jessereynolds

#!/usr/bin/env ruby

require 'yaml'

report_file = '/opt/puppetlabs/puppet/cache/state/last_run_report.yaml'
report = YAML.parse(File.read(report_file))

# nuke the yaml document tag that sets the ruby object
report.root.tag = ''
report_hash = report.root.to_ruby

jessereynolds

I am encountering the following issue with bundler 1.17.3 and 2.1.4 when executing in a ruby:2.5.8 docker container on Ubuntu 18 with kernel 4.15.0-101-generic. The same project does not exhibit the error on an equivalent container built and run on CentOS 7 with kernel 3.10.0-1127.el7.x86_64.

ArgumentError: could not find a temporary directory
  /usr/local/lib/ruby/2.5.0/tmpdir.rb:35:in `tmpdir'
  /usr/local/lib/ruby/2.5.0/tmpdir.rb:112:in `tmpdir'
  /usr/local/lib/ruby/2.5.0/tmpdir.rb:120:in `create'
  /usr/local/lib/ruby/2.5.0/tmpdir.rb:87:in `mktmpdir'
  /usr/local/bundle/gems/bundler-2.1.4/lib/bundler/compact_index_client/updater.rb:31:in `update'

jessereynolds

---
os_compliance:
  cis_level_1:
    version: cis_sle_12_server_2.1.0
    percent_compliant: 94.7
    counts_by_state:
      compliant: 178
      noncompliant: 10
    number_controls: 188
    controls:

jessereynolds

os_compliance:
  cis_level_1:
    version: cis_windows_2016rtm1607_member_server_1.1.0
    percent_compliant: 21.03448275862069
    percent_implemented: 32.75862068965517
    counts_by_state:
      noncompliant: 34
      compliant: 61
      unimplemented: 195
    number_controls: 290

jessereynolds

# site
$fact = 'site'
Try {$factvalue = $([System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().Name)}
Catch {$factvalue = 'unknown'}
Write-Host "$fact=$factvalue"

# exchange_server
$service = 'Microsoft Exchange*'
$fact = 'exchange_server'
if ((Get-Service -DisplayName "$service" | Measure-Object).Count -gt 5)

jessereynolds

Is nooping the controls which are to be monitored the best way to go? Seems the most conventional / straightforward.

Anyhow, as an operator of a fleet of systems I want to be able to set which CIS sections / controls are to be enforced, and which are to be monitored.

How might this look?

class os_compliance::rule::password_history (
  Enum['enforce','monitor'] $mode = 'monitor',
) {

jessereynolds

Puppet etc Useful Commands and Resources

Puppet Enterprise APIs

Gary's PE Curl Commands Repo: https://github.com/glarizza/pe_curl_requests

Testing Control Repos

Example control repo with automated tests for syntax, style (puppet-lint), and onceover (compilation of all roles defined in the puppet code by dynamic generation of rspec-puppet examples) with CI/CD pipelines configured in GitLab, Travis-CI and Azure DevOps: https://github.com/jessereynolds/control-repo-fbz

jessereynolds

# puppet module install puppet/squid --modulepath ~/modules
# puppet apply proxy.conf --modulepath ~/modules
# curl -v --proxy http://127.0.0.1:3128/ https://puppet.com > /dev/null
#
class { 'squid': }
squid::acl { 'Safe_ports':
  type    => port,
  entries => ['80','443','8140','8142','8143'],
}
squid::http_access { 'Safe_ports':

jessereynolds

Thing	Sydney Z+11	Perth Z+8	Adelaide Z+10.5
Start	10:00	07:00	09:30
Break 1, 15 mins	11:15-11:30	08:15 - 08:30	10:45 - 11:00
Break 2, 30 mins	13:00-13:30	10:00 - 10:30	12:30 - 13:00
Break 3, 30 mins	15:30-16:00	12:30 - 13:00	15:00 - 15:30
End	17:00	14:00	16:30

jessereynolds

#!/bin/bash

# find the latest version here: https://puppet.com/misc/version-history
# release notes: https://puppet.com/docs/pe/latest/release_notes_pe.html
# this script: https://gist.github.com/jessereynolds/750bd4394c42f3ab06dad35a95793073

#version="2019.5.0"
version="latest"

#dist="ubuntu"