages only the permissions of files. This is useful for managing permissions of files that are not managed by a Puppet file resource, such
  • cem_grub_config: Manages global GRUB configuration parameters
  • cem_grub_menuentry: Manages menu entries in the GRUB and GRUB2 systems. NOTE: This may not cover all possible options and some options may apply to either
  • cem_grub_user: Manages GRUB2 Users - Does not apply to GRUB Legacy Note: This type compares against the active GRUB configuration. The contents of the ma
  • cem_kernel_parameter: Manages kernel parameters stored in bootloaders.
  • cem_mounttab: Manages entries in the filesystem table. This is usually, but not necessarily, used in conjunction with the mountpoint type to manage both th
  • cem_pam: Manages settings in an PAM service files. The resource name is a descriptive string only due to the non-uniqueness of any single paramter.
  • cem_shellvar: Manages variables in simple shell scripts.
  • cem_ssh_config: Manages settings in an OpenSSH ssh_config file. The resource name is used for the setting name, but if the host is given, then the name ca
  • cem_sshd_config: Manages settings in an OpenSSH sshd_config file. The resource name is used for the setting name, but if the condition is given, then the n
  • cem_sshd_config_match: Manages Match groups in an OpenSSH sshd_config file.
  • cem_sshd_config_subsystem: Manages Subsystem settings in an OpenSSH sshd_config file.
  • cem_sshkey: Installs and manages ssh host keys. By default, this type will install keys into /etc/ssh/ssh_known_hosts. To manage ssh keys in a differe
  • cem_sysctl: Manages entries in /etc/sysctl.conf.
  • cem_systemwide_crypto_policy: Sets the system-wide crypto policy.
  • inetd_service: a inetd_service type


Public Functions

  • combine_arrays: combine_arrays.rb Combines arrays into a one new array. Exposes options for uniqueness and flatness.
  • conditional_array: conditional_array.rb Builds an array based on conditional assignment. Each argument should be an 2 item array where the first item is a boole
  • grub_mkpasswd_pbkdf2: This function mimics the (grub|grub2)-mkpasswd-pbkdf2 command to generate passwords used with the grub bootloader.
  • has_class: has_class.rb Determines whether a class manifest exists in the current module.
  • is_mutex: is_mutex.rb Returns true if values passed in are mutually exclusive, meaning the other values are Undef (nil). Returns false otherwise.
  • process_firewall_exclusions: process_firewall_exclusions.rb Takes an array of strings and a conditionals hash, usually from a Hiera lookup, and processes the conditional
  • require_one: require_one.rb Returns true is there at least on value passed in is not nil. Returns false otherwise.
  • undef_default: undef_default.rb Takes two params, one is a Puppet class param and the other is a default value. If the Puppet class param is Undef, the defa

Private Functions

  • cem_linux::acpt_test_should_run: This function is only used for Litmus acceptance tests of cem_linux.



Public Plans

Private Plans

  • cem_linux::provision_machines: This plan provisions machines used for Litmus acceptance testing