Forge Home
Premium module

sce_linux

Security Compliance Enforcement for Linux

62 downloads

62 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Security Compliance Enforcement is a premium feature for Puppet Enterprise and Open Source Puppet

Security Compliance Enforcement uses Puppet policy-as-code (PaC) to enforce security configurations aligned to CIS Benchmarks and DISA STIGs, giving you a leg up on many compliance expectations and streamlining audit prep. In Puppet Enterprise, it is accessed through the included Security Compliance Management Console.

It can be applied to Puppet Enterprise or Open Source Puppet (see the compatibility list below).

Version information

  • 2.0.0 (latest)
released May 7th 2024
This version is compatible with:
  • Puppet Enterprise 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.23.0 < 9.0.0
  • , , , , ,
Tasks:
  • audit_duplicate_gid
  • audit_duplicate_group_names
  • audit_etc_shadow
  • audit_duplicate_uid
  • audit_duplicate_user_names
  • audit_boot
  • audit_check_ipv6
  • and 54 more. See all tasks

Documentation

puppetlabs/sce_linux — version 2.0.0 May 7th 2024

What are tasks?

Modules can contain tasks that take action outside of a desired state managed by Puppet. It’s perfect for troubleshooting or deploying one-off changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment.

Tasks in this module release

audit_approved_services_listening

Report only approved services are listening on a network interface

audit_authselect

Audit authselect profile for RHEL8 and CentOS8

audit_boot

Audit if the system is configured to boot to the command line or to the graphical user interface.

audit_check_ipv6

Audit IPV6 for RHEL8

audit_client_dns

Audit DNS servers configured in /etc/resolv.conf

audit_duplicate_gid

Finds and returns duplicate GIDs in /etc/group

audit_duplicate_group_names

Finds and returns duplicate group names in /etc/group.

audit_duplicate_uid

Finds duplicate UIDs in /etc/passwd and returns the UID and all users that use it

audit_duplicate_user_names

Finds and returns duplicate user names in /etc/passwd.

audit_etc_shadow

Verify if /etc/shadow have empty password fields

audit_etcpasswd_groups

Finds groups that exist in /etc/passwd but do not exist in /etc/group

audit_firewalld_config

Returns the results of firewall-cmd --list-all

audit_for_emergency_accounts

Audit all accounts expiration dates for removal.

audit_journald_log_rotation

Report journald log rotation is configured per site policy

audit_journald_logs_to_rsyslog

Report journald is not configured to send logs to rsyslog

audit_kerberos_keytab_files

List all the keytab files on the system at /etc

audit_library_files

Audit library files permission, ownership, and group ownership

audit_mcafee_endpoint_security

Audit McAfee Endpoint Security for Linux

audit_no_execution_bit_flag

Audit for the no-execution bit flag on the system

audit_partition_crypto

Audit partition cryptography

audit_pkcs11_eventmgr

This task will report on whether the screen is locked or not when using smart card.

audit_pw_change_date

Returns the last password change date for all users

audit_selinux_user_roles

Returns the output of 'semanage user -l' on the target system

audit_sgid_executables

A short description of this task

audit_shadow_group

Finds and returns any users in the shadow group

audit_sshd_installation

Verify if sshd is installed

audit_sshd_status

Report sshd status

audit_sssd_certmap

Audit the existance of sssd certmap configuration

audit_sudo_authentication_timeout

Return the sudo authentication timeout in minutes