Question is the goal of the factor output. From my point of view, only CVEs
not implemented in the system are relevant (i.e. for reporting). CVEs
already implemented are not really from interest to me. So if the standard
behavior is, only show facts with CVEs not implemented yet and show all
CVEs only if configured, than there shouldn't be to much facts.
More important is the question how to get the CVEs into the system without
to much manual interaction. I think it could be an idea to check if this
could be generated from openscap.
Regards Thomas
2014-10-13 21:23 GMT+02:00 Trevor Vaughan <tvaug...@onyxpoint.com>:
> Unfortunately, I very much share Felix's fear in getting swamped by facts.
> I mean, there are *thousands* of CVEs.
>
> Good goal though, I'll have to think about this.
>
> Trevor
>
> On Mon, Oct 13, 2014 at 12:41 PM, Garrett Honeycutt <
> g...@garretthoneycutt.com> wrote:
>
>> On 10/13/14 8:59 AM, Trevor Vaughan wrote:
>> > Would it be possible to side-load this into PuppetDB?
>> >
>> > For instance, instead of running the full list of checks with every run
>> > of puppet, have a cron job (or something) that runs the list and feeds
>> > the data directly into PuppetDB for the node.
>> >
>> > That would take the pressure off of each Puppet run but still make the
>> > data available.
>> >
>> > A nifty MCollective plugin for triggering full runs or targeting
>> > specific CVE regexes would be handy for catching things like Shellshock.
>> >
>> > For skipping facts, why not use a JSON/YAML file?
>> >
>> > Trevor
>> >
>>
>> Hi Trevor,
>>
>> Goal is to use facts so vulnerabilities could be determined without
>> Puppet while also working with Puppet and its ecosystem - PuppetDB and
>> MCollective.
>>
>> Good idea on skipping facts using structured data. While that is easy on
>> the fact side to implement in ruby, it seems easier to implement from
>> puppet using either file{} or file_line{} as I want to maintain the
>> ability to specify an array of facts to skip through Hiera.
>>
>> BTW: Could really use help adding code to check for more CVE's :)
>>
>> Best regards,
>> -g
>>
>> --
>> Garrett Honeycutt
>> @learnpuppet
>> Puppet Training with LearnPuppet.com
>> Mobile: +1.206.414.8658
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/543C00CE.1000301%40garretthoneycutt.com
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Trevor Vaughan
> Vice President, Onyx Point, Inc
> (410) 541-6699
> tvaug...@onyxpoint.com
>
> -- This account not approved for unencrypted proprietary information --
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CANs%2BFoUMETU4nmeAjWEvU7R7N2w8LfadLnRyFtv9YcHPQb-mSg%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CANs%2BFoUMETU4nmeAjWEvU7R7N2w8LfadLnRyFtv9YcHPQb-mSg%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
Linux ... enjoy the ride!
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAELoU1Op60qdDYT3LY9fzJsEr%2B1x6cMFPfRD0qHJ96%3DWwJw3uw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
