Forge Home

foreman_scap_client

This puppet module configures foreman_scap_client.

3,983 downloads

3,983 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

  1. Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
  2. Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

  • 0.3.22 (latest)
released Aug 21st 2019
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 3.8.7 < 7.0.0
  • , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'rdelcampog-foreman_scap_client', '0.3.22'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add rdelcampog-foreman_scap_client
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install rdelcampog-foreman_scap_client --version 0.3.22

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

rdelcampog/foreman_scap_client — version 0.3.22 Aug 21st 2019

Foreman SCAP client Puppet Module

Foreman SCAP client Puppet Module configures foreman_scap_client to run scans and upload results to foreman proxy.

Configuration

This puppet module will automatically install foreman_scap_client (if not installed) and will configure /etc/foreman_scap_client/config.yaml with parameters which are needed for the operation of foreman_scap_client.

Parameters

  • 'server': configures the proxy server
  • 'port': configures the proxy server's port
  • 'ca_file': path to file of certification authority that issued client's certificate
  • 'host_certificate': path to host certificate, may be puppet agent certificate or katello certificate
  • 'host_private_key': path to host private key, may be puppet agent private key or katello private key
  • 'policies': Array of policies that should be configured
  • 'foreman_repo_rel': add / manage foreman-plugins yum repo and set to release version. Eg '1.14'
  • 'foreman_repo_key': RPM Key source file for foreman-plugins repo. Note: Currently, packages are not signed. Unless set to an alternative file source, URL will be used.
  • 'foreman_repo_src': Alternative baseurl for The Foreman plugins repository
  • 'foreman_repo_gpg_chk': Enable / disable GPG checks. Directly passed to Yumrepo resource
  • 'install_options': Additional options for client package installation
  • 'cron_template': Path to cron template
  • 'cron_splay': Upper limit for splay time when sending reports to proxy
  • 'fetch_remote_resources': Whether client should fetch referenced resources that are remote
  • 'http_proxy_server': HTTP proxy server
  • 'http_proxy_port': HTTP proxy port

For detailed info on the parameters see documentation on manifests/init.pp & manifests/params.pp

Sample Usage

The following example ensures that every week an SCAP audit is executed and the results are sent to proxy at proxy.example.com. The example will automatically attempt to install foreman_scap_client on the system. If you do not wish to use your tailoring file with policy, just pass empty string to "tailoring_path".

class { foreman_scap_client:
  server           => 'proxy.example.com',
  port             => '8443',
  foreman_repo_rel => '1.14',
  foreman_repo_key => '/net/share/foreman-gpg-rpm-key',
  policies         => [{
    "id"                      => 1,
    "hour"                    => "12",
    "minute"                  => "1",
    "month"                   => "*",
    "monthday"                => "*",
    "weekday"                 => "1",
    "profile_id"              => '',
    "content_path"            => '/usr/share/xml/scap/ssg/fedora/ssg-fedora-ds.xml',
    "download_path"           => '/compliance/policies/1/content',
    "tailoring_path"          => '/var/lib/openacap/ssg-fedora-ds-tailored.xml',
    "tailoring_download_path" => "/compliance/policies/1/tailoring"
  }]
}

Usage with foreman_openscap

When using this module together with foreman_openscap, no further configuration should be necessary as values are by Foreman's ENC. However, verify the values for server, port and policies after importing the class; the policies should be <%= @host.policies_enc %>

Releasing on puppet forge

We use project blacksmith to do the release. All you need to do is configuring theforeman credentials in ~/.puppetforge.yml and then call release task from upstream repo like this

bundle exec rake module:release