diff --git a/.plan_cache.json b/.plan_cache.json index fcb99fbd..fdbad3f8 100644 --- a/.plan_cache.json +++ b/.plan_cache.json @@ -1 +1 @@ -{"aggregate::count":{"name":"aggregate::count","description":"Run a task, command, or script on targets and aggregate the results as\na count of targets for each value of a key.","parameters":{"command":{"type":"Optional[String[0]]","sensitive":false,"default_value":"undef","description":"The command to run. Mutually exclusive with script and task."},"script":{"type":"Optional[String[0]]","sensitive":false,"default_value":"undef","description":"The path to the script to run. Mutually exclusive with command and task."},"task":{"type":"Optional[String[0]]","sensitive":false,"default_value":"undef","description":"The name of the task to run. Mutually exclusive with command and script."},"targets":{"type":"TargetSpec","sensitive":false,"description":"The list of targets to run the action on."},"params":{"type":"Hash[String, Data]","sensitive":false,"default_value":"{}","description":"A hash of parameters and options to pass to the `run_*` function\nassociated with the action (e.g. run_task)."}},"module":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/aggregate","private":false,"summary":"Run a task, command, or script on targets and aggregate the results as\na count of targets for each value of a key.","docstring":"This plan accepts an action and a list of targets. The action can be the name\nof a task, a script, or a command to run. It will run the action on the\ntargets and aggregate the key/value pairs in each Result into a hash, mapping\nthe keys to a hash of each distinct value and how many targets returned that\nvalue for the key."},"aggregate::targets":{"name":"aggregate::targets","description":"Run a task, command, or script on targets and aggregate the results as\nthe list of targets for each value of a key in the results.","parameters":{"command":{"type":"Optional[String[0]]","sensitive":false,"default_value":"undef","description":"The command to run. Mutually exclusive with script and task."},"script":{"type":"Optional[String[0]]","sensitive":false,"default_value":"undef","description":"The path to the script to run. Mutually exclusive with command and task."},"task":{"type":"Optional[String[0]]","sensitive":false,"default_value":"undef","description":"The name of the task to run. Mutually exclusive with command and script."},"targets":{"type":"TargetSpec","sensitive":false,"description":"The list of targets to run the action on."},"params":{"type":"Hash[String, Data]","sensitive":false,"default_value":"{}","description":"A hash of parameters and options to pass to the `run_*` function\nassociated with the action (e.g. run_task)."}},"module":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/aggregate","private":false,"summary":"Run a task, command, or script on targets and aggregate the results as\nthe list of targets for each value of a key in the results.","docstring":"This plan accepts an action and a list of targets. The action can be the name\nof a task, a script, or a command to run. It will run the action on the\ntargets and aggregate the key/value pairs in each Result into a hash, mapping\nthe keys to a hash of each distinct value and a list of targets returning that\nvalue."},"canary":{"name":"canary","description":"Run a task, command or script on canary targets before running it on all targets.","parameters":{"task":{"type":"Optional[String[0]]","sensitive":false,"default_value":"undef","description":"The name of the task to run. Mutually exclusive with command and script."},"command":{"type":"Optional[String[0]]","sensitive":false,"default_value":"undef","description":"The command to run. Mutually exclusive with task and script."},"script":{"type":"Optional[String[0]]","sensitive":false,"default_value":"undef","description":"The script to run. Mutually exclusive with task and command."},"targets":{"type":"TargetSpec","sensitive":false,"description":"The target to run on."},"params":{"type":"Hash[String, Data]","sensitive":false,"default_value":"{}","description":"The parameters to use for the task."},"canary_size":{"type":"Integer","sensitive":false,"default_value":"1","description":"How many targets to use in the canary group."}},"module":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/canary","private":false,"summary":"Run a task, command or script on canary targets before running it on all targets.","docstring":"This plan accepts a action and a $targets parameter. The action can be the name\nof a task, a script or a command to run. It will run the action on a canary\ngroup of targets and only continue to the rest of the targets if it succeeds on\nall canaries. This returns a ResultSet object with a Result for every target.\nAny skipped targets will have a 'canary/skipped-target' error kind."},"facts":{"name":"facts","description":"A plan that retrieves facts and stores in the inventory for the\nspecified targets.","parameters":{"targets":{"type":"TargetSpec","sensitive":false,"description":"List of targets to retrieve the facts for."}},"module":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/facts","private":false,"summary":"A plan that retrieves facts and stores in the inventory for the\nspecified targets.","docstring":null},"facts::external":{"name":"facts::external","description":"A plan that generates external facts based on the provided modulepath and\nsets facts on specified targets.","parameters":{"path":{"type":"String","sensitive":false,"description":"The path to the directory on localhost containing external facts"},"targets":{"type":"TargetSpec","sensitive":false,"description":"The targest the collect and set facts on"}},"module":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/facts","private":false,"summary":"A plan that generates external facts based on the provided modulepath and\nsets facts on specified targets.","docstring":null},"facts::info":{"name":"facts::info","description":"A plan that prints basic OS information for the specified targets. It first\nruns the facts task to retrieve facts from the targets, then compiles the\ndesired OS information from the os fact value of each targets. This plan primarily\nprovides readable formatting, and ignores targets that error.","parameters":{"targets":{"type":"TargetSpec","sensitive":false,"description":"List of the targets for which to print the OS information."}},"module":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/facts","private":false,"summary":"A plan that prints basic OS information for the specified targets. It first\nruns the facts task to retrieve facts from the targets, then compiles the\ndesired OS information from the os fact value of each targets. This plan primarily\nprovides readable formatting, and ignores targets that error.","docstring":null},"lvm::expand":{"name":"lvm::expand","description":"lvm::expand\n\nThis plan implements an opinionated method for expanding storage on servers\nthat use LVM. If this doesn't fit your needs, simply tie the tasks together\nin some way that does.","parameters":{"server":{"type":"String","sensitive":false,"description":"The target for the plan"},"volume_group":{"type":"String","sensitive":false,"description":"The volume group to which the logical volume belongs"},"logical_volume":{"type":"String","sensitive":false,"description":"The logical volume which is to be expanded"},"additional_size":{"type":"String","sensitive":false,"description":"How much size to add to the LV. This should be\nspecified in LVM format i.e. \"200m\" or \"2.5g\""},"disks":{"type":"Array[String]","sensitive":false,"default_value":"[]","description":"Any physical disks that should be added to the volume group as\npart of the expand process"},"resize_fs":{"type":"Boolean","sensitive":false,"default_value":"true","description":"Wheather or not to resize the filesystem"}},"module":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/lvm","private":false,"summary":null,"docstring":"lvm::expand\n\nThis plan implements an opinionated method for expanding storage on servers\nthat use LVM. If this doesn't fit your needs, simply tie the tasks together\nin some way that does."},"ntp::acceptance::pe_agent":{"name":"ntp::acceptance::pe_agent","description":"Install PE","parameters":{},"module":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/ntp","private":false,"summary":"Install PE","docstring":"Install PE Agent"},"ntp::acceptance::pe_server":{"name":"ntp::acceptance::pe_server","description":"Install PE Server","parameters":{"version":{"type":"Optional[String]","sensitive":false,"default_value":"'2019.8.5'"},"pe_settings":{"type":"Optional[Hash]","sensitive":false,"default_value":"{ password => 'puppetlabs' }"}},"module":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/ntp","private":false,"summary":"Install PE Server","docstring":"Install PE Server"},"ntp::acceptance::provision_integration":{"name":"ntp::acceptance::provision_integration","description":"Provisions machines","parameters":{"image":{"type":"Optional[String]","sensitive":false,"default_value":"'centos-7'"},"provision_type":{"type":"Optional[String]","sensitive":false,"default_value":"'provision_service'"}},"module":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/ntp","private":false,"summary":"Provisions machines","docstring":"Provisions machines for integration testing"},"puppet_agent::run":{"name":"puppet_agent::run","description":"Starts a Puppet agent run on the specified targets.\nNote: This plan may cause issues when run in Puppet Enterprise.","parameters":{"targets":{"type":"TargetSpec","sensitive":false,"description":"The targets to start a Puppet agent run on."}},"module":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/puppet_agent","private":false,"summary":null,"docstring":"Starts a Puppet agent run on the specified targets.\nNote: This plan may cause issues when run in Puppet Enterprise."},"puppet_connect::test_input_data":{"name":"puppet_connect::test_input_data","description":"Tests that the provided Puppet Connect input data is complete, meaning that all consuming inventory targets are connectable.\nYou should run this plan with the following command:\n PUPPET_CONNECT_INPUT_DATA=/path/to/input_data.yaml bolt plan run puppet_connect::test_input_data\nwhere /path/to/input_data.yaml is the path to the input_data.yaml file containing the key-value input for the\npuppet_connect_data plugin. If the plan fails on some targets, then you can use Bolt's --rerun option to rerun the plan on\njust the failed targets:\n PUPPET_CONNECT_INPUT_DATA=/path/to/input_data.yaml bolt plan run puppet_connect::test_input_data --rerun failure\nNote that this plan should only be used as part of the copy-pastable \"test input data\" workflow specified in the Puppet\nConnect docs.","parameters":{"targets":{"type":"TargetSpec","sensitive":false,"default_value":"'all'","description":"The set of targets to test. Usually this should be 'all', the default."}},"module":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/puppet_connect","private":false,"summary":"Tests that the provided Puppet Connect input data is complete, meaning that all consuming inventory targets are connectable.\nYou should run this plan with the following command:\n PUPPET_CONNECT_INPUT_DATA=/path/to/input_data.yaml bolt plan run puppet_connect::test_input_data\nwhere /path/to/input_data.yaml is the path to the input_data.yaml file containing the key-value input for the\npuppet_connect_data plugin. If the plan fails on some targets, then you can use Bolt's --rerun option to rerun the plan on\njust the failed targets:\n PUPPET_CONNECT_INPUT_DATA=/path/to/input_data.yaml bolt plan run puppet_connect::test_input_data --rerun failure\nNote that this plan should only be used as part of the copy-pastable \"test input data\" workflow specified in the Puppet\nConnect docs.","docstring":"the targets. Note that this query currently consists of running the 'echo'\ncommand."},"puppetdb_fact":{"name":"puppetdb_fact","description":"Collect facts for the specified targets from PuppetDB and store them\non the Targets.","parameters":{"targets":{"type":"TargetSpec","sensitive":false,"description":"The targets to collect facts for."}},"module":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/puppetdb_fact","private":false,"summary":"Collect facts for the specified targets from PuppetDB and store them\non the Targets.","docstring":"This plan accepts a list of targets to collect facts for from the configured\nPuppetDB connection. After collecting facts, they are stored on each target's\nTarget object. The updated facts can then be accessed using `$target.facts`."},"reboot":{"name":"reboot","description":"Reboots targets and waits for them to be available again.","parameters":{"targets":{"type":"TargetSpec","sensitive":false,"description":"Targets to reboot."},"message":{"type":"Optional[String]","sensitive":false,"default_value":"undef","description":"Message to log with the reboot (for platforms that support it)."},"reboot_delay":{"type":"Integer[1]","sensitive":false,"default_value":"1","description":"How long (in seconds) to wait before rebooting. Defaults to 1."},"disconnect_wait":{"type":"Integer[0]","sensitive":false,"default_value":"10","description":"How long (in seconds) to wait before checking whether the server has rebooted. Defaults to 10."},"reconnect_timeout":{"type":"Integer[0]","sensitive":false,"default_value":"180","description":"How long (in seconds) to attempt to reconnect before giving up. Defaults to 180."},"retry_interval":{"type":"Integer[0]","sensitive":false,"default_value":"1","description":"How long (in seconds) to wait between retries. Defaults to 1."},"fail_plan_on_errors":{"type":"Boolean","sensitive":false,"default_value":"true","description":"Raise an error if any targets do not successfully reboot. Defaults to true."}},"module":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/reboot","private":false,"summary":null,"docstring":"Reboots targets and waits for them to be available again."},"secure_env_vars":{"name":"secure_env_vars","description":"Run a command or script with sensitive environment variables.\nEnvironment variables are loaded from the BOLT_ENV_VARS environment\nvariable, which is a JSON object mapping environment variable names\nto values.","parameters":{"targets":{"type":"TargetSpec","sensitive":false,"description":"The targets to run the command or script on."},"command":{"type":"Optional[String]","sensitive":false,"default_value":"undef","description":"The command to run."},"script":{"type":"Optional[String]","sensitive":false,"default_value":"undef","description":"The script to run. This can be either a relative path, absolute path, or a file from a module."}},"module":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/secure_env_vars","private":false,"summary":null,"docstring":"Run a command or script with sensitive environment variables.\nEnvironment variables are loaded from the BOLT_ENV_VARS environment\nvariable, which is a JSON object mapping environment variable names\nto values."