As your Puppet Master is a tool that configures your systems, ensuring that it is secure is very important. Puppet can change any facet of the systems under management. Since it can cause great damage to systems as well as create numerous security issues if compromised, it is very important to ensure that your Puppet Master is properly secured. For instance, if your Puppet Master is compromised, it is easy to add a user to every system under management, add that user to sudoers
, and reconfigure SSH to allow the user to log in.
Luckily, Puppet has a fairly secure, out-of-the-box configuration. However, as your environment grows and you use more advanced features, you'd want to review how to secure your Puppet environment.
In this chapter, we'll explore the following aspects of securing your Puppet installation:
Puppet security related configuration files
Puppet SSL configuration
Autosigning Puppet client certificates
At the end of this chapter, you should have a good...