Book Image

Learning Puppet Security

Book Image

Learning Puppet Security

Overview of this book

Table of Contents (17 chapters)
Learning Puppet Security
About the Author
About the Reviewers

Auditing a package

In this example, we'll extend our openssh module to audit the version installed. We'll then downgrade the package so that the version changes. Afterwards, we can verify whether the audit worked as expected.


In a production environment, it would make sense to audit at least the sshd binary along with the package. It's quite possible for the attacker to change the binary without even touching the package. Auditing the package is more useful to find system administrators upgrading packages to unauthorized versions by accident.

Modifying the module to audit

First, make sure the Vagrant machine is running. If you need to restart your Vagrant machine, see the first exercise to get it running.

Once it is running, go ahead and SSH it into the machine. Again, if you need a reference, refer to the earlier chapter.

Now we'll edit the openssh manifest and add the audit parameter. Edit the /etc/puppet/modules/openssh/manifests/init.pp file with your favorite editor. Make sure to use...