},"secure_linux_cis":{"name":"secure_linux_cis","description":null,"parameters":{"targets":{"type":"TargetSpec","sensitive":false},"time_servers":{"type":"Array[Stdlib::Host]","sensitive":false,"default_value":"['time.google.com']"},"profile_type":{"type":"Enum['workstation', 'server']","sensitive":false,"default_value":"'server'"}},"module":"/Users/bryanbelanger/projects/secure_linux_cis","private":false,"summary":null,"docstring":null,"file":{"mtime":"2022-11-15 23:44:07 -0500","path":"/Users/bryanbelanger/projects/secure_linux_cis/plans/init.pp"}},"terraform::apply":{"name":"terraform::apply","description":null,"parameters":{"dir":{"type":"Optional[String[1]]","sensitive":false,"default_value":"undef"},"state":{"type":"Optional[String[1]]","sensitive":false,"default_value":"undef"},"state_out":{"type":"Optional[String[1]]","sensitive":false,"default_value":"undef"},"target":{"type":"Optional[Variant[String[1], Array[String[1]]]]","sensitive":false,"default_value":"undef"},"var":{"type":"Optional[Hash]","sensitive":false,"default_value":"undef"},"var_file":{"type":"Optional[Variant[String[1], Array[String[1]]]]","sensitive":false,"default_value":"undef"},"return_output":{"type":"Optional[Boolean]","sensitive":false,"default_value":"false"}},"module":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/terraform","private":false,"summary":null,"docstring":null},"terraform::destroy":{"name":"terraform::destroy","description":null,"parameters":{"dir":{"type":"Optional[String[1]]","sensitive":false,"default_value":"undef"},"state":{"type":"Optional[String[1]]","sensitive":false,"default_value":"undef"},"state_out":{"type":"Optional[String[1]]","sensitive":false,"default_value":"undef"},"target":{"type":"Optional[Variant[String[1], Array[String[1]]]]","sensitive":false,"default_value":"undef"},"var":{"type":"Optional[Hash]","sensitive":false,"default_value":"undef"},"var_file":{"type":"Optional[Variant[String[1], Array[String[1]]]]","sensitive":false,"default_value":"undef"}},"module":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/terraform","private":false,"summary":null,"docstring":null}} \ No newline at end of file +{"aggregate::count":{"name":"aggregate::count","description":"Run a task, command, or script on targets and aggregate the results as\na count of targets for each value of a key.","parameters":{"command":{"type":"Optional[String[0]]","sensitive":false,"default_value":"undef","description":"The command to run. Mutually exclusive with script and task."},"script":{"type":"Optional[String[0]]","sensitive":false,"default_value":"undef","description":"The path to the script to run. Mutually exclusive with command and task."},"task":{"type":"Optional[String[0]]","sensitive":false,"default_value":"undef","description":"The name of the task to run. Mutually exclusive with command and script."},"targets":{"type":"TargetSpec","sensitive":false,"description":"The list of targets to run the action on."},"params":{"type":"Hash[String, Data]","sensitive":false,"default_value":"{}","description":"A hash of parameters and options to pass to the `run_*` function\nassociated with the action (e.g. run_task)."}},"module":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/aggregate","private":false,"summary":"Run a task, command, or script on targets and aggregate the results as\na count of targets for each value of a key.","docstring":"This plan accepts an action and a list of targets. The action can be the name\nof a task, a script, or a command to run. It will run the action on the\ntargets and aggregate the key/value pairs in each Result into a hash, mapping\nthe keys to a hash of each distinct value and how many targets returned that\nvalue for the key."},"aggregate::targets":{"name":"aggregate::targets","description":"Run a task, command, or script on targets and aggregate the results as\nthe list of targets for each value of a key in the results.","parameters":{"command":{"type":"Optional[String[0]]","sensitive":false,"default_value":"undef","description":"The command to run. Mutually exclusive with script and task."},"script":{"type":"Optional[String[0]]","sensitive":false,"default_value":"undef","description":"The path to the script to run. Mutually exclusive with command and task."},"task":{"type":"Optional[String[0]]","sensitive":false,"default_value":"undef","description":"The name of the task to run. Mutually exclusive with command and script."},"targets":{"type":"TargetSpec","sensitive":false,"description":"The list of targets to run the action on."},"params":{"type":"Hash[String, Data]","sensitive":false,"default_value":"{}","description":"A hash of parameters and options to pass to the `run_*` function\nassociated with the action (e.g. run_task)."}},"module":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/aggregate","private":false,"summary":"Run a task, command, or script on targets and aggregate the results as\nthe list of targets for each value of a key in the results.","docstring":"This plan accepts an action and a list of targets. The action can be the name\nof a task, a script, or a command to run. It will run the action on the\ntargets and aggregate the key/value pairs in each Result into a hash, mapping\nthe keys to a hash of each distinct value and a list of targets returning that\nvalue."},"canary":{"name":"canary","description":"Run a task, command or script on canary targets before running it on all targets.","parameters":{"task":{"type":"Optional[String[0]]","sensitive":false,"default_value":"undef","description":"The name of the task to run. Mutually exclusive with command and script."},"command":{"type":"Optional[String[0]]","sensitive":false,"default_value":"undef","description":"The command to run. Mutually exclusive with task and script."},"script":{"type":"Optional[String[0]]","sensitive":false,"default_value":"undef","description":"The script to run. Mutually exclusive with task and command."},"targets":{"type":"TargetSpec","sensitive":false,"description":"The target to run on."},"params":{"type":"Hash[String, Data]","sensitive":false,"default_value":"{}","description":"The parameters to use for the task."},"canary_size":{"type":"Integer","sensitive":false,"default_value":"1","description":"How many targets to use in the canary group."}},"module":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/canary","private":false,"summary":"Run a task, command or script on canary targets before running it on all targets.","docstring":"This plan accepts a action and a $targets parameter. The action can be the name\nof a task, a script or a command to run. It will run the action on a canary\ngroup of targets and only continue to the rest of the targets if it succeeds on\nall canaries. This returns a ResultSet object with a Result for every target.\nAny skipped targets will have a 'canary/skipped-target' error kind."},"facts":{"name":"facts","description":"A plan that retrieves facts and stores in the inventory for the\nspecified targets.","parameters":{"targets":{"type":"TargetSpec","sensitive":false,"description":"List of targets to retrieve the facts for."}},"module":"/root/test/secure_linux_cis/.modules/facts","private":false,"summary":"A plan that retrieves facts and stores in the inventory for the\nspecified targets.","docstring":null},"facts::external":{"name":"facts::external","description":"A plan that generates external facts based on the provided modulepath and\nsets facts on specified targets.","parameters":{"path":{"type":"String","sensitive":false,"description":"The path to the directory on localhost containing external facts"},"targets":{"type":"TargetSpec","sensitive":false,"description":"The targest the collect and set facts on"}},"module":"/root/test/secure_linux_cis/.modules/facts","private":false,"summary":"A plan that generates external facts based on the provided modulepath and\nsets facts on specified targets.","docstring":null},"facts::info":{"name":"facts::info","description":"A plan that prints basic OS information for the specified targets. It first\nruns the facts task to retrieve facts from the targets, then compiles the\ndesired OS information from the os fact value of each targets. This plan primarily\nprovides readable formatting, and ignores targets that error.","parameters":{"targets":{"type":"TargetSpec","sensitive":false,"description":"List of the targets for which to print the OS information."}},"module":"/root/test/secure_linux_cis/.modules/facts","private":false,"summary":"A plan that prints basic OS information for the specified targets. It first\nruns the facts task to retrieve facts from the targets, then compiles the\ndesired OS information from the os fact value of each targets. This plan primarily\nprovides readable formatting, and ignores targets that error.","docstring":null},"lvm::expand":{"name":"lvm::expand","description":"lvm::expand\n\nThis plan implements an opinionated method for expanding storage on servers\nthat use LVM. If this doesn't fit your needs, simply tie the tasks together\nin some way that does.","parameters":{"server":{"type":"String","sensitive":false,"description":"The target for the plan"},"volume_group":{"type":"String","sensitive":false,"description":"The volume group to which the logical volume belongs"},"logical_volume":{"type":"String","sensitive":false,"description":"The logical volume which is to be expanded"},"additional_size":{"type":"String","sensitive":false,"description":"How much size to add to the LV. This should be\nspecified in LVM format i.e. \"200m\" or \"2.5g\""},"disks":{"type":"Array[String]","sensitive":false,"default_value":"[]","description":"Any physical disks that should be added to the volume group as\npart of the expand process"},"resize_fs":{"type":"Boolean","sensitive":false,"default_value":"true","description":"Wheather or not to resize the filesystem"}},"module":"/root/test/secure_linux_cis/.modules/lvm","private":false,"summary":null,"docstring":"lvm::expand\n\nThis plan implements an opinionated method for expanding storage on servers\nthat use LVM. If this doesn't fit your needs, simply tie the tasks together\nin some way that does."},"ntp::acceptance::pe_agent":{"name":"ntp::acceptance::pe_agent","description":"Install PE","parameters":{},"module":"/root/test/secure_linux_cis/.modules/ntp","private":false,"summary":"Install PE","docstring":"Install PE Agent"},"ntp::acceptance::pe_server":{"name":"ntp::acceptance::pe_server","description":"Install PE Server","parameters":{"version":{"type":"Optional[String]","sensitive":false,"default_value":"'2019.8.5'"},"pe_settings":{"type":"Optional[Hash]","sensitive":false,"default_value":"{ password => 'puppetlabs' }"}},"module":"/root/test/secure_linux_cis/.modules/ntp","private":false,"summary":"Install PE Server","docstring":"Install PE Server"},"ntp::acceptance::provision_integration":{"name":"ntp::acceptance::provision_integration","description":"Provisions machines","parameters":{"image":{"type":"Optional[String]","sensitive":false,"default_value":"'centos-7'"},"provision_type":{"type":"Optional[String]","sensitive":false,"default_value":"'provision_service'"}},"module":"/root/test/secure_linux_cis/.modules/ntp","private":false,"summary":"Provisions machines","docstring":"Provisions machines for integration testing"},"puppet_agent::run":{"name":"puppet_agent::run","description":"Starts a Puppet agent run on the specified targets.\nNote: This plan may cause issues when run in Puppet Enterprise.","parameters":{"targets":{"type":"TargetSpec","sensitive":false,"description":"The targets to start a Puppet agent run on."}},"module":"/root/test/secure_linux_cis/.modules/puppet_agent","private":false,"summary":null,"docstring":"Starts a Puppet agent run on the specified targets.\nNote: This plan may cause issues when run in Puppet Enterprise."},"puppet_connect::test_input_data":{"name":"puppet_connect::test_input_data","description":"Tests that the provided Puppet Connect input data is complete, meaning that all consuming inventory targets are connectable.\nYou should run this plan with the following command:\n PUPPET_CONNECT_INPUT_DATA=/path/to/input_data.yaml bolt plan run puppet_connect::test_input_data\nwhere /path/to/input_data.yaml is the path to the input_data.yaml file containing the key-value input for the\npuppet_connect_data plugin. If the plan fails on some targets, then you can use Bolt's --rerun option to rerun the plan on\njust the failed targets:\n PUPPET_CONNECT_INPUT_DATA=/path/to/input_data.yaml bolt plan run puppet_connect::test_input_data --rerun failure\nNote that this plan should only be used as part of the copy-pastable \"test input data\" workflow specified in the Puppet\nConnect docs.","parameters":{"targets":{"type":"TargetSpec","sensitive":false,"default_value":"'all'","description":"The set of targets to test. Usually this should be 'all', the default."}},"module":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/puppet_connect","private":false,"summary":"Tests that the provided Puppet Connect input data is complete, meaning that all consuming inventory targets are connectable.\nYou should run this plan with the following command:\n PUPPET_CONNECT_INPUT_DATA=/path/to/input_data.yaml bolt plan run puppet_connect::test_input_data\nwhere /path/to/input_data.yaml is the path to the input_data.yaml file containing the key-value input for the\npuppet_connect_data plugin. If the plan fails on some targets, then you can use Bolt's --rerun option to rerun the plan on\njust the failed targets:\n PUPPET_CONNECT_INPUT_DATA=/path/to/input_data.yaml bolt plan run puppet_connect::test_input_data --rerun failure\nNote that this plan should only be used as part of the copy-pastable \"test input data\" workflow specified in the Puppet\nConnect docs.","docstring":"the targets. Note that this query currently consists of running the 'echo'\ncommand."},"puppetdb_fact":{"name":"puppetdb_fact","description":"Collect facts for the specified targets from PuppetDB and store them\non the Targets.","parameters":{"targets":{"type":"TargetSpec","sensitive":false,"description":"The targets to collect facts for."}},"module":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/puppetdb_fact","private":false,"summary":"Collect facts for the specified targets from PuppetDB and store them\non the Targets.","docstring":"This plan accepts a list of targets to collect facts for from the configured\nPuppetDB connection. After collecting facts, they are stored on each target's\nTarget object. The updated facts can then be accessed using `$target.facts`."},"reboot":{"name":"reboot","description":"Reboots targets and waits for them to be available again.","parameters":{"targets":{"type":"TargetSpec","sensitive":false,"description":"Targets to reboot."},"message":{"type":"Optional[String]","sensitive":false,"default_value":"undef","description":"Message to log with the reboot (for platforms that support it)."},"reboot_delay":{"type":"Integer[1]","sensitive":false,"default_value":"1","description":"How long (in seconds) to wait before rebooting. Defaults to 1."},"disconnect_wait":{"type":"Integer[0]","sensitive":false,"default_value":"10","description":"How long (in seconds) to wait before checking whether the server has rebooted. Defaults to 10."},"reconnect_timeout":{"type":"Integer[0]","sensitive":false,"default_value":"180","description":"How long (in seconds) to attempt to reconnect before giving up. Defaults to 180."},"retry_interval":{"type":"Integer[0]","sensitive":false,"default_value":"1","description":"How long (in seconds) to wait between retries. Defaults to 1."},"fail_plan_on_errors":{"type":"Boolean","sensitive":false,"default_value":"true","description":"Raise an error if any targets do not successfully reboot. Defaults to true."}},"module":"/root/test/secure_linux_cis/.modules/reboot","private":false,"summary":null,"docstring":"Reboots targets and waits for them to be available again."},"secure_env_vars":{"name":"secure_env_vars","description":"Run a command or script with sensitive environment variables.\nEnvironment variables are loaded from the BOLT_ENV_VARS environment\nvariable, which is a JSON object mapping environment variable names\nto values.","parameters":{"targets":{"type":"TargetSpec","sensitive":false,"description":"The targets to run the command or script on."},"command":{"type":"Optional[String]","sensitive":false,"default_value":"undef","description":"The command to run."},"script":{"type":"Optional[String]","sensitive":false,"default_value":"undef","description":"The script to run. This can be either a relative path, absolute path, or a file from a module."