jeff1evesque / cis_benchmark Goto Github PK
View Code? Open in Web Editor NEWPuppet hardening using cis benchmark
Home Page: https://forge.puppet.com/jeff1evesque/cis_benchmark
Puppet hardening using cis benchmark
Home Page: https://forge.puppet.com/jeff1evesque/cis_benchmark
We need to enforce cron related stigs for the raspbian4x operating system.
We need to create a version v2.0.0
base box, which will entail the following enhancements:
Then, we'll need to implement a corresponding switch statement within our Vagrantfile
, which will allow users to choose between the linux operating systems.
We need to enforce cis related stigs for xinetd
, on the raspbian4x operating system.
We will implement a puppet template, to remediate audit.rules
related stig items, for the trusty64 operating system.
We need to create trusty64.yml
, which will contain the default stig implementation for ubuntu 14.04.
Note: this issue is a partial continuation of #3.
We need to make minor stylistic changes (indentation) for our 50-default.conf.erb
template.
We need to make minor stylistic comment changes in rsyslog.conf.erb
.
We need to create raspbian4x.yml
, which will contain the default stig implementation for raspbian4x. Note: this issue is similar to #5.
We will implement a puppet template, to remediate syslog-ng
related stig items, for the raspbian4x operating system.
We need to ensure the rsyslog
daemon is installed, and running on the raspbian4x operating system.
We need to enforce cron related stigs for the centos7x operating system.
We need to add which cis benchmarks are implemented for our corresponding puppet module, within this projects main README.md
. For example, the trusty64 operating system implements the CIS 2.0.0 benchmark. Likewise, we need to make it apparent which benchmarks are used for the other operating systems.
We need to ensure the rsyslog
daemon is installed, and running on the trusty64 operating system.
Our puppet module will have other module dependencies, which need to be included in our README.md
.
We need to fix the following typo within auditd_rules.pp
:
file { '/etc/audit/audit.rules':
ensure => present,
mode => '0640',
owner => 'root',
group => 'root',
template => dos2unix(template('cis/trusty64/audit.rules.erb')),
notify => Exec['restart-auditd'],
}
As well as similar typo's within rsyslog.pp
.
We need to remove the Vagrantfile
, since this puppet module can be tested via the puppet-demonstration project. Therefore, we need to mention this integration within this projects main README.md
.
We need to move the service
directive for cis 4.2.1.1 under the if
condition, within the rsyslog.pp
.
We need to ensure the auditd
daemon is installed, and running on the raspbian4x operating system.
We need to explicitly compare $::apparmor_enabled == 'Y'
in our audit.rules
, and ensure the corresponding apparmor.enabled
returns a value, even if apparmor is not installed.
We will implement a puppet template, to remediate syslog-ng
related stig items, for the centos7x operating system.
We need to enforce cis related stigs for xinetd`, on the trusty64 operating system.
We need to define the group
for the /etc/audit/audit.rules
file, implemented within the trust environment.
We need to enforce cis related stigs for xinetd
, on the centos7x operating system.
We need to ensure the rsyslog
daemon is installed, and running on the centos7x operating system.
We need to enforce permission on all logfiles, for the centos7x operating system.
We will implement a puppet template, to remediate syslog-ng
related stig items, for the trusty64 operating system.
We have some small minor typos within rsyslog.pp
.
We need to enforce ssh related stigs, for the raspbian4x operating system.
We will implement a puppet template, to remediate rsyslog.conf
related stig items, for the raspbian4x operating system.
We need to create centos7x.yml
, which will contain the default stig implementation for centos7x.
Note: this issue is similar to #5.
We need to enforce permission on all logfiles, for the trusty64 operating system.
We will implement a puppet template, to remediate audit.rules
related stig items, for the centos7x operating system.
We need to enforce cron related stigs for the trusty64 operating system.
We need to correctly define our example yaml files.
Since our corresponding fact returns a string, we need to adjust the following from xinetd.pp
, respectively:
...
## apply rules if xinetd installed
if ($xinetd_installed) {
...
We will implement a puppet template, to remediate rsyslog.conf
related stig items, for the trusty64 operating system.
We will implement a puppet template, to remediate rsyslog.conf
related stig items, for the trusty64 operating system.
We need to ensure the auditd
daemon is installed, and running on the centos7x operating system.
We will add an initial Vagrantfile
, which should include a switch statement allowing users to toggle between various operating systems.
Note: it is not certain if we'll be able to implement the raspbian operating system within vagrant.
We need to enforce ssh related stigs, for the centos7x operating system.
We will implement a puppet template, to remediate audit.rules
related stig items, for the raspbian4x operating system.
We need to ensure the auditd
daemon is installed, and running on the trusty64 operating system.
We need to ensure the following directive exists:
## ensure auditd running
service { 'auditd':
ensure => true,
enable => true,
}
We need to enforce pam related stigs, for the centos7x operating system.
We need to enforce permission on all logfiles, for the raspbian4x operating system.
We need to fix the following typos in our trusty.yaml
:
cis_4_2_1_4 = false
cis_4_2_1_5 = false
We need to make a minor typo fix within the docstring of audit.rules.erb
.
We need to enforce ssh related stigs, for the trusty64 operating system.
We need to enable by default CIS 4.1.2, for the trusty 64 operating system.
We forgot to add a <% end %>
closing tag in audit.rules.erb
.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.