Version information
This version is compatible with:
- Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x
- Puppet >= 5.5.10 < 7.0.0
- , , , , , , ,
Tasks:
- backup_assessor
- ciscat_scan
This module is licensed for use with Puppet Enterprise. You may also evaluate this module for up to 90 days.Learn More
Start using this module
Add this module to your Puppetfile:
mod 'puppetlabs-comply', '0.9.0'Learn more about managing modules with a PuppetfileDocumentation
Puppet Comply
Puppet Comply is a tool that assesses the infrastructure you manage with Puppet Enterprise against CIS Benchmarks — the best practices for securely configuring systems from the Center for Internet Security (CIS).
Installing
This Module is required by the Puppet Comply product and should only be used as per the complete install instructions
Obtaining the Product
Reference
Table of Contents
Classes
comply: Installs scarp and ciscat on a nodecomply::scanners::ciscat: Installs a JRE
Classes
comply
Installs scarp and ciscat on a node
Examples
Use defaults
include comply
Mange packages elsewhere
class { 'comply':
linux_manage_unzip => false,
windows_manage_jre8 => false,
}
Parameters
The following parameters are available in the comply class.
linux_manage_unzip
Data type: Boolean
Determines if this module should manage the installation of unzip on Linux
Default value: true
windows_manage_jre8
Data type: Boolean
Determines if this module should manage the installation of jre8 on Windows
Default value: true
scanner_source
Data type: Pattern[/(\d+\.\d+.\d+)/]
This is a file resource so you can use different kinds of file paths. https://puppet.com/docs/puppet/5.5/types/file.html#file-attribute-source Supplies the storage location (URL) for the scanner. Required eg 'https://artifactory.delivery.puppetlabs.net/artifactory/generic__local/compliance/scanners/Assessor-CLI-v4.0.24.zip'
Default value: undef
comply::scanners::ciscat
CIS CAT Pro scanner requies a JRE as a prerequisite
Examples
include comply::scanners::ciscat
Mange packages elsewhere
class { 'comply::ciscat':
linux_manage_unzip => false,
windows_manage_jre8 => false,
}
Parameters
The following parameters are available in the comply::scanners::ciscat class.
linux_manage_unzip
Data type: Boolean
Determines if this module should manage the installation of unzip on Linux
Default value: $comply::linux_manage_unzip
windows_manage_jre8
Data type: Boolean
Determines if this module should manage the installation of jre8 on Windows
Default value: $comply::windows_manage_jre8
scanner_source
Data type: Pattern[/(\d+\.\d+.\d+)/]
Supplies the storage location (URL) for the scanner. Required
Default value: $comply::scanner_source
What are tasks?
Modules can contain tasks that take action outside of a desired state managed by Puppet. It’s perfect for troubleshooting or deploying one-off changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment.
Tasks in this module release
Change log
All notable changes to this project will be documented in this file. The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
v0.9.0 (2020-11-23)
Added
- (CISC-917) remove un-needed files from resultant module #290 (tphoney)
- (CISC-837) adding more OSes to scanner support #283 (tphoney)
- (CISC-762) Add docker pepper secret #275 (HelenCampbell)
- (CISC-845) remove the app_stack class #274 (tphoney)
- (CISC-780) changing to 4.0.24 of the CIS scanner #271 (tphoney)
- (CISC-734) config for secure/insecure report sending #270 (tphoney)
- (CISC-757) adding watcher to the stack #267 (tphoney)
- (CISC-733,CISC-758,CISC-759) Enable Authentication #266 (Ioannis-Karasavvaidis)
- (CISC-723,CISC-726,CISC-727,CISC-729,CISC-730,CISC-731) Get gatekeeper and identity services into our stack #264 (Ioannis-Karasavvaidis)
- (CISC-722) Random Password generator #262 (Ioannis-Karasavvaidis)
- (CISC-743) [module] Docker secrets to store sensitive stack information #261 (Ioannis-Karasavvaidis)
- (CISC-739) Update scarp api base uri. #258 (tphoney)
- (CISC-745) [module] Pass module version to UI #256 (Ioannis-Karasavvaidis)
- (CISC-712) task to allow upgrades of the assessor #255 (tphoney)
- (CISC-655) move to 4.0.23 of the assessor #248 (tphoney)
- (CISC-688) Ciscat scan custom_profile_id and scan_type params #247 (HelenCampbell)
Fixed
- (CISC-893) use certname as a param when pushing reports #292 (tphoney)
- (CISC-893) use certnames not hostnames #291 (tphoney)
- (CISC-844) removing the cis scanner from the module #284 (tphoney)
- (CISC-889) pass the fqdn with the report #281 (tphoney)
- (CISC-862) [Task] task reports back to a hardcoded port. #279 (Ioannis-Karasavvaidis)
- (CISC-794) Fix custom profile usage in ciscat task #268 (eimlav)
- (CISC-740) allow setting of pe tls checks in scarp #265 (tphoney)
- (CISC-744) improve error message/handing for ciscat scan #259 (tphoney)
- (CISC-747) update hasura metadata for profile_rule table #257 (tphoney)
v0.8.0 (2020-09-17)
Added
- (CISC-661,CISC-665) Add graphQL Layer into our stack, import graphql metadata into production #244 (Ioannis-Karasavvaidis)
Fixed
- (CISC-683) ciscat task set java memory options, fqdn match in lowercase #249 (tphoney)
- (CISC-672) Fix path issues in script.sh #245 (eimlav)
v0.7.0 (2020-08-27)
Added
- (CISC-615) Use string for scan_hash in ciscat task #237 (HelenCampbell)
- (CISC-457) ciscat scan task allows a hash of benchmark/profile #229 (tphoney)
- (CISC-491) add release helper action #226 (maxiegit)
Fixed
- (CISC-622) Modify ciscat to negate need to reboot on Windows #238 (eimlav)
- (CISC-402) Add idempotency check for Assessor-CLI installation #235 (eimlav)
v0.6.0 (2020-07-17)
Added
- (CISC-534) add assessor version fact and tests #228 (tphoney)
- (CISC-480) add more ubuntu OSes #225 (tphoney)
Fixed
- (CISC-459) Improve error reporting when Java is not present #224 (da-ar)
- (bugfix) Fix
image\_helper.shissue with Postgres image #223 (da-ar)
v0.5.1 (2020-06-15)
Fixed
v0.5.0 (2020-06-03)
Added
- (feat) Make scarp address configurable #204 (tphoney)
- (CISC-377) add extra oses to scanner matrix #199 (maxiegit)
Fixed
v0.4.0 (2020-05-27)
Added
v0.3.0 (2020-05-14)
Added
- (feat) adding postgres to the application stack #193 (tphoney)
- (CISC-292) Automate comply tar upload #185 (maxiegit)
Fixed
- (bugfix) Limit profile values in ciscat scan task #189 (tom-krieger)
v0.2.1 (2020-04-20)
Added
- (feat) initial commit, of using a single task for scanning and uploading #184 (tphoney)
- (CISC-284) Switch to change log generator #183 (maxiegit)
0.2.0
Initial release of the comply module.
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppet/archive (>= 4.3.0 < 5.0.0)
- puppetlabs/chocolatey (>= 5.0.0 < 6.0.0)
- puppetlabs/inifile (>= 4.1.0 < 5.0.0)
- puppetlabs/java (>= 6.0.1 < 7.0.0)
- puppetlabs/ruby_task_helper (>= 0.4.0 < 1.0.0)
- puppetlabs/stdlib (>= 5.0.0 < 7.0.0)