}},"module":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/secure_env_vars","private":false,"summary":null,"docstring":"Run a command or script with sensitive environment variables.\nEnvironment variables are loaded from the BOLT_ENV_VARS environment\nvariable, which is a JSON object mapping environment variable names\nto values."},"secure_linux_cis":{"name":"secure_linux_cis","description":null,"parameters":{"targets":{"type":"TargetSpec","sensitive":false},"time_servers":{"type":"Array[Stdlib::Host]","sensitive":false,"default_value":"['time.google.com']"},"profile_type":{"type":"Enum['workstation', 'server']","sensitive":false,"default_value":"'server'"}},"module":"/root/test/secure_linux_cis","private":false,"summary":null,"docstring":null,"file":{"mtime":"2023-07-14 16:14:46 +0200","path":"/root/test/secure_linux_cis/plans/init.pp"}},"terraform::apply":{"name":"terraform::apply","description":null,"parameters":{"dir":{"type":"Optional[String[1]]","sensitive":false,"default_value":"undef"},"state":{"type":"Optional[String[1]]","sensitive":false,"default_value":"undef"},"state_out":{"type":"Optional[String[1]]","sensitive":false,"default_value":"undef"},"target":{"type":"Optional[Variant[String[1], Array[String[1]]]]","sensitive":false,"default_value":"undef"},"var":{"type":"Optional[Hash]","sensitive":false,"default_value":"undef"},"var_file":{"type":"Optional[Variant[String[1], Array[String[1]]]]","sensitive":false,"default_value":"undef"},"return_output":{"type":"Optional[Boolean]","sensitive":false,"default_value":"false"}},"module":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/terraform","private":false,"summary":null,"docstring":null},"terraform::destroy":{"name":"terraform::destroy","description":null,"parameters":{"dir":{"type":"Optional[String[1]]","sensitive":false,"default_value":"undef"},"state":{"type":"Optional[String[1]]","sensitive":false,"default_value":"undef"},"state_out":{"type":"Optional[String[1]]","sensitive":false,"default_value":"undef"},"target":{"type":"Optional[Variant[String[1], Array[String[1]]]]","sensitive":false,"default_value":"undef"},"var":{"type":"Optional[Hash]","sensitive":false,"default_value":"undef"},"var_file":{"type":"Optional[Variant[String[1], Array[String[1]]]]","sensitive":false,"default_value":"undef"}},"module":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/terraform","private":false,"summary":null,"docstring":null}} \ No newline at end of file diff --git a/.task_cache.json b/.task_cache.json index cde71174..7127f1e7 100644 --- a/.task_cache.json +++ b/.task_cache.json @@ -1 +1 @@ -{"apt":{"name":"apt","files":[{"name":"init.rb","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/apt/tasks/init.rb","mtime":"2022-11-16 21:41:14 -0500"}],"metadata":{"description":"Allows you to perform apt-get functions","input_method":"stdin","parameters":{"action":{"description":"Action to perform with apt-get","type":"Enum[update, upgrade, dist-upgrade, autoremove]"}}}},"exec":{"name":"exec","files":[{"name":"init.rb","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/exec/tasks/init.rb","mtime":"2022-11-16 21:41:15 -0500"},{"name":"windows.ps1","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/exec/tasks/windows.ps1","mtime":"2022-11-16 21:41:15 -0500"},{"name":"linux.sh","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/exec/tasks/linux.sh","mtime":"2022-11-16 21:41:15 -0500"}],"metadata":{"description":"Executes an arbitrary shell command on the target system","input_method":"stdin","parameters":{"command":{"description":"The command to run, including all arguments","type":"String[1]"},"interleave":{"description":"Interleave the stdout and stderr streams.(default: true)","type":"Optional[Variant[Boolean, Enum['true','false']]]"},"failonfail":{"description":"Should the task fail if the command exits nonzero.(default: true)","type":"Optional[Variant[Boolean, Enum['true','false']]]"}},"implementations":[{"name":"init.rb","requirements":["puppet-agent"]},{"name":"windows.ps1","requirements":["powershell"],"input_method":"powershell"},{"name":"linux.sh","requirements":["shell"],"input_method":"environment"}],"extensions":{"discovery":{"friendlyName":"Run a shell command","type":["host"]}}}},"facts":{"name":"facts","files":[{"name":"ruby.rb","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/facts/tasks/ruby.rb","mtime":"2022-11-16 21:41:14 -0500"},{"name":"powershell.ps1","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/facts/tasks/powershell.ps1","mtime":"2022-11-16 21:41:14 -0500"},{"name":"bash.sh","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/facts/tasks/bash.sh","mtime":"2022-11-16 21:41:14 -0500"},{"name":"ruby_task_helper/files/task_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/ruby_task_helper/files/task_helper.rb","mtime":"2022-08-15 17:21:35 -0400"}],"metadata":{"description":"Gather system facts","parameters":{},"implementations":[{"name":"ruby.rb","requirements":["puppet-agent"],"files":["ruby_task_helper/files/task_helper.rb"],"input_method":"stdin"},{"name":"powershell.ps1","requirements":["powershell"],"input_method":"environment"},{"name":"bash.sh","requirements":["shell"],"input_method":"environment"}]}},"http_request":{"name":"http_request","files":[{"name":"init.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/http_request/tasks/init.rb","mtime":"2022-08-15 17:21:34 -0400"},{"name":"ruby_task_helper/files/task_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/ruby_task_helper/files/task_helper.rb","mtime":"2022-08-15 17:21:35 -0400"}],"metadata":{"description":"Make a HTTP or HTTPS request.","input_method":"stdin","parameters":{"base_url":{"description":"The fully qualified URL scheme to make requests to.","type":"String[1]"},"body":{"description":"The request body. If json_endpoint is true, must be able representable as JSON. If json_endpoint is false, must be a string.","type":"Optional[Data]"},"cacert":{"description":"An absolute path to the CA certificate.","type":"Optional[String[1]]"},"cert":{"description":"An absolute path to the client certificate.","type":"Optional[String[1]]"},"follow_redirects":{"description":"If true, automatically follows redirects.","type":"Boolean","default":true},"headers":{"description":"A map of headers to add to the payload.","type":"Optional[Hash[String, String]]"},"json_endpoint":{"description":"If true, parses the request and response bodies as JSON and sets the Content-Type header to application/json.","type":"Boolean","default":false},"key":{"description":"An absolute path to the RSA keypair.","type":"Optional[String[1]]"},"max_redirects":{"description":"The maximum number of redirects to follow when follow_redirects is true.","type":"Integer[1]","default":20},"method":{"description":"The HTTP method to use.","type":"Enum[delete, get, post, put, patch]","default":"get"},"path":{"description":"The path to append to the base_url.","type":"Optional[String[1]]"}},"files":["ruby_task_helper/files/task_helper.rb"]}},"lvm::ensure_lv":{"name":"lvm::ensure_lv","files":[{"name":"ensure_lv.rb","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/lvm/tasks/ensure_lv.rb","mtime":"2022-11-16 21:41:15 -0500"}],"metadata":{"description":"Ensures settings on a logical volume using the type & provider","input_method":"stdin","parameters":{"ensure":{"description":"Present or absent","type":"Enum[present,absent]"},"name":{"description":"The name of the logical volume. This is the unqualified name and will be automatically added to the volume group's device path (e.g., '/dev/$vg/$lv').","type":"String[1]"},"volume_group":{"description":"The volume group name associated with this logical volume","type":"Optional[String[1]]"},"size":{"description":"The size of the logical volume. Set to undef to use all available space","type":"Optional[Pattern[/^[0-9]+(\\.[0-9]+)?[KMGTPEkmgtpe]/]]"},"extents":{"description":"The number of logical extents to allocate for the new logical volume. Set to undef to use all available space","type":"Optional[Pattern[/^\\d+(%(?:vg|pvs|free|origin)?)?$/]]"},"persistent":{"description":"Set to true to make the block device persistent","type":"Optional[Boolean]"},"thinpool":{"description":"Set to true to create a thin pool or to pool name to create thin volume","type":"Optional[Boolean]"},"poolmetadatasize":{"description":"Change the size of logical volume pool metadata","type":"Optional[Pattern[/^[0-9]+(\\.[0-9]+)?[KMGTPEkmgtpe]/]]"},"minor":{"description":"Set the minor number","type":"Optional[Integer[0,255]]"},"type":{"description":"Configures the logical volume type","type":"Optional[String[1]]"},"range":{"description":"Sets the inter-physical volume allocation policy. AIX only","type":"Optional[Enum[maximum,minimum]]"},"stripes":{"description":"The number of stripes to allocate for the new logical volume","type":"Optional[Integer]"},"stripesize":{"description":"The stripesize to use for the new logical volume","type":"Optional[Integer]"},"readahead":{"description":"The readahead count to use for the new logical volume","type":"Optional[String]"},"resize_fs":{"description":"Whether or not to resize the underlying filesystem when resizing the logical volume","type":"Optional[Boolean]"},"mirror":{"description":"The number of mirrors of the volume","type":"Optional[Integer[0,4]]"},"mirrorlog":{"description":"How to store the mirror log","type":"Optional[Enum[core,disk,mirrored]]"},"alloc":{"description":"Selects the allocation policy when a command needs to allocate Physical Extents from the Volume Group","type":"Optional[Enum[anywhere,contiguous,cling,inherit,normal]]"},"no_sync":{"description":"An optimization in lvcreate, at least on Linux"},"region_size":{"description":"A mirror is divided into regions of this size (in MB), the mirror log uses this granularity to track which regions are in sync. CAN NOT BE CHANGED on already mirrored volume. Take your mirror size in terabytes and round up that number to the next power of 2, using that number as the -R argument.","type":"Optional[Integer]"}}}},"lvm::ensure_pv":{"name":"lvm::ensure_pv","files":[{"name":"ensure_pv.rb","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/lvm/tasks/ensure_pv.rb","mtime":"2022-11-16 21:41:15 -0500"}],"metadata":{"description":"Ensures settings on a physical volumes using the type & provider","input_method":"stdin","parameters":{"name":{"description":"The name of the physical volume","type":"String[1]"},"ensure":{"description":"Present or absent","type":"Enum[present,absent]"},"unless_vg":{"description":"Do not do anything if the VG already exists. The value should be the name of the volume group to check for.","type":"Optional[String]"},"force":{"description":"Force the creation without any confirmation","type":"Optional[Boolean]"}}}},"lvm::ensure_vg":{"name":"lvm::ensure_vg","files":[{"name":"ensure_vg.rb","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/lvm/tasks/ensure_vg.rb","mtime":"2022-11-16 21:41:15 -0500"}],"metadata":{"description":"Ensures settings on a volume group using the type & provider","input_method":"stdin","parameters":{"name":{"description":"The name of the volume group","type":"String[1]"},"ensure":{"description":"Present or absent","type":"Enum[present,absent]"},"createonly":{"description":"If set to true the volume group will be created if it does not exist. If the volume group does exist no action will be taken","type":"Optional[Boolean]"},"followsymlinks":{"description":"If set to true all current and wanted values of the physical_volumes property will be followed to their real files on disk if they are in fact symlinks. This is useful to have Puppet determine what the actual PV device is if the property value is a symlink, like '/dev/disk/by-path/xxxx -> ../../sda'","type":"Optional[Boolean]"},"physical_volumes":{"description":"The list of physical volumes to be included in the volume group","type":"Array[String]"}}}},"lvm::extend_lv":{"name":"lvm::extend_lv","files":[{"name":"extend_lv.rb","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/lvm/tasks/extend_lv.rb","mtime":"2022-11-16 21:41:15 -0500"}],"metadata":{"description":"Extends a logical volume","input_method":"stdin","parameters":{"size":{"description":"Intended size or 'full'","type":"String[1]"},"logical_volume":{"description":"Name of the logical volume to extend","type":"String[1]"},"volume_group":{"description":"Name of the volume group on which the logical volume resides","type":"String[1]"}}}},"lvm::extend_vg":{"name":"lvm::extend_vg","files":[{"name":"extend_vg.rb","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/lvm/tasks/extend_vg.rb","mtime":"2022-11-16 21:41:15 -0500"}],"metadata":{"description":"Adds physical volumes to a volume group","input_method":"stdin","parameters":{"volume_group":{"description":"The name of the volume group","type":"String[1]"},"physical_volumes":{"description":"The list of physical volumes to be included in the volume group","type":"Array[String]"}}}},"lvm::mount_lv":{"name":"lvm::mount_lv","files":[{"name":"mount_lv.rb","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/lvm/tasks/mount_lv.rb","mtime":"2022-11-16 21:41:15 -0500"}],"metadata":{"description":"Mounts a logical volume","input_method":"stdin","parameters":{"volume_group":{"description":"The name of the volume group","type":"String[1]"},"logical_volume":{"description":"The name of the logical_volume to mount","type":"String[1]"},"mountpoint":{"description":"Where to mount the logical volume","type":"String[1]"},"fstype":{"description":"The mount type. Valid values depend on the operating system. This is a required option.","type":"String"},"options":{"description":"A single string containing options for the mount, as they would appear in fstab on Linux. For many platforms this is a comma-delimited string","type":"Optional[String]"},"atboot":{"description":"Whether to mount the mount at boot. Not all platforms support this.","type":"Optional[Boolean]"},"owner":{"description":"Owner for the mountpoint","type":"Optional[String]"},"group":{"description":"Group for the mountpoint","type":"Optional[String]"},"mode":{"description":"Permissions for the mountpoint","type":"Optional[String]"}}}},"package":{"name":"package","files":[{"name":"init.rb","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/package/tasks/init.rb","mtime":"2022-11-16 21:41:14 -0500"},{"name":"windows.ps1","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/package/tasks/windows.ps1","mtime":"2022-11-16 21:41:14 -0500"},{"name":"linux.sh","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/package/tasks/linux.sh","mtime":"2022-11-16 21:41:14 -0500"},{"name":"package/files/common.sh","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/package/files/common.sh","mtime":"2022-11-16 21:41:14 -0500"},{"name":"package/files/apt.sh","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/package/files/apt.sh","mtime":"2022-11-16 21:41:14 -0500"},{"name":"package/files/yum.sh","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/package/files/yum.sh","mtime":"2022-11-16 21:41:14 -0500"},{"name":"package/files/zypper.sh","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/package/files/zypper.sh","mtime":"2022-11-16 21:41:14 -0500"}],"metadata":{"description":"Manage and inspect the state of packages","input_method":"stdin","parameters":{"action":{"description":"The operation (install, status, uninstall and upgrade) to perform on the package.","type":"Enum[install, status, uninstall, upgrade]"},"name":{"description":"The name of the package to be manipulated.","type":"String[1]"},"version":{"description":"Version numbers must match the full version to install, including release if the provider uses a release moniker. Ranges or semver patterns are not accepted except for the gem package provider. For example, to install the bash package from the rpm bash-4.1.2-29.el6.x86_64.rpm, use the string '4.1.2-29.el6'.","type":"Optional[String[1]]"},"manager_options":{"description":"options to be sent to the package manager","type":"Optional[String[1]]"},"provider":{"description":"The provider to use to manage or inspect the package, defaults to the system package manager. Only used when the 'puppet-agent' feature is available on the target so we can leverage Puppet.","type":"Optional[String[1]]"}},"implementations":[{"name":"init.rb","requirements":["puppet-agent"]},{"name":"windows.ps1","requirements":["powershell"],"input_method":"powershell"},{"name":"linux.sh","requirements":["shell"],"input_method":"environment","files":["package/files/common.sh","package/files/apt.sh","package/files/yum.sh","package/files/zypper.sh"]}],"extensions":{"discovery":{"friendlyName":"Manage package","type":["package"]}}}},"pkcs7::secret_createkeys":{"name":"pkcs7::secret_createkeys","files":[{"name":"secret_createkeys.