This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.
If you find any issues, they can be submitted to our JIRA.
This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:
- When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.
- In the future, all SIMP-managed security subsystems will be disabled by default and must be explicitly opted into by administrators. Please review simp/simp_options for details.
This module sets up openscap and allows you to schedule and log openscap runs.
simp/openscap will manage:
- openscap-utils and scap-security-guide packages
simp/openscap::schedule will manage:
- A cron job for openscap runs
- A logging directory for openscap (Default: /var/log/openscap)
The module can support logrotate if simp/logrotate is used. Otherwise, no additional setup is required.
You can install openscap by:
include 'openscap'The following will run a cron job on Monday at 1:30 AM and log to /var/log/openscap:
class { 'openscap':
enable_schedule => true,
}OR
include 'openscap::schedule'class { 'openscap::schedule':
scap_profile => 'xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream',
}class { 'openscap::schedule':
minute => 00,
hour => 22,
weekday => '*',
}class { 'openscap::schedule':
monthday => '1,15',
}class { 'openscap::schedule':
logdir => '/opt/scaplogs',
}Please see the REFERENCE.md.
This module is designed to work in RHEL-compatible environments.
Please read our Contribution Guide.