Forge Home

openscap

Safely manages openscap

12,998 downloads

184 latest version

4.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 6.8.1 (latest)
  • 6.7.0
  • 6.5.0
  • 6.4.0
  • 6.3.1
  • 6.3.0
  • 6.2.1
  • 6.2.0
  • 6.1.1
  • 6.0.4
  • 6.0.3
  • 6.0.2
  • 6.0.1
  • 4.2.2
  • 4.2.1
released Jan 17th 2024
This version is compatible with:
  • Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
  • Puppet >= 7.0.0 < 9.0.0
  • , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'simp-openscap', '6.8.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add simp-openscap
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install simp-openscap --version 6.8.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: openscap, simp

Documentation

simp/openscap — version 6.8.1 Jan 17th 2024

License CII Best Practices Puppet Forge Puppet Forge Downloads Build Status

Table of Contents

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they can be submitted to our JIRA.

This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:

  • When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.
  • In the future, all SIMP-managed security subsystems will be disabled by default and must be explicitly opted into by administrators. Please review simp/simp_options for details.

Module Description

This module sets up openscap and allows you to schedule and log openscap runs.

Setup

What simp openscap affects

simp/openscap will manage:

  • openscap-utils and scap-security-guide packages

simp/openscap::schedule will manage:

  • A cron job for openscap runs
  • A logging directory for openscap (Default: /var/log/openscap)

Setup Requirements

The module can support logrotate if simp/logrotate is used. Otherwise, no additional setup is required.

Beginning with openscap

You can install openscap by:

include 'openscap'

Usage

I want to install openscap with default logging

The following will run a cron job on Monday at 1:30 AM and log to /var/log/openscap:

class { 'openscap':
  enable_schedule => true,
}

OR

include 'openscap::schedule'

I have a particular SCAP profile I want to use

class { 'openscap::schedule':
  scap_profile => 'xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream',
}

I want to log daily at a set time

class { 'openscap::schedule':
  minute  => 00,
  hour    => 22,
  weekday => '*',
}

I want to log on the first and fifteenth day of the month

class { 'openscap::schedule':
  monthday => '1,15',
}

I want to log to a different directory

class { 'openscap::schedule':
  logdir => '/opt/scaplogs',
}

Reference

Please see the REFERENCE.md.

Limitations

This module is designed to work in RHEL-compatible environments.

Development

Please read our Contribution Guide.