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/pkcs7/tasks/secret_createkeys.rb","mtime":"2022-08-15 17:21:34 -0400"},{"name":"ruby_task_helper/files/task_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/ruby_task_helper/files/task_helper.rb","mtime":"2022-08-15 17:21:35 -0400"}],"metadata":{"description":"Create a key pair","input_method":"stdin","parameters":{"force":{"type":"Boolean","description":"Whether to overwrite an existing key pair","default":false},"keysize":{"type":"Integer","description":"The size of the key to generate","default":2048},"private_key":{"type":"String","description":"Path to the private key","default":"keys/private_key.pkcs7.pem"},"public_key":{"type":"String","description":"Path to the public key","default":"keys/public_key.pkcs7.pem"}},"files":["ruby_task_helper/files/task_helper.rb"]}},"pkcs7::secret_decrypt":{"name":"pkcs7::secret_decrypt","files":[{"name":"secret_decrypt.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/pkcs7/tasks/secret_decrypt.rb","mtime":"2022-08-15 17:21:34 -0400"},{"name":"ruby_task_helper/files/task_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/ruby_task_helper/files/task_helper.rb","mtime":"2022-08-15 17:21:35 -0400"}],"metadata":{"description":"Decrypt sensitive data with pkcs7","input_method":"stdin","parameters":{"encrypted_value":{"type":"String","description":"The ciphertext to decrypt"},"private_key":{"type":"String","description":"Path to the private key","default":"keys/private_key.pkcs7.pem"},"public_key":{"type":"String","description":"Path to the public key","default":"keys/public_key.pkcs7.pem"}},"files":["ruby_task_helper/files/task_helper.rb"]}},"pkcs7::secret_encrypt":{"name":"pkcs7::secret_encrypt","files":[{"name":"secret_encrypt.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/pkcs7/tasks/secret_encrypt.rb","mtime":"2022-08-15 17:21:34 -0400"},{"name":"ruby_task_helper/files/task_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/ruby_task_helper/files/task_helper.rb","mtime":"2022-08-15 17:21:35 -0400"}],"metadata":{"description":"Encrypt sensitive data with pkcs7","input_method":"stdin","parameters":{"plaintext_value":{"type":"String","description":"The plaintext to encrypt"},"public_key":{"type":"String","description":"Path to the public key","default":"keys/public_key.pkcs7.pem"}},"files":["ruby_task_helper/files/task_helper.rb"]}},"puppet_agent::delete_local_filebucket":{"name":"puppet_agent::delete_local_filebucket","files":[{"name":"delete_local_filebucket.rb","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/puppet_agent/tasks/delete_local_filebucket.rb","mtime":"2022-11-16 21:41:15 -0500"},{"name":"puppet_agent/files/rb_task_helper.rb","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/puppet_agent/files/rb_task_helper.rb","mtime":"2022-11-16 21:41:15 -0500"}],"metadata":{"description":"Removes the local filebucket","parameters":{"force":{"description":"ignore nonexistent files and errors","type":"Optional[Boolean]"}},"files":["puppet_agent/files/rb_task_helper.rb"]}},"puppet_agent::facts_diff":{"name":"puppet_agent::facts_diff","files":[{"name":"facts_diff.rb","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/puppet_agent/tasks/facts_diff.rb","mtime":"2022-11-16 21:41:15 -0500"},{"name":"puppet_agent/files/rb_task_helper.rb","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/puppet_agent/files/rb_task_helper.rb","mtime":"2022-11-16 21:41:15 -0500"}],"metadata":{"description":"Run the Puppet agent facts diff action","parameters":{"exclude":{"description":"Regex used to exclude specific facts from diff","type":"Optional[String]"}},"files":["puppet_agent/files/rb_task_helper.rb"]}},"puppet_agent::install":{"name":"puppet_agent::install","files":[{"name":"install_shell.sh","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/puppet_agent/tasks/install_shell.sh","mtime":"2022-11-16 21:41:15 -0500"},{"name":"install_powershell.ps1","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/puppet_agent/tasks/install_powershell.ps1","mtime":"2022-11-16 21:41:15 -0500"},{"name":"facts/tasks/bash.sh","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/facts/tasks/bash.sh","mtime":"2022-11-16 21:41:14 -0500"}],"metadata":{"description":"Install the Puppet agent package","parameters":{"version":{"description":"The version of puppet-agent to install (defaults to latest when no agent is installed)","type":"Optional[String]"},"collection":{"description":"The Puppet collection to install from (defaults to puppet, which maps to the latest collection released)","type":"Optional[Enum[puppet6, puppet7, puppet, puppet6-nightly, puppet7-nightly, puppet-nightly]]"},"yum_source":{"description":"The source location to find yum repos (defaults to yum.puppet.com)","type":"Optional[String]"},"apt_source":{"description":"The source location to find apt repos (defaults to apt.puppet.com)","type":"Optional[String]"},"mac_source":{"description":"The source location to find mac packages (defaults to downloads.puppet.com)","type":"Optional[String]"},"windows_source":{"description":"The source location to find windows packages (defaults to downloads.puppet.com)","type":"Optional[String]"},"install_options":{"description":"optional install arguments to the windows installer (defaults to REINSTALLMODE=\"amus\")","type":"Optional[String]"},"stop_service":{"description":"Whether to stop the puppet agent service after install","type":"Optional[Boolean]"},"retry":{"description":"The number of retries in case of network connectivity failures","type":"Optional[Integer]","default":5}},"implementations":[{"name":"install_shell.sh","requirements":["shell"],"files":["facts/tasks/bash.sh"],"input_method":"environment"},{"name":"install_powershell.ps1","requirements":["powershell"]}],"supports_noop":true}},"puppet_agent::version":{"name":"puppet_agent::version","files":[{"name":"version_shell.sh","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/puppet_agent/tasks/version_shell.sh","mtime":"2022-11-16 21:41:15 -0500"},{"name":"version_powershell.ps1","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/puppet_agent/tasks/version_powershell.ps1","mtime":"2022-11-16 21:41:15 -0500"}],"metadata":{"description":"Get the version of the Puppet agent package installed. Returns nothing if none present.","parameters":{},"implementations":[{"name":"version_shell.sh","requirements":["shell"],"input_method":"environment"},{"name":"version_powershell.ps1","requirements":["powershell"]}]}},"puppet_conf":{"name":"puppet_conf","files":[{"name":"init.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/puppet_conf/tasks/init.rb","mtime":"2022-08-15 17:21:35 -0400"}],"metadata":{"description":"Inspect puppet agent configuration settings","input_method":"stdin","parameters":{"action":{"description":"The operation (get, set, delete) to perform on the configuration setting","type":"Enum[get, set, delete]"},"section":{"description":"The section of the config file. Defaults to main","type":"Optional[String[1]]"},"setting":{"description":"The name of the config entry to set/get","type":"String[1]"},"value":{"description":"The value you are setting. Only required for set","type":"Optional[String[1]]"}}}},"reboot":{"name":"reboot","files":[{"name":"init.rb","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/reboot/tasks/init.rb","mtime":"2022-11-16 21:41:15 -0500"},{"name":"nix.sh","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/reboot/tasks/nix.sh","mtime":"2022-11-16 21:41:15 -0500"},{"name":"win.ps1","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/reboot/tasks/win.ps1","mtime":"2022-11-16 21:41:15 -0500"}],"metadata":{"description":"Reboots a machine","supports_noop":false,"input_method":"stdin","parameters":{"timeout":{"description":"Timeout before shutdown (seconds); enforces a minimum of 3s","type":"Optional[Variant[Pattern[/^[0-9]*$/],Integer]]"},"message":{"description":"Shutdown message for systems that support it","type":"Optional[Pattern[/^[^|&]*$/]]"},"shutdown_only":{"description":"Only shut the machine down, do not reboot","type":"Optional[Boolean]"}},"implementations":[{"name":"init.rb","requirements":["puppet-agent"]},{"name":"nix.sh","requirements":["shell"],"input_method":"environment"},{"name":"win.ps1","requirements":["powershell"],"input_method":"powershell"}]}},"reboot::last_boot_time":{"name":"reboot::last_boot_time","files":[{"name":"last_boot_time_nix.sh","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/reboot/tasks/last_boot_time_nix.sh","mtime":"2022-11-16 21:41:15 -0500"},{"name":"last_boot_time_win.ps1","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/reboot/tasks/last_boot_time_win.ps1","mtime":"2022-11-16 21:41:15 -0500"}],"metadata":{"description":"Gets the last boot time of a Linux or Windows system","implementations":[{"name":"last_boot_time_nix.sh","requirements":["shell"]},{"name":"last_boot_time_win.ps1","requirements":["powershell"]}]}},"service":{"name":"service","files":[{"name":"init.rb","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/service/tasks/init.rb","mtime":"2022-11-16 21:41:14 -0500"},{"name":"windows.ps1","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/service/tasks/windows.ps1","mtime":"2022-11-16 21:41:14 -0500"},{"name":"linux.sh","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/service/tasks/linux.sh","mtime":"2022-11-16 21:41:14 -0500"},{"name":"service/files/common.sh","path":"/Users/bryanbelanger/projects/secure_linux_cis/.modules/service/files/common.sh","mtime":"2022-11-16 21:41:14 -0500"}],"metadata":{"description":"Manage and inspect the state of services","input_method":"stdin","parameters":{"action":{"description":"The operation (start, stop, restart, enable, disable, status) to perform on the service.","type":"Enum[start, stop, restart, enable, disable, status]"},"name":{"description":"The name of the service to operate on.","type":"String[1]"},"force":{"description":"Force a Windows service to restart even if it has dependent services. This parameter is passed for Windows services only.","type":"Optional[Boolean]"},"provider":{"description":"The provider to use to manage or inspect the service, defaults to the system service manager. Only used when the 'puppet-agent' feature is available on the target so we can leverage Puppet.","type":"Optional[String[1]]"}},"implementations":[{"name":"init.rb","requirements":["puppet-agent"]},{"name":"windows.ps1","requirements":["powershell"],"input_method":"powershell"},{"name":"linux.sh","requirements":["shell"],"input_method":"environment","files":["service/files/common.sh"]}],"extensions":{"discovery":{"friendlyName":"Manage service","type":["host"]}}}},"terraform::apply":{"name":"terraform::apply","files":[{"name":"apply.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/terraform/tasks/apply.rb","mtime":"2022-08-15 17:21:35 -0400"},{"name":"ruby_task_helper/files/task_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/ruby_task_helper/files/task_helper.rb","mtime":"2022-08-15 17:21:35 -0400"},{"name":"terraform/lib/cli_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/terraform/lib/cli_helper.rb","mtime":"2022-08-15 17:21:35 -0400"}],"metadata":{"description":"Apply an HCL manifest","files":["ruby_task_helper/files/task_helper.rb","terraform/lib/cli_helper.rb"],"input_method":"stdin","parameters":{"dir":{"type":"Optional[String[1]]","description":"Path to Terraform project directory. Path is relative to CWD, unless an absolute path is specified."},"state":{"type":"Optional[String[1]]","description":"Path to read and save state. Defaults to \"terraform.tfstate\". Path is relative to \"dir\""},"target":{"type":"Optional[Variant[String[1], Array[String[1]]]]","description":"Resource to target. Operation will be limited to this resource and its dependencies. Accepts a single resource string or an array of resources"},"var":{"type":"Optional[Hash]","description":"Set Terraform variables, expects a hash with key value pairs representing variables and values."},"var_file":{"type":"Optional[Variant[String[1], Array[String[1]]]]","description":"Set variables in the Terraform configuration from a file. Path is relative to \"dir\". Accepts a single var-file path or an array of paths"},"state_out":{"type":"Optional[String[1]]","description":"Path to write state to that is different than \"state\". This can be used to preserve the old state."}}}},"terraform::destroy":{"name":"terraform::destroy","files":[{"name":"destroy.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/terraform/tasks/destroy.rb","mtime":"2022-08-15 17:21:35 -0400"},{"name":"ruby_task_helper/files/task_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/ruby_task_helper/files/task_helper.rb","mtime":"2022-08-15 17:21:35 -0400"},{"name":"terraform/lib/cli_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/terraform/lib/cli_helper.rb","mtime":"2022-08-15 17:21:35 -0400"}],"metadata":{"description":"Destroy resources managed with Terraform","files":["ruby_task_helper/files/task_helper.rb","terraform/lib/cli_helper.rb"],"input_method":"stdin","parameters":{"dir":{"type":"Optional[String[1]]","description":"Path to Terraform project directory. Path is relative to CWD, unless an absolute path is specified."},"state":{"type":"Optional[String[1]]","description":"Path to read and save state. Defaults to \"terraform.tfstate\", Path is relative to \"dir\""},"target":{"type":"Optional[Variant[String[1], Array[String[1]]]]","description":"Resource to target. Operation will be limited to this resource and its dependencies. Accepts a single resource string or an array of resources"},"var":{"type":"Optional[Hash]","description":"Set Terraform variables, expects a hash with key value pairs representing variables and values."},"var_file":{"type":"Optional[Variant[String[1], Array[String[1]]]]","description":"Set variables in the Terraform configuration from a file. Path is relative to \"dir\". Accepts a single var-file path or an array of paths"},"state_out":{"type":"Optional[String[1]]","description":"Path to write state to that is different than \"state\". This can be used to preserve the old state."}}}},"terraform::initialize":{"name":"terraform::initialize","files":[{"name":"initialize.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/terraform/tasks/initialize.rb","mtime":"2022-08-15 17:21:35 -0400"},{"name":"ruby_task_helper/files/task_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/ruby_task_helper/files/task_helper.rb","mtime":"2022-08-15 17:21:35 -0400"},{"name":"terraform/lib/cli_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/terraform/lib/cli_helper.rb","mtime":"2022-08-15 17:21:35 -0400"}],"metadata":{"description":"Initialize a Terraform project directory","files":["ruby_task_helper/files/task_helper.rb","terraform/lib/cli_helper.rb"],"input_method":"stdin","parameters":{"dir":{"type":"Optional[String[1]]","description":"Path to Terraform project directory. Path is relative to CWD, unless an absolute path is specified."}}}},"terraform::output":{"name":"terraform::output","files":[{"name":"output.