Book Image

Learning Puppet Security

By : Jason M Slagle, Jason Slagle
Book Image

Learning Puppet Security

By: Jason M Slagle, Jason Slagle

Overview of this book

Table of Contents (17 chapters)
Learning Puppet Security
About the Author
About the Reviewers

Audit on other resource types

While a file is the most common resource that can be audited, any resource can be audited. This even includes custom types. Additionally, even classes and defines can be audited; however, the mechanism is a bit different. In the case of defines and classes, the meta-parameter is inherited by all of the resources contained in that class or define, but not in any that are included inside it.

The basic mechanism of the audit parameter works in the same way as it does in the file case. You need to specify a list of attributes to monitor and Puppet will persist their state. If the state changes between runs, then it will trigger an audit alert. An example of auditing just the owner and mtime (modified time) attributes of the sshd daemon in /usr/sbin is as follows:

file { '/usr/sbin/ssh':
  audit => [ 'owner', 'mtime' ],

However, as one would expect, the attributes to be audited differ for each type. The package type, for example, only supports auditing the ensure...