[Puppet Users] Re: adding new users to /etc/sudoers

Thanks for the responds Russel, responding to where the sudo class /module is from, I created it any pointers??? On Saturday, March 28, 2015 at 10:40:20 AM UTC-4, Russell Anderson wrote: > > First, the visudo check didn't work otherwise it would have given actual > feedback, not usage info. >

[Puppet Users] Re: Problem with order and ensure_resource.

On Saturday, March 28, 2015 at 9:37:35 AM UTC-5, Nan Liu wrote: > > On Friday, March 27, 2015 at 5:49:54 PM UTC-7, Shawn Sterling wrote: > > > I will avoid any module that uses ensure_resources from this point on. >> > > Isn't that rather drastic, considering it's an issue with one module, and

[Puppet Users] Re: Any pointers to RHEL7 CIS hardening usig puppet

Hi Ash26, Did you manage to get this working in the end or have you figured out another way to implement the CIS benchmarks in some automated fashion? Thanks, Joe. On Monday, February 9, 2015 at 9:57:57 AM UTC, Ash26 wrote: > > arildjensen-cis seems not to have worked for RHEL7 > -- You rec

[Puppet Users] Re: nodes set to environment 'none'

Hello Tim, Do you find a solution ? I have the same problem. Cheers Romain Le samedi 20 septembre 2014 19:56:43 UTC+2, bluethundr a écrit : > > Hey all, > > > For some reason my client nodes are being set to an environment called > 'none'. This causes an error in puppet runs becuase the pupet

Re: [Puppet Users] Any pointers to RHEL7 CIS hardening usig puppet

I believe that making a module out of the CIS Hardening Guidelines is the wrong approach. I implemented RHEL 5 and RHEL 6 hardening throughout my catalog. Specific example: Guidelines for ssh_config and sshd_config are in the ssh moduile. “Sometimes I think the surest sign that intelligent l

Re: [Puppet Users] Any pointers to RHEL7 CIS hardening usig puppet

Hi Dan, Could you expand on why "making a module out of the CIS Hardening Guidelines is the wrong approach". It seems like a good option when the likes of PCI DSS suggest implementing industry standards. Are you referring to the conflicts you end up with when using more specific, and usually more

[Puppet Users] Re: Problem with order and ensure_resource.

On Monday, March 30, 2015 at 6:14:36 AM UTC-7, jcbollinger wrote: > > > > On Saturday, March 28, 2015 at 9:37:35 AM UTC-5, Nan Liu wrote: >> >> On Friday, March 27, 2015 at 5:49:54 PM UTC-7, Shawn Sterling wrote: >> > >> >> I will avoid any module that uses ensure_resources from this point on. >>

Re: [Puppet Users] Any pointers to RHEL7 CIS hardening usig puppet

I will reply to this in detail later today when I have time to gather my references. I did not want you to think I was ignoring you. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” (Bill Waterson: Calvin &

Re: [Puppet Users] Re: adding new users to /etc/sudoers

On 3/30/15 2:50 PM, manyi wrote: > Thanks for the responds Russel, > responding to where the sudo class /module is from, I created it > any pointers??? > > > > On Saturday, March 28, 2015 at 10:40:20 AM UTC-4, Russell Anderson wrote: > > First, the visudo check didn't work otherwise it woul

[Puppet Users] Re: adding new users to /etc/sudoers

I'' check it out thanks Garrett On Friday, March 27, 2015 at 3:24:58 PM UTC-4, manyi wrote: > > Help needed!! > > I am trying to add 2 users to /ect/sudoers john.smith and jane.may > granting privileges to all servers > > *step 1. **modules/user/manifests/init.pp * > > > class user { > > user {

Re: [Puppet Users] Any pointers to RHEL7 CIS hardening usig puppet

On Mon, Mar 30, 2015 at 09:10:03AM -0700, Peter Pickford wrote: >Hi Dan, >Could you expand on why "making a module out of the CIS Hardening >Guidelines is the wrong approach". Not sure what Dan will say and I haven't done it myself. However I have watched another team here produce a h

[Puppet Users] puppet enterprise free eval hardware requirements

geez puppet needs a 'lot' of oomph to spin up the first node Evaluation Environment An evaluation environment is run on a monolithic installation and is suitable for evaluating PE on 250 or fewer nodes. We recommend that your hardware meets the following: - A 4-core server with 6 GB of

[Puppet Users] Re: puppet enterprise free eval hardware requirements

PE version is a robust, monolithic turnkey install. They used to have a community based test VM pair which had much lighter requirements (albeit with less services) but I haven't checked in a long time so it may not be available any longer. On Monday, March 30, 2015 at 3:32:52 PM UTC-7, Vince S

[Puppet Users] Announce: Puppet Server 1.0.8 available!

We're pleased to announce that Puppet Server 1.0.8 is now available. This release is a bug fix / maintenance release in the Puppet Server 1.x series. In accordance with the Semantic Versioning specification, this release contains fixes for bugs reported against the 1.0.2 rel

Re: [Puppet Users] Any pointers to RHEL7 CIS hardening usig puppet

Chris, you make some good points, so I will respond here rather than earlier in the thread. The CIS Benchmarks are guidelines rather than rules. Quoting the overview: "This document, …, provides prescriptive guidance for establishing a secure configuration posture for Red Hat Enterprise Linux

Re: [Puppet Users] Any pointers to RHEL7 CIS hardening usig puppet

Hi Dan, Chris, Many thanks for taking the time to respond, some very useful ideas to ponder. Apologies if this is a bit waffley and repeats itself. Dan's approach is more elegant in the sense that it implements just what is required, but makes me uncomfortable because it distributes hardening im