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/terraform/tasks/output.rb","mtime":"2022-08-15 17:21:35 -0400"},{"name":"ruby_task_helper/files/task_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/ruby_task_helper/files/task_helper.rb","mtime":"2022-08-15 17:21:35 -0400"},{"name":"terraform/lib/cli_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules/terraform/lib/cli_helper.rb","mtime":"2022-08-15 17:21:35 -0400"}],"metadata":{"description":"JSON representation of Terraform outputs","files":["ruby_task_helper/files/task_helper.rb","terraform/lib/cli_helper.rb"],"input_method":"stdin","parameters":{"dir":{"type":"Optional[String[1]]","description":"Path to Terraform project directory. Path is relative to CWD, unless an absolute path is specified."},"state":{"type":"Optional[String[1]]","description":"Path to read and save state. Defaults to \"terraform.tfstate\", Path is relative to \"dir\""}}}}} \ No newline at end of file +{"apt":{"name":"apt","files":[{"name":"init.rb","path":"/root/test/secure_linux_cis/.modules/apt/tasks/init.rb","mtime":"2023-07-14 16:30:02 +0200"}],"metadata":{"description":"Allows you to perform apt-get functions","input_method":"stdin","parameters":{"action":{"description":"Action to perform with apt-get","type":"Enum[update, upgrade, dist-upgrade, autoremove]"}}}},"exec":{"name":"exec","files":[{"name":"init.rb","path":"/root/test/secure_linux_cis/.modules/exec/tasks/init.rb","mtime":"2023-07-14 16:29:59 +0200"},{"name":"windows.ps1","path":"/root/test/secure_linux_cis/.modules/exec/tasks/windows.ps1","mtime":"2023-07-14 16:29:59 +0200"},{"name":"linux.sh","path":"/root/test/secure_linux_cis/.modules/exec/tasks/linux.sh","mtime":"2023-07-14 16:29:59 +0200"}],"metadata":{"description":"Executes an arbitrary shell command on the target system","input_method":"stdin","parameters":{"command":{"description":"The command to run, including all arguments","type":"String[1]"},"interleave":{"description":"Interleave the stdout and stderr streams.(default: true)","type":"Optional[Variant[Boolean, Enum['true','false']]]"},"failonfail":{"description":"Should the task fail if the command exits nonzero.(default: true)","type":"Optional[Variant[Boolean, Enum['true','false']]]"}},"implementations":[{"name":"init.rb","requirements":["puppet-agent"]},{"name":"windows.ps1","requirements":["powershell"],"input_method":"powershell"},{"name":"linux.sh","requirements":["shell"],"input_method":"environment"}],"extensions":{"discovery":{"friendlyName":"Run a shell command","type":["host"]}}}},"facts":{"name":"facts","files":[{"name":"ruby.rb","path":"/root/test/secure_linux_cis/.modules/facts/tasks/ruby.rb","mtime":"2023-07-14 16:30:02 +0200"},{"name":"powershell.ps1","path":"/root/test/secure_linux_cis/.modules/facts/tasks/powershell.ps1","mtime":"2023-07-14 16:30:02 +0200"},{"name":"bash.sh","path":"/root/test/secure_linux_cis/.modules/facts/tasks/bash.sh","mtime":"2023-07-14 16:30:02 +0200"},{"name":"ruby_task_helper/files/task_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/ruby_task_helper/files/task_helper.rb","mtime":"2023-03-13 21:15:33 +0100"}],"metadata":{"description":"Gather system facts","parameters":{},"implementations":[{"name":"ruby.rb","requirements":["puppet-agent"],"files":["ruby_task_helper/files/task_helper.rb"],"input_method":"stdin"},{"name":"powershell.ps1","requirements":["powershell"],"input_method":"environment"},{"name":"bash.sh","requirements":["shell"],"input_method":"environment"}]}},"http_request":{"name":"http_request","files":[{"name":"init.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/http_request/tasks/init.rb","mtime":"2023-03-13 21:15:33 +0100"},{"name":"ruby_task_helper/files/task_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/ruby_task_helper/files/task_helper.rb","mtime":"2023-03-13 21:15:33 +0100"}],"metadata":{"description":"Make a HTTP or HTTPS request.","input_method":"stdin","parameters":{"base_url":{"description":"The fully qualified URL scheme to make requests to.","type":"String[1]"},"body":{"description":"The request body. If json_endpoint is true, must be able representable as JSON. If json_endpoint is false, must be a string.","type":"Optional[Data]"},"cacert":{"description":"An absolute path to the CA certificate.","type":"Optional[String[1]]"},"cert":{"description":"An absolute path to the client certificate.","type":"Optional[String[1]]"},"follow_redirects":{"description":"If true, automatically follows redirects.","type":"Boolean","default":true},"headers":{"description":"A map of headers to add to the payload.","type":"Optional[Hash[String, String]]"},"json_endpoint":{"description":"If true, parses the request and response bodies as JSON and sets the Content-Type header to application/json.","type":"Boolean","default":false},"key":{"description":"An absolute path to the RSA keypair.","type":"Optional[String[1]]"},"max_redirects":{"description":"The maximum number of redirects to follow when follow_redirects is true.","type":"Integer[1]","default":20},"method":{"description":"The HTTP method to use.","type":"Enum[delete, get, post, put, patch]","default":"get"},"path":{"description":"The path to append to the base_url.","type":"Optional[String[1]]"}},"files":["ruby_task_helper/files/task_helper.rb"]}},"lvm::ensure_lv":{"name":"lvm::ensure_lv","files":[{"name":"ensure_lv.rb","path":"/root/test/secure_linux_cis/.modules/lvm/tasks/ensure_lv.rb","mtime":"2023-07-14 16:29:59 +0200"}],"metadata":{"description":"Ensures settings on a logical volume using the type & provider","input_method":"stdin","parameters":{"ensure":{"description":"Present or absent","type":"Enum[present,absent]"},"name":{"description":"The name of the logical volume. This is the unqualified name and will be automatically added to the volume group's device path (e.g., '/dev/$vg/$lv').","type":"String[1]"},"volume_group":{"description":"The volume group name associated with this logical volume","type":"Optional[String[1]]"},"size":{"description":"The size of the logical volume. Set to undef to use all available space","type":"Optional[Pattern[/^[0-9]+(\\.[0-9]+)?[KMGTPEkmgtpe]/]]"},"extents":{"description":"The number of logical extents to allocate for the new logical volume. Set to undef to use all available space","type":"Optional[Pattern[/^\\d+(%(?:vg|pvs|free|origin)?)?$/]]"},"persistent":{"description":"Set to true to make the block device persistent","type":"Optional[Boolean]"},"thinpool":{"description":"Set to true to create a thin pool or to pool name to create thin volume","type":"Optional[Boolean]"},"poolmetadatasize":{"description":"Change the size of logical volume pool metadata","type":"Optional[Pattern[/^[0-9]+(\\.[0-9]+)?[KMGTPEkmgtpe]/]]"},"minor":{"description":"Set the minor number","type":"Optional[Integer[0,255]]"},"type":{"description":"Configures the logical volume type","type":"Optional[String[1]]"},"range":{"description":"Sets the inter-physical volume allocation policy. AIX only","type":"Optional[Enum[maximum,minimum]]"},"stripes":{"description":"The number of stripes to allocate for the new logical volume","type":"Optional[Integer]"},"stripesize":{"description":"The stripesize to use for the new logical volume","type":"Optional[Integer]"},"readahead":{"description":"The readahead count to use for the new logical volume","type":"Optional[String]"},"resize_fs":{"description":"Whether or not to resize the underlying filesystem when resizing the logical volume","type":"Optional[Boolean]"},"mirror":{"description":"The number of mirrors of the volume","type":"Optional[Integer[0,4]]"},"mirrorlog":{"description":"How to store the mirror log","type":"Optional[Enum[core,disk,mirrored]]"},"alloc":{"description":"Selects the allocation policy when a command needs to allocate Physical Extents from the Volume Group","type":"Optional[Enum[anywhere,contiguous,cling,inherit,normal]]"},"no_sync":{"description":"An optimization in lvcreate, at least on Linux"},"region_size":{"description":"A mirror is divided into regions of this size (in MB), the mirror log uses this granularity to track which regions are in sync. CAN NOT BE CHANGED on already mirrored volume. Take your mirror size in terabytes and round up that number to the next power of 2, using that number as the -R argument.","type":"Optional[Integer]"}}}},"lvm::ensure_pv":{"name":"lvm::ensure_pv","files":[{"name":"ensure_pv.rb","path":"/root/test/secure_linux_cis/.modules/lvm/tasks/ensure_pv.rb","mtime":"2023-07-14 16:29:59 +0200"}],"metadata":{"description":"Ensures settings on a physical volumes using the type & provider","input_method":"stdin","parameters":{"name":{"description":"The name of the physical volume","type":"String[1]"},"ensure":{"description":"Present or absent","type":"Enum[present,absent]"},"unless_vg":{"description":"Do not do anything if the VG already exists. The value should be the name of the volume group to check for.","type":"Optional[String]"},"force":{"description":"Force the creation without any confirmation","type":"Optional[Boolean]"}}}},"lvm::ensure_vg":{"name":"lvm::ensure_vg","files":[{"name":"ensure_vg.rb","path":"/root/test/secure_linux_cis/.modules/lvm/tasks/ensure_vg.rb","mtime":"2023-07-14 16:29:59 +0200"}],"metadata":{"description":"Ensures settings on a volume group using the type & provider","input_method":"stdin","parameters":{"name":{"description":"The name of the volume group","type":"String[1]"},"ensure":{"description":"Present or absent","type":"Enum[present,absent]"},"createonly":{"description":"If set to true the volume group will be created if it does not exist. If the volume group does exist no action will be taken","type":"Optional[Boolean]"},"followsymlinks":{"description":"If set to true all current and wanted values of the physical_volumes property will be followed to their real files on disk if they are in fact symlinks. This is useful to have Puppet determine what the actual PV device is if the property value is a symlink, like '/dev/disk/by-path/xxxx -> ../../sda'","type":"Optional[Boolean]"},"physical_volumes":{"description":"The list of physical volumes to be included in the volume group","type":"Array[String]"}}}},"lvm::extend_lv":{"name":"lvm::extend_lv","files":[{"name":"extend_lv.rb","path":"/root/test/secure_linux_cis/.modules/lvm/tasks/extend_lv.rb","mtime":"2023-07-14 16:29:59 +0200"}],"metadata":{"description":"Extends a logical volume","input_method":"stdin","parameters":{"size":{"description":"Intended size or 'full'","type":"String[1]"},"logical_volume":{"description":"Name of the logical volume to extend","type":"String[1]"},"volume_group":{"description":"Name of the volume group on which the logical volume resides","type":"String[1]"}}}},"lvm::extend_vg":{"name":"lvm::extend_vg","files":[{"name":"extend_vg.rb","path":"/root/test/secure_linux_cis/.modules/lvm/tasks/extend_vg.rb","mtime":"2023-07-14 16:29:59 +0200"}],"metadata":{"description":"Adds physical volumes to a volume group","input_method":"stdin","parameters":{"volume_group":{"description":"The name of the volume group","type":"String[1]"},"physical_volumes":{"description":"The list of physical volumes to be included in the volume group","type":"Array[String]"}}}},"lvm::mount_lv":{"name":"lvm::mount_lv","files":[{"name":"mount_lv.rb","path":"/root/test/secure_linux_cis/.modules/lvm/tasks/mount_lv.rb","mtime":"2023-07-14 16:29:59 +0200"}],"metadata":{"description":"Mounts a logical volume","input_method":"stdin","parameters":{"volume_group":{"description":"The name of the volume group","type":"String[1]"},"logical_volume":{"description":"The name of the logical_volume to mount","type":"String[1]"},"mountpoint":{"description":"Where to mount the logical volume","type":"String[1]"},"fstype":{"description":"The mount type. Valid values depend on the operating system. This is a required option.","type":"String"},"options":{"description":"A single string containing options for the mount, as they would appear in fstab on Linux. For many platforms this is a comma-delimited string","type":"Optional[String]"},"atboot":{"description":"Whether to mount the mount at boot. Not all platforms support this.","type":"Optional[Boolean]"},"owner":{"description":"Owner for the mountpoint","type":"Optional[String]"},"group":{"description":"Group for the mountpoint","type":"Optional[String]"},"mode":{"description":"Permissions for the mountpoint","type":"Optional[String]"}}}},"package":{"name":"package","files":[{"name":"init.rb","path":"/root/test/secure_linux_cis/.modules/package/tasks/init.rb","mtime":"2023-07-14 16:30:02 +0200"},{"name":"windows.ps1","path":"/root/test/secure_linux_cis/.modules/package/tasks/windows.ps1","mtime":"2023-07-14 16:30:02 +0200"},{"name":"linux.sh","path":"/root/test/secure_linux_cis/.modules/package/tasks/linux.sh","mtime":"2023-07-14 16:30:02 +0200"},{"name":"package/files/common.sh","path":"/root/test/secure_linux_cis/.modules/package/files/common.sh","mtime":"2023-07-14 16:30:02 +0200"},{"name":"package/files/apt.sh","path":"/root/test/secure_linux_cis/.modules/package/files/apt.sh","mtime":"2023-07-14 16:30:02 +0200"},{"name":"package/files/yum.sh","path":"/root/test/secure_linux_cis/.modules/package/files/yum.sh","mtime":"2023-07-14 16:30:02 +0200"},{"name":"package/files/zypper.sh","path":"/root/test/secure_linux_cis/.modules/package/files/zypper.sh","mtime":"2023-07-14 16:30:02 +0200"}],"metadata":{"description":"Manage and inspect the state of packages","input_method":"stdin","parameters":{"action":{"description":"The operation (install, status, uninstall and upgrade) to perform on the package.","type":"Enum[install, status, uninstall, upgrade]"},"name":{"description":"The name of the package to be manipulated.","type":"String[1]"},"version":{"description":"Version numbers must match the full version to install, including release if the provider uses a release moniker. Ranges or semver patterns are not accepted except for the gem package provider. For example, to install the bash package from the rpm bash-4.1.2-29.el6.x86_64.rpm, use the string '4.1.2-29.el6'.","type":"Optional[String[1]]"},"manager_options":{"description":"options to be sent to the package manager","type":"Optional[String[1]]"},"provider":{"description":"The provider to use to manage or inspect the package, defaults to the system package manager. Only used when the 'puppet-agent' feature is available on the target so we can leverage Puppet.","type":"Optional[String[1]]"}},"implementations":[{"name":"init.rb","requirements":["puppet-agent"]},{"name":"windows.ps1","requirements":["powershell"],"input_method":"powershell"},{"name":"linux.sh","requirements":["shell"],"input_method":"environment","files":["package/files/common.sh","package/files/apt.sh","package/files/yum.sh","package/files/zypper.sh"]}],"extensions":{"discovery":{"friendlyName":"Manage package","type":["package"]}}}},"pkcs7::secret_createkeys":{"name":"pkcs7::secret_createkeys","files":[{"name":"secret_createkeys.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/pkcs7/tasks/secret_createkeys.rb","mtime":"2023-03-13 21:15:33 +0100"},{"name":"ruby_task_helper/files/task_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/ruby_task_helper/files/task_helper.rb","mtime":"2023-03-13 21:15:33 +0100"}],"metadata":{"description":"Create a key pair","input_method":"stdin","parameters":{"force":{"type":"Boolean","description":"Whether to overwrite an existing key pair","default":false},"keysize":{"type":"Integer","description":"The size of the key to generate","default":2048},"private_key":{"type":"String","description":"Path to the private key","default":"keys/private_key.pkcs7.pem"},"public_key":{"type":"String","description":"Path to the public key","default":"keys/public_key.pkcs7.pem"}},"files":["ruby_task_helper/files/task_helper.rb"]}},"pkcs7::secret_decrypt":{"name":"pkcs7::secret_decrypt","files":[{"name":"secret_decrypt.