-
Book Overview & Buying
-
Table Of Contents
Learning Puppet Security
By :
One of the strongest tools in the Puppet compliance tool chest is the concept of the manifest. Since the manifest represents the system's desired state, we can use the data found in it to show what the system looks like.
Consider the following example: you have an audit requirement that says key security-related services and software must be kept up to date. Working with your security team, you've identified a list of packages that fall under this. For the purposes of our example, we'll say they're openssh, kerberos, and openssl.
We can write a manifest that looks like the following, to ensure that this is the case:
class compliance(
$ensure = latest,
$packages = ['openssh', 'kerberos', 'openssl']
) {
package { $packages:
ensure => $ensure,
}
}As we noted earlier, normal practice would dictate that to use the preceding pattern, you would be sourcing these packages from your own local repository and would promote them after testing...
Change the font size
Change margin width
Change background colour