Forge Home

foreman_scap_client

This puppet module configures foreman_scap_client.

Rubén del Campo

rdelcampog

3,049 downloads

3,049 latest version

5.0 quality score

Version information

  • 0.3.22 (latest)
released Aug 21st 2019
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 3.8.7 < 7.0.0
  • RedHat
    ,
    Debian
    ,
    Ubuntu

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this declaration to your Puppetfile:

mod 'rdelcampog-foreman_scap_client', '0.3.22'
Learn more about managing modules with a Puppetfile

Add this module to a Bolt project:

bolt module add rdelcampog-foreman_scap_client
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install rdelcampog-foreman_scap_client --version 0.3.22

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

rdelcampog/foreman_scap_client — version 0.3.22 Aug 21st 2019

Foreman SCAP client Puppet Module

Foreman SCAP client Puppet Module configures foreman_scap_client to run scans and upload results to foreman proxy.

Configuration

This puppet module will automatically install foreman_scap_client (if not installed) and will configure /etc/foreman_scap_client/config.yaml with parameters which are needed for the operation of foreman_scap_client.

Parameters

  • 'server': configures the proxy server
  • 'port': configures the proxy server's port
  • 'ca_file': path to file of certification authority that issued client's certificate
  • 'host_certificate': path to host certificate, may be puppet agent certificate or katello certificate
  • 'host_private_key': path to host private key, may be puppet agent private key or katello private key
  • 'policies': Array of policies that should be configured
  • 'foreman_repo_rel': add / manage foreman-plugins yum repo and set to release version. Eg '1.14'
  • 'foreman_repo_key': RPM Key source file for foreman-plugins repo. Note: Currently, packages are not signed. Unless set to an alternative file source, URL will be used.
  • 'foreman_repo_src': Alternative baseurl for The Foreman plugins repository
  • 'foreman_repo_gpg_chk': Enable / disable GPG checks. Directly passed to Yumrepo resource
  • 'install_options': Additional options for client package installation
  • 'cron_template': Path to cron template
  • 'cron_splay': Upper limit for splay time when sending reports to proxy
  • 'fetch_remote_resources': Whether client should fetch referenced resources that are remote
  • 'http_proxy_server': HTTP proxy server
  • 'http_proxy_port': HTTP proxy port

For detailed info on the parameters see documentation on manifests/init.pp & manifests/params.pp

Sample Usage

The following example ensures that every week an SCAP audit is executed and the results are sent to proxy at proxy.example.com. The example will automatically attempt to install foreman_scap_client on the system. If you do not wish to use your tailoring file with policy, just pass empty string to "tailoring_path".

class { foreman_scap_client:
  server           => 'proxy.example.com',
  port             => '8443',
  foreman_repo_rel => '1.14',
  foreman_repo_key => '/net/share/foreman-gpg-rpm-key',
  policies         => [{
    "id"                      => 1,
    "hour"                    => "12",
    "minute"                  => "1",
    "month"                   => "*",
    "monthday"                => "*",
    "weekday"                 => "1",
    "profile_id"              => '',
    "content_path"            => '/usr/share/xml/scap/ssg/fedora/ssg-fedora-ds.xml',
    "download_path"           => '/compliance/policies/1/content',
    "tailoring_path"          => '/var/lib/openacap/ssg-fedora-ds-tailored.xml',
    "tailoring_download_path" => "/compliance/policies/1/tailoring"
  }]
}

Usage with foreman_openscap

When using this module together with foreman_openscap, no further configuration should be necessary as values are by Foreman's ENC. However, verify the values for server, port and policies after importing the class; the policies should be <%= @host.policies_enc %>

Releasing on puppet forge

We use project blacksmith to do the release. All you need to do is configuring theforeman credentials in ~/.puppetforge.yml and then call release task from upstream repo like this

bundle exec rake module:release