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/pkcs7/tasks/secret_decrypt.rb","mtime":"2023-03-13 21:15:33 +0100"},{"name":"ruby_task_helper/files/task_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/ruby_task_helper/files/task_helper.rb","mtime":"2023-03-13 21:15:33 +0100"}],"metadata":{"description":"Decrypt sensitive data with pkcs7","input_method":"stdin","parameters":{"encrypted_value":{"type":"String","description":"The ciphertext to decrypt"},"private_key":{"type":"String","description":"Path to the private key","default":"keys/private_key.pkcs7.pem"},"public_key":{"type":"String","description":"Path to the public key","default":"keys/public_key.pkcs7.pem"}},"files":["ruby_task_helper/files/task_helper.rb"]}},"pkcs7::secret_encrypt":{"name":"pkcs7::secret_encrypt","files":[{"name":"secret_encrypt.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/pkcs7/tasks/secret_encrypt.rb","mtime":"2023-03-13 21:15:33 +0100"},{"name":"ruby_task_helper/files/task_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/ruby_task_helper/files/task_helper.rb","mtime":"2023-03-13 21:15:33 +0100"}],"metadata":{"description":"Encrypt sensitive data with pkcs7","input_method":"stdin","parameters":{"plaintext_value":{"type":"String","description":"The plaintext to encrypt"},"public_key":{"type":"String","description":"Path to the public key","default":"keys/public_key.pkcs7.pem"}},"files":["ruby_task_helper/files/task_helper.rb"]}},"puppet_agent::delete_local_filebucket":{"name":"puppet_agent::delete_local_filebucket","files":[{"name":"delete_local_filebucket.rb","path":"/root/test/secure_linux_cis/.modules/puppet_agent/tasks/delete_local_filebucket.rb","mtime":"2023-07-14 16:30:00 +0200"},{"name":"puppet_agent/files/rb_task_helper.rb","path":"/root/test/secure_linux_cis/.modules/puppet_agent/files/rb_task_helper.rb","mtime":"2023-07-14 16:30:00 +0200"}],"metadata":{"description":"Removes the local filebucket","parameters":{"force":{"description":"ignore nonexistent files and errors","type":"Optional[Boolean]"}},"files":["puppet_agent/files/rb_task_helper.rb"]}},"puppet_agent::facts_diff":{"name":"puppet_agent::facts_diff","files":[{"name":"facts_diff.rb","path":"/root/test/secure_linux_cis/.modules/puppet_agent/tasks/facts_diff.rb","mtime":"2023-07-14 16:30:00 +0200"},{"name":"puppet_agent/files/rb_task_helper.rb","path":"/root/test/secure_linux_cis/.modules/puppet_agent/files/rb_task_helper.rb","mtime":"2023-07-14 16:30:00 +0200"}],"metadata":{"description":"Run the Puppet agent facts diff action","parameters":{"exclude":{"description":"Regex used to exclude specific facts from diff","type":"Optional[String]"}},"files":["puppet_agent/files/rb_task_helper.rb"]}},"puppet_agent::install":{"name":"puppet_agent::install","files":[{"name":"install_shell.sh","path":"/root/test/secure_linux_cis/.modules/puppet_agent/tasks/install_shell.sh","mtime":"2023-07-14 16:30:00 +0200"},{"name":"install_powershell.ps1","path":"/root/test/secure_linux_cis/.modules/puppet_agent/tasks/install_powershell.ps1","mtime":"2023-07-14 16:30:00 +0200"},{"name":"facts/tasks/bash.sh","path":"/root/test/secure_linux_cis/.modules/facts/tasks/bash.sh","mtime":"2023-07-14 16:30:02 +0200"}],"metadata":{"description":"Install the Puppet agent package","parameters":{"version":{"description":"The version of puppet-agent to install (defaults to latest when no agent is installed)","type":"Optional[String]"},"collection":{"description":"The Puppet collection to install from (defaults to puppet, which maps to the latest collection released)","type":"Optional[Enum[puppet6, puppet7, puppet, puppet6-nightly, puppet7-nightly, puppet-nightly]]"},"yum_source":{"description":"The source location to find yum repos (defaults to yum.puppet.com)","type":"Optional[String]"},"apt_source":{"description":"The source location to find apt repos (defaults to apt.puppet.com)","type":"Optional[String]"},"mac_source":{"description":"The source location to find mac packages (defaults to downloads.puppet.com)","type":"Optional[String]"},"windows_source":{"description":"The source location to find windows packages (defaults to downloads.puppet.com)","type":"Optional[String]"},"install_options":{"description":"optional install arguments to the windows installer (defaults to REINSTALLMODE=\"amus\")","type":"Optional[String]"},"stop_service":{"description":"Whether to stop the puppet agent service after install","type":"Optional[Boolean]"},"retry":{"description":"The number of retries in case of network connectivity failures","type":"Optional[Integer]","default":5}},"implementations":[{"name":"install_shell.sh","requirements":["shell"],"files":["facts/tasks/bash.sh"],"input_method":"environment"},{"name":"install_powershell.ps1","requirements":["powershell"]}],"supports_noop":true}},"puppet_agent::version":{"name":"puppet_agent::version","files":[{"name":"version_shell.sh","path":"/root/test/secure_linux_cis/.modules/puppet_agent/tasks/version_shell.sh","mtime":"2023-07-14 16:30:00 +0200"},{"name":"version_powershell.ps1","path":"/root/test/secure_linux_cis/.modules/puppet_agent/tasks/version_powershell.ps1","mtime":"2023-07-14 16:30:00 +0200"}],"metadata":{"description":"Get the version of the Puppet agent package installed. Returns nothing if none present.","parameters":{},"implementations":[{"name":"version_shell.sh","requirements":["shell"],"input_method":"environment"},{"name":"version_powershell.ps1","requirements":["powershell"]}]}},"puppet_conf":{"name":"puppet_conf","files":[{"name":"init.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/puppet_conf/tasks/init.rb","mtime":"2023-03-13 21:15:33 +0100"}],"metadata":{"description":"Inspect puppet agent configuration settings","input_method":"stdin","parameters":{"action":{"description":"The operation (get, set, delete) to perform on the configuration setting","type":"Enum[get, set, delete]"},"section":{"description":"The section of the config file. Defaults to main","type":"Optional[String[1]]"},"setting":{"description":"The name of the config entry to set/get","type":"String[1]"},"value":{"description":"The value you are setting. Only required for set","type":"Optional[String[1]]"}}}},"reboot":{"name":"reboot","files":[{"name":"init.rb","path":"/root/test/secure_linux_cis/.modules/reboot/tasks/init.rb","mtime":"2023-07-14 16:30:00 +0200"},{"name":"nix.sh","path":"/root/test/secure_linux_cis/.modules/reboot/tasks/nix.sh","mtime":"2023-07-14 16:30:00 +0200"},{"name":"win.ps1","path":"/root/test/secure_linux_cis/.modules/reboot/tasks/win.ps1","mtime":"2023-07-14 16:30:00 +0200"}],"metadata":{"description":"Reboots a machine","supports_noop":false,"input_method":"stdin","parameters":{"timeout":{"description":"Timeout before shutdown (seconds); enforces a minimum of 3s","type":"Optional[Variant[Pattern[/^[0-9]*$/],Integer]]"},"message":{"description":"Shutdown message for systems that support it","type":"Optional[Pattern[/^[^|&]*$/]]"},"shutdown_only":{"description":"Only shut the machine down, do not reboot","type":"Optional[Boolean]"}},"implementations":[{"name":"init.rb","requirements":["puppet-agent"]},{"name":"nix.sh","requirements":["shell"],"input_method":"environment"},{"name":"win.ps1","requirements":["powershell"],"input_method":"powershell"}]}},"reboot::last_boot_time":{"name":"reboot::last_boot_time","files":[{"name":"last_boot_time_nix.sh","path":"/root/test/secure_linux_cis/.modules/reboot/tasks/last_boot_time_nix.sh","mtime":"2023-07-14 16:30:00 +0200"},{"name":"last_boot_time_win.ps1","path":"/root/test/secure_linux_cis/.modules/reboot/tasks/last_boot_time_win.ps1","mtime":"2023-07-14 16:30:00 +0200"}],"metadata":{"description":"Gets the last boot time of a Linux or Windows system","implementations":[{"name":"last_boot_time_nix.sh","requirements":["shell"]},{"name":"last_boot_time_win.ps1","requirements":["powershell"]}]}},"service":{"name":"service","files":[{"name":"init.rb","path":"/root/test/secure_linux_cis/.modules/service/tasks/init.rb","mtime":"2023-07-14 16:30:02 +0200"},{"name":"windows.ps1","path":"/root/test/secure_linux_cis/.modules/service/tasks/windows.ps1","mtime":"2023-07-14 16:30:02 +0200"},{"name":"linux.sh","path":"/root/test/secure_linux_cis/.modules/service/tasks/linux.sh","mtime":"2023-07-14 16:30:02 +0200"},{"name":"service/files/common.sh","path":"/root/test/secure_linux_cis/.modules/service/files/common.sh","mtime":"2023-07-14 16:30:02 +0200"}],"metadata":{"description":"Manage and inspect the state of services","input_method":"stdin","parameters":{"action":{"description":"The operation (start, stop, restart, enable, disable, status) to perform on the service.","type":"Enum[start, stop, restart, enable, disable, status]"},"name":{"description":"The name of the service to operate on.","type":"String[1]"},"force":{"description":"Force a Windows service to restart even if it has dependent services. This parameter is passed for Windows services only.","type":"Optional[Boolean]"},"provider":{"description":"The provider to use to manage or inspect the service, defaults to the system service manager. Only used when the 'puppet-agent' feature is available on the target so we can leverage Puppet.","type":"Optional[String[1]]"}},"implementations":[{"name":"init.rb","requirements":["puppet-agent"]},{"name":"windows.ps1","requirements":["powershell"],"input_method":"powershell"},{"name":"linux.sh","requirements":["shell"],"input_method":"environment","files":["service/files/common.sh"]}],"extensions":{"discovery":{"friendlyName":"Manage service","type":["host"]}}}},"terraform::apply":{"name":"terraform::apply","files":[{"name":"apply.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/terraform/tasks/apply.rb","mtime":"2023-03-13 21:15:33 +0100"},{"name":"ruby_task_helper/files/task_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/ruby_task_helper/files/task_helper.rb","mtime":"2023-03-13 21:15:33 +0100"},{"name":"terraform/lib/cli_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/terraform/lib/cli_helper.rb","mtime":"2023-03-13 21:15:33 +0100"}],"metadata":{"description":"Apply an HCL manifest","files":["ruby_task_helper/files/task_helper.rb","terraform/lib/cli_helper.rb"],"input_method":"stdin","parameters":{"dir":{"type":"Optional[String[1]]","description":"Path to Terraform project directory. Path is relative to CWD, unless an absolute path is specified."},"state":{"type":"Optional[String[1]]","description":"Path to read and save state. Defaults to \"terraform.tfstate\". Path is relative to \"dir\""},"target":{"type":"Optional[Variant[String[1], Array[String[1]]]]","description":"Resource to target. Operation will be limited to this resource and its dependencies. Accepts a single resource string or an array of resources"},"var":{"type":"Optional[Hash]","description":"Set Terraform variables, expects a hash with key value pairs representing variables and values."},"var_file":{"type":"Optional[Variant[String[1], Array[String[1]]]]","description":"Set variables in the Terraform configuration from a file. Path is relative to \"dir\". Accepts a single var-file path or an array of paths"},"state_out":{"type":"Optional[String[1]]","description":"Path to write state to that is different than \"state\". This can be used to preserve the old state."}}}},"terraform::destroy":{"name":"terraform::destroy","files":[{"name":"destroy.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/terraform/tasks/destroy.rb","mtime":"2023-03-13 21:15:33 +0100"},{"name":"ruby_task_helper/files/task_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/ruby_task_helper/files/task_helper.rb","mtime":"2023-03-13 21:15:33 +0100"},{"name":"terraform/lib/cli_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/terraform/lib/cli_helper.rb","mtime":"2023-03-13 21:15:33 +0100"}],"metadata":{"description":"Destroy resources managed with Terraform","files":["ruby_task_helper/files/task_helper.rb","terraform/lib/cli_helper.rb"],"input_method":"stdin","parameters":{"dir":{"type":"Optional[String[1]]","description":"Path to Terraform project directory. Path is relative to CWD, unless an absolute path is specified."},"state":{"type":"Optional[String[1]]","description":"Path to read and save state. Defaults to \"terraform.tfstate\", Path is relative to \"dir\""},"target":{"type":"Optional[Variant[String[1], Array[String[1]]]]","description":"Resource to target. Operation will be limited to this resource and its dependencies. Accepts a single resource string or an array of resources"},"var":{"type":"Optional[Hash]","description":"Set Terraform variables, expects a hash with key value pairs representing variables and values."},"var_file":{"type":"Optional[Variant[String[1], Array[String[1]]]]","description":"Set variables in the Terraform configuration from a file. Path is relative to \"dir\". Accepts a single var-file path or an array of paths"},"state_out":{"type":"Optional[String[1]]","description":"Path to write state to that is different than \"state\". This can be used to preserve the old state."}}}},"terraform::initialize":{"name":"terraform::initialize","files":[{"name":"initialize.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/terraform/tasks/initialize.rb","mtime":"2023-03-13 21:15:33 +0100"},{"name":"ruby_task_helper/files/task_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/ruby_task_helper/files/task_helper.rb","mtime":"2023-03-13 21:15:33 +0100"},{"name":"terraform/lib/cli_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/terraform/lib/cli_helper.rb","mtime":"2023-03-13 21:15:33 +0100"}],"metadata":{"description":"Initialize a Terraform project directory","files":["ruby_task_helper/files/task_helper.rb","terraform/lib/cli_helper.rb"],"input_method":"stdin","parameters":{"dir":{"type":"Optional[String[1]]","description":"Path to Terraform project directory. Path is relative to CWD, unless an absolute path is specified."}}}},"terraform::output":{"name":"terraform::output","files":[{"name":"output.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/terraform/tasks/output.rb","mtime":"2023-03-13 21:15:33 +0100"},{"name":"ruby_task_helper/files/task_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/ruby_task_helper/files/task_helper.rb","mtime":"2023-03-13 21:15:33 +0100"},{"name":"terraform/lib/cli_helper.rb","path":"/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules/terraform/lib/cli_helper.rb","mtime":"2023-03-13 21:15:33 +0100"}],"metadata":{"description":"JSON representation of Terraform outputs","files":["ruby_task_helper/files/task_helper.rb","terraform/lib/cli_helper.rb"],"input_method":"stdin","parameters":{"dir":{"type":"Optional[String[1]]","description":"Path to Terraform project directory. Path is relative to CWD, unless an absolute path is specified."