you could always write shell to compare a "whitelist" against a dpkg -l listing, or whatever pkg manager you are using. Then have it generate your puppet manifest.. First I would try to figure out how to prevent unwanted packages from being installed in the first place, not removing them after they were installed.
On Tue, May 1, 2012 at 8:04 PM, Christopher Wood <christopher_w...@pobox.com > wrote: > You can install and remove specific packages, but not specify a whitelist. > > (Unless you wanted to do creative things with facts, templates, and > puppetized scripts. I'm assuming you think it's better to hose your server > due to a typo than run with a single unpermitted package. And then how are > you going to deal with the /var/tmp/... style of file-upload packages used > by various script kiddies?) > > On Tue, May 01, 2012 at 01:38:34PM -0700, bainar wrote: > > Can anyone tell me if it is possible to explicitly specify the only > > allowed packages on a host (modules on a node?) - i.e. a white list? > > This is for hardening a VPS in the cloud. > > > > Thanks in advance > > Andrew > > > > -- > > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- *- Shawn Taaj* -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
