Skip to content

jeff1evesque/cis_benchmark

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

367 Commits
doc
doc
 
 
lib/facter
lib/facter
 
 
manifests
manifests
 
 
templates/trusty64
templates/trusty64
 
 
.travis.yml
.travis.yml
 
 
README.md
README.md
 
 
metadata.json
metadata.json
 
 

Repository files navigation

cis-benchmark Build Status

Puppet hardening module premised on cis benchmark:

Note: the puppet numbering scheme, matches the corresponding benchmark.

Dependency

The Puppetfile requires the following:

Execution

Specific rules can be nested under the following yaml keys, of a yaml file defined from the hiera.yaml, of the corresponding puppetserver:

  • [node-certificate]
  • cis_benchmark
  • trusty64

If the yaml key exists, by the name of the nodes certificate (delimited by underscores), then the corresponding cis rules will take precedence. Otherwise, if the cis_benchmark, or the trusty64 yaml key exists, it will load the respective rules.

The following is the Ubuntu 14.04 implementation:

cis_benchmark::trusty64:
    stig:
        cis_1_1_1_1: true
        cis_1_1_1_2: true
        cis_1_1_1_3: true

Note: the params.pp can be further reviewed in order to override default cis rules.

Similar rules can be defined directly in the environment's site.pp, as an alternative approach to the hiera implementation:

class { 'cis_benchmark':
    cis_1_1_1_1 => true,
    cis_1_1_1_2 => true,
    cis_1_1_1_3 => true,
}

Note: the params.pp can be further reviewed in order to override default cis rules.

About

Puppet hardening using cis benchmark

forge.puppet.com/jeff1evesque/cis_benchmark

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 4

Fix params.pp yaml key reference Latest
Aug 20, 2018
+ 3 releases

Packages

No packages published

Languages