},"state":{"type":"Optional[String[1]]","description":"Path to read and save state. Defaults to \"terraform.tfstate\", Path is relative to \"dir\""}}}}} \ No newline at end of file diff --git a/Puppetfile b/Puppetfile index 1df71dd6..035d9222 100644 --- a/Puppetfile +++ b/Puppetfile @@ -4,34 +4,35 @@ # The following directive installs modules to the managed moduledir. moduledir '.modules' -mod 'puppetlabs/package', '2.3.0' -mod 'puppetlabs/service', '2.3.0' -mod 'herculesteam/augeasproviders_sysctl', '2.6.2' -mod 'puppet/augeasproviders_pam', '3.0.1' -mod 'puppet/augeasproviders_core', '3.2.0' -mod 'puppetlabs/facts', '1.4.0' -mod 'puppetlabs/apt', '8.5.0' -mod 'camptocamp/augeas', '1.9.0' -mod 'puppet/alternatives', '4.1.0' -mod 'puppet/firewalld', '4.5.1' -mod 'puppet/kmod', '3.2.0' -mod 'puppet/logrotate', '6.1.0' -mod 'puppet/postfix', '3.0.0' -mod 'puppet/selinux', '3.4.1' -mod 'puppet/systemd', '3.10.0' -mod 'puppetlabs/augeas_core', '1.2.0' -mod 'puppetlabs/concat', '7.2.0' -mod 'puppetlabs/firewall', '3.5.0' -mod 'puppetlabs/inifile', '5.3.0' -mod 'puppetlabs/mailalias_core', '1.1.0' -mod 'puppetlabs/ntp', '9.1.1' -mod 'puppetlabs/puppet_agent', '4.12.1' -mod 'puppetlabs/reboot', '4.2.0' -mod 'puppetlabs/stdlib', '6.6.0' -mod 'ubeek/auditd', '1.0.3' -mod 'puppetlabs/mount_core', '1.1.0' -mod 'puppet/cron', '3.0.0' -mod 'puppet/augeasproviders_grub', '4.0.0' -mod 'puppet/augeasproviders_shellvar', '5.0.0' -mod 'puppetlabs/lvm', '1.4.0' +mod 'puppet/chrony', '3.0.0' mod 'puppetlabs/exec', '2.2.0' +mod 'puppetlabs/lvm', '1.4.0' +mod 'puppet/augeasproviders_shellvar', '5.0.0' +mod 'puppet/augeasproviders_grub', '4.0.0' +mod 'puppet/cron', '3.0.0' +mod 'puppetlabs/mount_core', '1.1.0' +mod 'ubeek/auditd', '1.0.3' +mod 'puppetlabs/stdlib', '6.6.0' +mod 'puppetlabs/reboot', '4.2.0' +mod 'puppetlabs/puppet_agent', '4.12.1' +mod 'puppetlabs/ntp', '9.1.1' +mod 'puppetlabs/mailalias_core', '1.1.0' +mod 'puppetlabs/inifile', '5.3.0' +mod 'puppetlabs/firewall', '3.5.0' +mod 'puppetlabs/concat', '7.2.0' +mod 'puppetlabs/augeas_core', '1.2.0' +mod 'puppet/systemd', '3.10.0' +mod 'puppet/selinux', '3.4.1' +mod 'puppet/postfix', '3.0.0' +mod 'puppet/logrotate', '6.1.0' +mod 'puppet/kmod', '3.2.0' +mod 'puppet/firewalld', '4.5.1' +mod 'puppet/alternatives', '4.1.0' +mod 'camptocamp/augeas', '1.9.0' +mod 'puppetlabs/apt', '8.5.0' +mod 'puppetlabs/facts', '1.4.0' +mod 'puppet/augeasproviders_core', '3.2.0' +mod 'puppet/augeasproviders_pam', '3.0.1' +mod 'herculesteam/augeasproviders_sysctl', '2.6.2' +mod 'puppetlabs/service', '2.3.0' +mod 'puppetlabs/package', '2.3.0' diff --git a/README.md b/README.md index 058a6527..0bf9d020 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,8 @@ This Puppet module implements security controls defined in the Center for Intern | RedHat 7 | 3.1.1 | | RedHat 8 | 2.0.0 | | Rocky 8 | 1.0.0 | +| RedHat 9 | 1.0.0 | +| Rocky 9 | 1.0.0 | | SLES 15 | 1.1.1 | | Ubuntu 18.04 | 2.1.0 | | Ubuntu 20.04 | 1.1.0 | @@ -120,7 +122,9 @@ As of enforcement for the Redhat 7 OS, there are 223 CIS rules that are either e ```yaml # hieradata/common.yaml -secure_linux_cis::rules::ensure_mounting_of_squashfs_filesystems_is_disabled::enforced: false +secure_linux_cis::exclude_rules: + - ensure_mounting_of_squashfs_filesystems_is_disabled + - ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client ``` ### Enabling rules with Hiera (Not applicable to 3.0.0 descriptive based 'rules' .pp files) diff --git a/bolt-debug.log b/bolt-debug.log index 1bfd0ea5..fa2aba5f 100644 --- a/bolt-debug.log +++ b/bolt-debug.log @@ -1,225 +1,106 @@ -2022-11-16T21:41:13.415279 INFO [main] [Bolt::Logger] Loaded project from '/Users/bryanbelanger/projects/secure_linux_cis' -2022-11-16T21:41:13.450707 DEBUG [main] [Bolt::Executor] Started with 100 max thread(s) -2022-11-16T21:41:13.868836 DEBUG [main] [Bolt::PAL] Loading modules from /opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/bolt-modules:/Users/bryanbelanger/projects/secure_linux_cis/modules:/Users/bryanbelanger/projects/secure_linux_cis/.modules:/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.26.1/modules -2022-11-16T21:41:13.869147 DEBUG [main] [Bolt::Inventory] Tried to load inventory from /Users/bryanbelanger/projects/secure_linux_cis/inventory.yaml, but the file does not exist -2022-11-16T21:41:14.223472 INFO [main] [Bolt::R10KLogProxy] Using Puppetfile '/Users/bryanbelanger/projects/secure_linux_cis/Puppetfile' -2022-11-16T21:41:14.223600 DEBUG [main] [Bolt::R10KLogProxy] Using moduledir '/Users/bryanbelanger/projects/secure_linux_cis/.modules' -2022-11-16T21:41:14.226955 DEBUG [main] [Bolt::R10KLogProxy] Updating modules with 4 threads -2022-11-16T21:41:14.228611 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/package -2022-11-16T21:41:14.238895 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/service -2022-11-16T21:41:14.239495 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/augeasproviders_sysctl -2022-11-16T21:41:14.239628 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/augeasproviders_pam -2022-11-16T21:41:14.391135 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of herculesteam-augeasproviders_sysctl-2.6.2 tarball -2022-11-16T21:41:14.391207 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/herculesteam-augeasproviders_sysctl-2.6.2/tarball/herculesteam-augeasproviders_sysctl-2.6.2.tar.gz matches checksum -2022-11-16T21:41:14.393710 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/herculesteam-augeasproviders_sysctl-2.6.2/tarball/herculesteam-augeasproviders_sysctl-2.6.2.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/augeasproviders_sysctl (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-wutgj/herculesteam-augeasproviders_sysctl-2.6.2) -2022-11-16T21:41:14.399720 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppetlabs-service-2.3.0 tarball -2022-11-16T21:41:14.399823 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppetlabs-service-2.3.0/tarball/puppetlabs-service-2.3.0.tar.gz matches checksum -2022-11-16T21:41:14.400816 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppetlabs-package-2.3.0 tarball -2022-11-16T21:41:14.400920 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppetlabs-package-2.3.0/tarball/puppetlabs-package-2.3.0.tar.gz matches checksum -2022-11-16T21:41:14.401913 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppetlabs-service-2.3.0/tarball/puppetlabs-service-2.3.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/service (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-19hu4kl/puppetlabs-service-2.3.0) -2022-11-16T21:41:14.402379 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppetlabs-package-2.3.0/tarball/puppetlabs-package-2.3.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/package (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-11d1y5z/puppetlabs-package-2.3.0) -2022-11-16T21:41:14.406322 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppet-augeasproviders_pam-3.0.1 tarball -2022-11-16T21:41:14.406572 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppet-augeasproviders_pam-3.0.1/tarball/puppet-augeasproviders_pam-3.0.1.tar.gz matches checksum -2022-11-16T21:41:14.408144 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppet-augeasproviders_pam-3.0.1/tarball/puppet-augeasproviders_pam-3.0.1.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/augeasproviders_pam (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-1fy01g8/puppet-augeasproviders_pam-3.0.1) -2022-11-16T21:41:14.429029 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppet-augeasproviders_pam-3.0.1", "puppet-augeasproviders_pam-3.0.1/CHANGELOG.md", "puppet-augeasproviders_pam-3.0.1/HISTORY.md", "puppet-augeasproviders_pam-3.0.1/LICENSE", "puppet-augeasproviders_pam-3.0.1/README.md", "puppet-augeasproviders_pam-3.0.1/lib", "puppet-augeasproviders_pam-3.0.1/lib/puppet", "puppet-augeasproviders_pam-3.0.1/lib/puppet/provider", "puppet-augeasproviders_pam-3.0.1/lib/puppet/provider/pam", "puppet-augeasproviders_pam-3.0.1/lib/puppet/provider/pam/augeas.rb", "puppet-augeasproviders_pam-3.0.1/lib/puppet/type", "puppet-augeasproviders_pam-3.0.1/lib/puppet/type/pam.rb", "puppet-augeasproviders_pam-3.0.1/metadata.json"] -2022-11-16T21:41:14.430039 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/augeasproviders_core -2022-11-16T21:41:14.455460 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppetlabs-service-2.3.0", "puppetlabs-service-2.3.0/.github", "puppetlabs-service-2.3.0/.github/workflows", "puppetlabs-service-2.3.0/.github/workflows/auto_release.yml", "puppetlabs-service-2.3.0/.github/workflows/labeller.yml", "puppetlabs-service-2.3.0/.github/workflows/nightly.yml", "puppetlabs-service-2.3.0/.github/workflows/pr_test.yml", "puppetlabs-service-2.3.0/.github/workflows/release.yml", "puppetlabs-service-2.3.0/.github/workflows/spec.yml", "puppetlabs-service-2.3.0/.github/workflows/stale.yml", "puppetlabs-service-2.3.0/.gitpod.Dockerfile", "puppetlabs-service-2.3.0/.gitpod.yml", "puppetlabs-service-2.3.0/.pmtignore", "puppetlabs-service-2.3.0/.rubocop_todo.yml", "puppetlabs-service-2.3.0/CHANGELOG.md", "puppetlabs-service-2.3.0/CODEOWNERS", "puppetlabs-service-2.3.0/CONTRIBUTING.md", "puppetlabs-service-2.3.0/HISTORY.md", "puppetlabs-service-2.3.0/LICENSE", "puppetlabs-service-2.3.0/NOTICE", "puppetlabs-service-2.3.0/README.md", "puppetlabs-service-2.3.0/REFERENCE.md", "puppetlabs-service-2.3.0/data", "puppetlabs-service-2.3.0/data/common.yaml", "puppetlabs-service-2.3.0/files", "puppetlabs-service-2.3.0/files/common.sh", "puppetlabs-service-2.3.0/hiera.yaml", "puppetlabs-service-2.3.0/metadata.json", "puppetlabs-service-2.3.0/pdk.yaml", "puppetlabs-service-2.3.0/provision.yaml", "puppetlabs-service-2.3.0/tasks", "puppetlabs-service-2.3.0/tasks/init.json", "puppetlabs-service-2.3.0/tasks/init.rb", "puppetlabs-service-2.3.0/tasks/linux.json", "puppetlabs-service-2.3.0/tasks/linux.sh", "puppetlabs-service-2.3.0/tasks/windows.json", "puppetlabs-service-2.3.0/tasks/windows.ps1"] -2022-11-16T21:41:14.456071 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/facts -2022-11-16T21:41:14.458735 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppetlabs-package-2.3.0", "puppetlabs-package-2.3.0/.github", "puppetlabs-package-2.3.0/.github/workflows", "puppetlabs-package-2.3.0/.github/workflows/auto_release.yml", "puppetlabs-package-2.3.0/.github/workflows/labeller.yml", "puppetlabs-package-2.3.0/.github/workflows/nightly.yml", "puppetlabs-package-2.3.0/.github/workflows/pr_test.yml", "puppetlabs-package-2.3.0/.github/workflows/release.yml", "puppetlabs-package-2.3.0/.github/workflows/spec.yml", "puppetlabs-package-2.3.0/.github/workflows/stale.yml", "puppetlabs-package-2.3.0/.gitpod.Dockerfile", "puppetlabs-package-2.3.0/.gitpod.yml", "puppetlabs-package-2.3.0/.pmtignore", "puppetlabs-package-2.3.0/.rubocop_todo.yml", "puppetlabs-package-2.3.0/CHANGELOG.md", "puppetlabs-package-2.3.0/CODEOWNERS", "puppetlabs-package-2.3.0/CONTRIBUTING.md", "puppetlabs-package-2.3.0/HISTORY.md", "puppetlabs-package-2.3.0/LICENSE", "puppetlabs-package-2.3.0/NOTICE", "puppetlabs-package-2.3.0/README.md", "puppetlabs-package-2.3.0/REFERENCE.md", "puppetlabs-package-2.3.0/data", "puppetlabs-package-2.3.0/data/common.yaml", "puppetlabs-package-2.3.0/files", "puppetlabs-package-2.3.0/files/apt.sh", "puppetlabs-package-2.3.0/files/common.sh", "puppetlabs-package-2.3.0/files/yum.sh", "puppetlabs-package-2.3.0/files/zypper.sh", "puppetlabs-package-2.3.0/hiera.yaml", "puppetlabs-package-2.3.0/metadata.json", "puppetlabs-package-2.3.0/pdk.yaml", "puppetlabs-package-2.3.0/provision.yaml", "puppetlabs-package-2.3.0/tasks", "puppetlabs-package-2.3.0/tasks/init.json", "puppetlabs-package-2.3.0/tasks/init.rb", "puppetlabs-package-2.3.0/tasks/linux.json", "puppetlabs-package-2.3.0/tasks/linux.sh", "puppetlabs-package-2.3.0/tasks/windows.json", "puppetlabs-package-2.3.0/tasks/windows.ps1"] -2022-11-16T21:41:14.459233 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/apt -2022-11-16T21:41:14.459634 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["herculesteam-augeasproviders_sysctl-2.6.2", "herculesteam-augeasproviders_sysctl-2.6.2/.coveralls.yml", "herculesteam-augeasproviders_sysctl-2.6.2/.fixtures.yml", "herculesteam-augeasproviders_sysctl-2.6.2/.github", "herculesteam-augeasproviders_sysctl-2.6.2/.github/FUNDING.yml", "herculesteam-augeasproviders_sysctl-2.6.2/.gitignore", "herculesteam-augeasproviders_sysctl-2.6.2/.gitmodules", "herculesteam-augeasproviders_sysctl-2.6.2/.sync.yml", "herculesteam-augeasproviders_sysctl-2.6.2/.travis.sh", "herculesteam-augeasproviders_sysctl-2.6.2/.travis.yml", "herculesteam-augeasproviders_sysctl-2.6.2/CHANGELOG.md", "herculesteam-augeasproviders_sysctl-2.6.2/Gemfile", "herculesteam-augeasproviders_sysctl-2.6.2/LICENSE", "herculesteam-augeasproviders_sysctl-2.6.2/README.md", "herculesteam-augeasproviders_sysctl-2.6.2/Rakefile", "herculesteam-augeasproviders_sysctl-2.6.2/lib", "herculesteam-augeasproviders_sysctl-2.6.2/lib/puppet", "herculesteam-augeasproviders_sysctl-2.6.2/lib/puppet/provider", "herculesteam-augeasproviders_sysctl-2.6.2/lib/puppet/provider/sysctl", "herculesteam-augeasproviders_sysctl-2.6.2/lib/puppet/provider/sysctl/augeas.rb", "herculesteam-augeasproviders_sysctl-2.6.2/lib/puppet/type", "herculesteam-augeasproviders_sysctl-2.6.2/lib/puppet/type/sysctl.rb", "herculesteam-augeasproviders_sysctl-2.6.2/metadata.json", "herculesteam-augeasproviders_sysctl-2.6.2/spec", "herculesteam-augeasproviders_sysctl-2.6.2/spec/acceptance", "herculesteam-augeasproviders_sysctl-2.6.2/spec/acceptance/nodesets", "herculesteam-augeasproviders_sysctl-2.6.2/spec/acceptance/nodesets/default.yml", "herculesteam-augeasproviders_sysctl-2.6.2/spec/acceptance/sysctl_spec.rb", "herculesteam-augeasproviders_sysctl-2.6.2/spec/fixtures", "herculesteam-augeasproviders_sysctl-2.6.2/spec/fixtures/unit", "herculesteam-augeasproviders_sysctl-2.6.2/spec/fixtures/unit/puppet", "herculesteam-augeasproviders_sysctl-2.6.2/spec/fixtures/unit/puppet/provider", "herculesteam-augeasproviders_sysctl-2.6.2/spec/fixtures/unit/puppet/provider/sysctl", "herculesteam-augeasproviders_sysctl-2.6.2/spec/fixtures/unit/puppet/provider/sysctl/augeas", "herculesteam-augeasproviders_sysctl-2.6.2/spec/fixtures/unit/puppet/provider/sysctl/augeas/broken", "herculesteam-augeasproviders_sysctl-2.6.2/spec/fixtures/unit/puppet/provider/sysctl/augeas/empty", "herculesteam-augeasproviders_sysctl-2.6.2/spec/fixtures/unit/puppet/provider/sysctl/augeas/full", "herculesteam-augeasproviders_sysctl-2.6.2/spec/fixtures/unit/puppet/provider/sysctl/augeas/small", "herculesteam-augeasproviders_sysctl-2.6.2/spec/spec.opts", "herculesteam-augeasproviders_sysctl-2.6.2/spec/spec_helper.rb", "herculesteam-augeasproviders_sysctl-2.6.2/spec/spec_helper_acceptance.rb", "herculesteam-augeasproviders_sysctl-2.6.2/spec/unit", "herculesteam-augeasproviders_sysctl-2.6.2/spec/unit/puppet", "herculesteam-augeasproviders_sysctl-2.6.2/spec/unit/puppet/provider", "herculesteam-augeasproviders_sysctl-2.6.2/spec/unit/puppet/provider/sysctl", "herculesteam-augeasproviders_sysctl-2.6.2/spec/unit/puppet/provider/sysctl/augeas_spec.rb", "herculesteam-augeasproviders_sysctl-2.6.2/spec/unit/puppet/type", "herculesteam-augeasproviders_sysctl-2.6.2/spec/unit/puppet/type/sysctl_spec.rb"] -2022-11-16T21:41:14.460037 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/augeas -2022-11-16T21:41:14.496236 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppet-augeasproviders_core-3.2.0 tarball -2022-11-16T21:41:14.496298 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppet-augeasproviders_core-3.2.0/tarball/puppet-augeasproviders_core-3.2.0.tar.gz matches checksum -2022-11-16T21:41:14.497226 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppet-augeasproviders_core-3.2.0/tarball/puppet-augeasproviders_core-3.2.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/augeasproviders_core (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-1airu4w/puppet-augeasproviders_core-3.2.0) -2022-11-16T21:41:14.509999 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppet-augeasproviders_core-3.2.0", "puppet-augeasproviders_core-3.2.0/CHANGELOG.md", "puppet-augeasproviders_core-3.2.0/HISTORY.md", "puppet-augeasproviders_core-3.2.0/LICENSE", "puppet-augeasproviders_core-3.2.0/README.md", "puppet-augeasproviders_core-3.2.0/lib", "puppet-augeasproviders_core-3.2.0/lib/puppet", "puppet-augeasproviders_core-3.2.0/lib/puppet/feature", "puppet-augeasproviders_core-3.2.0/lib/puppet/feature/augeas.rb", "puppet-augeasproviders_core-3.2.0/lib/puppet/provider", "puppet-augeasproviders_core-3.2.0/lib/puppet/provider/augeasprovider", "puppet-augeasproviders_core-3.2.0/lib/puppet/provider/augeasprovider/default.rb", "puppet-augeasproviders_core-3.2.0/lib/puppet/type", "puppet-augeasproviders_core-3.2.0/lib/puppet/type/augeasprovider.rb", "puppet-augeasproviders_core-3.2.0/metadata.json"] -2022-11-16T21:41:14.511415 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/alternatives -2022-11-16T21:41:14.545053 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppetlabs-facts-1.4.0 tarball -2022-11-16T21:41:14.545101 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppetlabs-facts-1.4.0/tarball/puppetlabs-facts-1.4.0.tar.gz matches checksum -2022-11-16T21:41:14.546128 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppetlabs-facts-1.4.0/tarball/puppetlabs-facts-1.4.