RyChannel
10/04/2023, 7:00 PMHeston Snodgrass
10/04/2023, 7:06 PMRyChannel
10/04/2023, 7:09 PMHeston Snodgrass
10/04/2023, 7:11 PMRyChannel
10/04/2023, 7:11 PMHeston Snodgrass
10/04/2023, 7:11 PMRyChannel
10/11/2023, 12:32 PMRyChannel
10/26/2023, 11:11 PMzilla
10/27/2023, 8:05 PMRyChannel
11/01/2023, 1:03 PMJerry Way
11/01/2023, 5:35 PMnode default {
contain cis
class { 'comply':
manage_chocolatey => false,
scanner_source => '<https://comply>.<fqdn>:30303/assessor',
windows_manage_wget => false,
win_manage_7zip => false,
}
Class['cis'] -> Class['comply']
}
Jerry Way
11/01/2023, 5:39 PM# comply_windows manifest
class cis::comply_windows {
# Grab 7 zip source, place file on node and install package.
$host_location = 'd:/installer_files' #location on Destination
unless defined(File['installer_location']) {
#copy installer to local disk
file { 'installer_location':
ensure => directory,
path => $host_location,
}
}
# ensure is assumed present
file { $cis::win_7zip_source:
path => "${host_location}/7zip-setup.exe",
source => $cis::win_7zip_source,
}
#Run the exe parameters
package { '7zip':
ensure => $cis::win_7zip_version,
name => "7-Zip ${cis::win_7zip_version} (x64)", #Interpolate version because installer name included version variable
source => "${host_location}/7zip-setup.exe",
install_options => ['/S'],# install options for silent install
require => File[$cis::win_7zip_source], #Type of resource reference is capitalized "File"
}
# wget install
# ensure is assumed present
file { $cis::win_wget_source:
path => 'C:\Windows\system32\wget.exe',
source => $cis::win_wget_source,
}
if $cis::cem_enforced { # default is off
include cem_windows
if $facts['host_description']['role_signifier'] == 'sql' and $cis::cem_sql_enforced {
include cis::comply_sql
}
}
}
We don't do much Linux here so that class is sparse.RyChannel
11/01/2023, 8:01 PMRyChannel
12/07/2023, 9:42 PMRyChannel
12/11/2023, 5:40 PMHeston Snodgrass
12/12/2023, 7:48 PMRyChannel
01/18/2024, 5:16 PMHeston Snodgrass
01/24/2024, 5:21 PMRyChannel
02/06/2024, 1:24 PMzilla
02/14/2024, 11:34 PM0.0.0.0:60
for connections, but I'm not seeing these parameters defined in any compliance profiles. Can someone provide some context for why we need to listen by default?zilla
02/15/2024, 4:22 PMaperna
02/19/2024, 9:14 AMzilla
02/29/2024, 10:17 PMRyChannel
03/04/2024, 8:49 PMRyChannel
03/04/2024, 8:51 PMzilla
03/20/2024, 4:17 PMcem_linux::utils::packages::linux::auditd
isn't being applied (and some others like cem_linux::utils::packages::linux::gnome
). I'm not ignoring them, have I missed some flag that needs to be set to use them?Alvaro Puga
03/26/2024, 9:33 PMaperna
04/05/2024, 8:02 AMRyChannel
04/09/2024, 1:15 PMRyChannel
04/09/2024, 1:16 PM