Forge Home

openscap

Safely manages openscap

11,386 downloads

1,038 latest version

3.1 quality score

Version information

  • 6.4.0 (latest)
  • 6.3.1
  • 6.3.0
  • 6.2.1
  • 6.2.0
  • 6.1.1
  • 6.0.4
  • 6.0.3
  • 6.0.2
  • 6.0.1
  • 4.2.2
  • 4.2.1
released Jul 20th 2021
This version is compatible with:
  • Puppet Enterprise 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.22.1 < 8.0.0
  • , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'simp-openscap', '6.4.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add simp-openscap
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install simp-openscap --version 6.4.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: openscap, simp

Documentation

simp/openscap — version 6.4.0 Jul 20th 2021

License CII Best Practices Puppet Forge Puppet Forge Downloads Build Status

Table of Contents

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they can be submitted to our JIRA.

This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:

  • When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.
  • In the future, all SIMP-managed security subsystems will be disabled by default and must be explicitly opted into by administrators. Please review simp/simp_options for details.

Module Description

This module sets up openscap and allows you to schedule and log openscap runs.

Setup

What simp openscap affects

simp/openscap will manage:

  • openscap-utils and scap-security-guide packages

simp/openscap::schedule will manage:

  • A cron job for openscap runs
  • A logging directory for openscap (Default: /var/log/openscap)

Setup Requirements

The module can support logrotate if simp/logrotate is used. Otherwise, no additional setup is required.

Beginning with openscap

You can install openscap by:

include 'openscap'

Usage

I want to install openscap with default logging

The following will run a cron job on Monday at 1:30 AM and log to /var/log/openscap:

class { 'openscap':
  enable_schedule => true,
}

OR

include 'openscap::schedule'

I have a particular SCAP profile I want to use

class { 'openscap::schedule':
  scap_profile => 'xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream',
}

I want to log daily at a set time

class { 'openscap::schedule':
  minute  => 00,
  hour    => 22,
  weekday => '*',
}

I want to log on the first and fifteenth day of the month

class { 'openscap::schedule':
  monthday => '1,15',
}

I want to log to a different directory

class { 'openscap::schedule':
  logdir => '/opt/scaplogs',
}

Reference

Please see the REFERENCE.md.

Limitations

This module is designed to work in RHEL-compatible environments.

Development

Please read our Contribution Guide.