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/facts (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-1o09i2z/puppetlabs-facts-1.4.0) -2022-11-16T21:41:14.550688 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of camptocamp-augeas-1.9.0 tarball -2022-11-16T21:41:14.550966 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/camptocamp-augeas-1.9.0/tarball/camptocamp-augeas-1.9.0.tar.gz matches checksum -2022-11-16T21:41:14.553183 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/camptocamp-augeas-1.9.0/tarball/camptocamp-augeas-1.9.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/augeas (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-138si7i/camptocamp-augeas-1.9.0) -2022-11-16T21:41:14.556011 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppetlabs-apt-8.5.0 tarball -2022-11-16T21:41:14.556320 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppetlabs-apt-8.5.0/tarball/puppetlabs-apt-8.5.0.tar.gz matches checksum -2022-11-16T21:41:14.559374 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppetlabs-apt-8.5.0/tarball/puppetlabs-apt-8.5.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/apt (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-lc5n9f/puppetlabs-apt-8.5.0) -2022-11-16T21:41:14.587788 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppet-alternatives-4.1.0 tarball -2022-11-16T21:41:14.587910 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppet-alternatives-4.1.0/tarball/puppet-alternatives-4.1.0.tar.gz matches checksum -2022-11-16T21:41:14.589116 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppet-alternatives-4.1.0/tarball/puppet-alternatives-4.1.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/alternatives (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-1eaczy/puppet-alternatives-4.1.0) -2022-11-16T21:41:14.615883 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppet-alternatives-4.1.0", "puppet-alternatives-4.1.0/CHANGELOG.md", "puppet-alternatives-4.1.0/HISTORY.md", "puppet-alternatives-4.1.0/LICENSE", "puppet-alternatives-4.1.0/README.md", "puppet-alternatives-4.1.0/lib", "puppet-alternatives-4.1.0/lib/puppet", "puppet-alternatives-4.1.0/lib/puppet/provider", "puppet-alternatives-4.1.0/lib/puppet/provider/alternative_entry", "puppet-alternatives-4.1.0/lib/puppet/provider/alternative_entry/chkconfig.rb", "puppet-alternatives-4.1.0/lib/puppet/provider/alternative_entry/dpkg.rb", "puppet-alternatives-4.1.0/lib/puppet/provider/alternatives", "puppet-alternatives-4.1.0/lib/puppet/provider/alternatives/chkconfig.rb", "puppet-alternatives-4.1.0/lib/puppet/provider/alternatives/dpkg.rb", "puppet-alternatives-4.1.0/lib/puppet/type", "puppet-alternatives-4.1.0/lib/puppet/type/alternative_entry.rb", "puppet-alternatives-4.1.0/lib/puppet/type/alternatives.rb", "puppet-alternatives-4.1.0/metadata.json"] -2022-11-16T21:41:14.616800 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/firewalld -2022-11-16T21:41:14.650728 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppetlabs-facts-1.4.0", "puppetlabs-facts-1.4.0/.fixtures.yml", "puppetlabs-facts-1.4.0/.gitattributes", "puppetlabs-facts-1.4.0/.gitignore", "puppetlabs-facts-1.4.0/.pdkignore", "puppetlabs-facts-1.4.0/.pmtignore", "puppetlabs-facts-1.4.0/.rspec", "puppetlabs-facts-1.4.0/.rubocop.yml", "puppetlabs-facts-1.4.0/.rubocop_todo.yml", "puppetlabs-facts-1.4.0/.sync.yml", "puppetlabs-facts-1.4.0/.travis.yml", "puppetlabs-facts-1.4.0/CHANGELOG.md", "puppetlabs-facts-1.4.0/CODEOWNERS", "puppetlabs-facts-1.4.0/CODE_OF_CONDUCT.md", "puppetlabs-facts-1.4.0/CONTRIBUTING.md", "puppetlabs-facts-1.4.0/Gemfile", "puppetlabs-facts-1.4.0/LICENSE", "puppetlabs-facts-1.4.0/README.md", "puppetlabs-facts-1.4.0/Rakefile", "puppetlabs-facts-1.4.0/lib", "puppetlabs-facts-1.4.0/lib/puppet", "puppetlabs-facts-1.4.0/lib/puppet/functions", "puppetlabs-facts-1.4.0/lib/puppet/functions/facts", "puppetlabs-facts-1.4.0/lib/puppet/functions/facts/group_by.rb", "puppetlabs-facts-1.4.0/metadata.json", "puppetlabs-facts-1.4.0/plans", "puppetlabs-facts-1.4.0/plans/external.pp", "puppetlabs-facts-1.4.0/plans/info.pp", "puppetlabs-facts-1.4.0/plans/init.pp", "puppetlabs-facts-1.4.0/spec", "puppetlabs-facts-1.4.0/spec/acceptance", "puppetlabs-facts-1.4.0/spec/acceptance/init_spec.rb", "puppetlabs-facts-1.4.0/spec/acceptance/linux_spec.rb", "puppetlabs-facts-1.4.0/spec/acceptance/nodesets", "puppetlabs-facts-1.4.0/spec/acceptance/nodesets/centos-7-x64.yml", "puppetlabs-facts-1.4.0/spec/acceptance/nodesets/centos7-pooler.yml", "puppetlabs-facts-1.4.0/spec/acceptance/nodesets/debian-8-x64.yml", "puppetlabs-facts-1.4.0/spec/acceptance/nodesets/default.yml", "puppetlabs-facts-1.4.0/spec/acceptance/nodesets/docker", "puppetlabs-facts-1.4.0/spec/acceptance/nodesets/docker/centos-7.yml", "puppetlabs-facts-1.4.0/spec/acceptance/nodesets/docker/debian-8.yml", "puppetlabs-facts-1.4.0/spec/acceptance/nodesets/docker/ubuntu-14.04.yml", "puppetlabs-facts-1.4.0/spec/acceptance/nodesets/windows32-pooler.yml", "puppetlabs-facts-1.4.0/spec/acceptance/windows_spec.rb", "puppetlabs-facts-1.4.0/spec/default_facts.yml", "puppetlabs-facts-1.4.0/spec/fixtures", "puppetlabs-facts-1.4.0/spec/fixtures/configs", "puppetlabs-facts-1.4.0/spec/fixtures/configs/empty.yml", "puppetlabs-facts-1.4.0/spec/fixtures/configs/invalid.yml", "puppetlabs-facts-1.4.0/spec/fixtures/configs/puppetdb.yml", "puppetlabs-facts-1.4.0/spec/fixtures/inventory", "puppetlabs-facts-1.4.0/spec/fixtures/inventory/empty.yml", "puppetlabs-facts-1.4.0/spec/fixtures/inventory/invalid.yml", "puppetlabs-facts-1.4.0/spec/fixtures/keys", "puppetlabs-facts-1.4.0/spec/fixtures/keys/id_rsa", "puppetlabs-facts-1.4.0/spec/fixtures/keys/id_rsa.pub", "puppetlabs-facts-1.4.0/spec/fixtures/scripts", "puppetlabs-facts-1.4.0/spec/fixtures/scripts/success.sh", "puppetlabs-facts-1.4.0/spec/functions", "puppetlabs-facts-1.4.0/spec/functions/group_by_spec.rb", "puppetlabs-facts-1.4.0/spec/plans", "puppetlabs-facts-1.4.0/spec/plans/info_spec.rb", "puppetlabs-facts-1.4.0/spec/plans/init_spec.rb", "puppetlabs-facts-1.4.0/spec/spec_helper.rb", "puppetlabs-facts-1.4.0/spec/spec_helper_acceptance.rb", "puppetlabs-facts-1.4.0/tasks", "puppetlabs-facts-1.4.0/tasks/bash.json", "puppetlabs-facts-1.4.0/tasks/bash.sh", "puppetlabs-facts-1.4.0/tasks/init.json", "puppetlabs-facts-1.4.0/tasks/powershell.json", "puppetlabs-facts-1.4.0/tasks/powershell.ps1", "puppetlabs-facts-1.4.0/tasks/ruby.json", "puppetlabs-facts-1.4.0/tasks/ruby.rb"] -2022-11-16T21:41:14.651600 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/kmod -2022-11-16T21:41:14.654308 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["camptocamp-augeas-1.9.0/", "camptocamp-augeas-1.9.0/checksums.json", "camptocamp-augeas-1.9.0/README.md", "camptocamp-augeas-1.9.0/lib/", "camptocamp-augeas-1.9.0/lib/puppet/", "camptocamp-augeas-1.9.0/lib/puppet/functions/", "camptocamp-augeas-1.9.0/lib/puppet/functions/augeas.rb", "camptocamp-augeas-1.9.0/Gemfile", "camptocamp-augeas-1.9.0/data/", "camptocamp-augeas-1.9.0/data/common.yaml", "camptocamp-augeas-1.9.0/Rakefile", "camptocamp-augeas-1.9.0/hiera.yaml", "camptocamp-augeas-1.9.0/spec/", "camptocamp-augeas-1.9.0/spec/functions/", "camptocamp-augeas-1.9.0/spec/functions/augeas_spec.rb", "camptocamp-augeas-1.9.0/spec/spec_helper.rb", "camptocamp-augeas-1.9.0/spec/classes/", "camptocamp-augeas-1.9.0/spec/classes/augeas_spec.rb", "camptocamp-augeas-1.9.0/spec/defines/", "camptocamp-augeas-1.9.0/spec/defines/augeas_lens_spec.rb", "camptocamp-augeas-1.9.0/spec/acceptance/", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/ubuntu-12.04-x86_64-docker.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/debian-7-x86_64-vagrant.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/ubuntu-16.04.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/debian-6.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/centos-7-x86_64-docker.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/debian-6-x86_64-docker.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/ubuntu-14.04-x86_64-openstack.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/ubuntu-15.04.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/centos-7-x86_64-vagrant.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/debian-8-x86_64-vagrant.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/debian-7.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/ubuntu-14.10.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/ubuntu-15.04-x86_64-openstack.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/centos-6-x86_64-vagrant.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/centos-5.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/ubuntu-14.10-x86_64-openstack.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/debian-7-x86_64-docker.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/ubuntu-14.10-x86_64-docker.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/ubuntu-14.04-x86_64-docker.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/centos-7.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/ubuntu-15.10.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/ubuntu-15.04-x86_64-docker.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/ubuntu-12.04.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/ubuntu-14.04-x86_64-vagrant.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/debian-8-x86_64-docker.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/ubuntu-10.04-x86_64-docker.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/centos-6-x86_64-openstack.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/centos-5-x86_64-docker.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/debian-8.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/debian-6-x86_64-vagrant.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/debian-7-x86_64-openstack.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/debian-6-x86_64-openstack.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/centos-6.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/centos-7-x86_64-openstack.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/ubuntu-14.04.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/debian-8-x86_64-openstack.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/centos-6-x86_64-docker.yml", "camptocamp-augeas-1.9.0/spec/acceptance/nodesets/ubuntu-12.04-x86_64-openstack.yml", "camptocamp-augeas-1.9.0/spec/spec_helper_local.rb", "camptocamp-augeas-1.9.0/spec/default_facts.yml", "camptocamp-augeas-1.9.0/LICENSE", "camptocamp-augeas-1.9.0/appveyor.yml", "camptocamp-augeas-1.9.0/metadata.json", "camptocamp-augeas-1.9.0/manifests/", "camptocamp-augeas-1.9.0/manifests/packages.pp", "camptocamp-augeas-1.9.0/manifests/init.pp", "camptocamp-augeas-1.9.0/manifests/params.pp", "camptocamp-augeas-1.9.0/manifests/lens.pp", "camptocamp-augeas-1.9.0/manifests/files.pp", "camptocamp-augeas-1.9.0/CHANGELOG.md"] -2022-11-16T21:41:14.654958 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/logrotate -2022-11-16T21:41:14.665345 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppetlabs-apt-8.5.0", "puppetlabs-apt-8.5.0/.github", "puppetlabs-apt-8.5.0/.github/workflows", "puppetlabs-apt-8.5.0/.github/workflows/auto_release.yml", "puppetlabs-apt-8.5.0/.github/workflows/labeller.yml", "puppetlabs-apt-8.5.0/.github/workflows/nightly.yml", "puppetlabs-apt-8.5.0/.github/workflows/pr_test.yml", "puppetlabs-apt-8.5.0/.github/workflows/release.yml", "puppetlabs-apt-8.5.0/.github/workflows/spec.yml", "puppetlabs-apt-8.5.0/.github/workflows/stale.yml", "puppetlabs-apt-8.5.0/.gitpod.Dockerfile", "puppetlabs-apt-8.5.0/.gitpod.yml", "puppetlabs-apt-8.5.0/.rubocop_todo.yml", "puppetlabs-apt-8.5.0/CHANGELOG.md", "puppetlabs-apt-8.5.0/CODEOWNERS", "puppetlabs-apt-8.5.0/CONTRIBUTING.md", "puppetlabs-apt-8.5.0/HISTORY.md", "puppetlabs-apt-8.5.0/LICENSE", "puppetlabs-apt-8.5.0/MAINTAINERS.md", "puppetlabs-apt-8.5.0/NOTICE", "puppetlabs-apt-8.5.0/README.md", "puppetlabs-apt-8.5.0/REFERENCE.md", "puppetlabs-apt-8.5.0/data", "puppetlabs-apt-8.5.0/data/common.yaml", "puppetlabs-apt-8.5.0/examples", "puppetlabs-apt-8.5.0/examples/backports.pp", "puppetlabs-apt-8.5.0/examples/builddep.pp", "puppetlabs-apt-8.5.0/examples/debian_testing.pp", "puppetlabs-apt-8.5.0/examples/debian_unstable.pp", "puppetlabs-apt-8.5.0/examples/disable_keys.pp", "puppetlabs-apt-8.5.0/examples/fancy_progress.pp", "puppetlabs-apt-8.5.0/examples/force.pp", "puppetlabs-apt-8.5.0/examples/hold.pp", "puppetlabs-apt-8.5.0/examples/key.pp", "puppetlabs-apt-8.5.0/examples/pin.pp", "puppetlabs-apt-8.5.0/examples/ppa.pp", "puppetlabs-apt-8.5.0/examples/release.pp", "puppetlabs-apt-8.5.0/examples/source.pp", "puppetlabs-apt-8.5.0/examples/unattended_upgrades.pp", "puppetlabs-apt-8.5.0/hiera.yaml", "puppetlabs-apt-8.5.0/lib", "puppetlabs-apt-8.5.0/lib/facter", "puppetlabs-apt-8.5.0/lib/facter/apt_reboot_required.rb", "puppetlabs-apt-8.5.0/lib/facter/apt_update_last_success.rb", "puppetlabs-apt-8.5.0/lib/facter/apt_updates.rb", "puppetlabs-apt-8.5.0/lib/puppet", "puppetlabs-apt-8.5.0/lib/puppet/provider", "puppetlabs-apt-8.5.0/lib/puppet/provider/apt_key", "puppetlabs-apt-8.5.0/lib/puppet/provider/apt_key/apt_key.rb", "puppetlabs-apt-8.5.0/lib/puppet/type", "puppetlabs-apt-8.5.0/lib/puppet/type/apt_key.rb", "puppetlabs-apt-8.5.0/manifests", "puppetlabs-apt-8.5.0/manifests/backports.pp", "puppetlabs-apt-8.5.0/manifests/conf.pp", "puppetlabs-apt-8.5.0/manifests/init.pp", "puppetlabs-apt-8.5.0/manifests/key.pp", "puppetlabs-apt-8.5.0/manifests/mark.pp", "puppetlabs-apt-8.5.0/manifests/params.pp", "puppetlabs-apt-8.5.0/manifests/pin.pp", "puppetlabs-apt-8.5.0/manifests/ppa.pp", "puppetlabs-apt-8.5.0/manifests/setting.pp", "puppetlabs-apt-8.5.0/manifests/source.pp", "puppetlabs-apt-8.5.0/manifests/update.pp", "puppetlabs-apt-8.5.0/metadata.json", "puppetlabs-apt-8.5.0/pdk.yaml", "puppetlabs-apt-8.5.0/provision.yaml", "puppetlabs-apt-8.5.0/readmes", "puppetlabs-apt-8.5.0/readmes/README_ja_JP.md", "puppetlabs-apt-8.5.0/tasks", "puppetlabs-apt-8.5.0/tasks/init.json", "puppetlabs-apt-8.5.0/tasks/init.rb", "puppetlabs-apt-8.5.0/templates", "puppetlabs-apt-8.5.0/templates/15update-stamp.epp", "puppetlabs-apt-8.5.0/templates/_conf_header.epp", "puppetlabs-apt-8.5.0/templates/_header.epp", "puppetlabs-apt-8.5.0/templates/auth_conf.epp", "puppetlabs-apt-8.5.0/templates/pin.pref.epp", "puppetlabs-apt-8.5.0/templates/proxy.epp", "puppetlabs-apt-8.5.0/templates/source.list.epp", "puppetlabs-apt-8.5.0/types", "puppetlabs-apt-8.5.0/types/auth_conf_entry.pp", "puppetlabs-apt-8.5.0/types/proxy.pp", "puppetlabs-apt-8.5.0/types/proxy_per_host.pp"] -2022-11-16T21:41:14.665717 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/postfix -2022-11-16T21:41:14.686313 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppet-firewalld-4.5.1 tarball -2022-11-16T21:41:14.686376 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppet-firewalld-4.5.1/tarball/puppet-firewalld-4.5.1.tar.gz matches checksum -2022-11-16T21:41:14.687360 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppet-firewalld-4.5.1/tarball/puppet-firewalld-4.5.1.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/firewalld (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-1j3y90/puppet-firewalld-4.5.1) -2022-11-16T21:41:14.725379 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppet-kmod-3.2.0 tarball -2022-11-16T21:41:14.725423 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppet-kmod-3.2.0/tarball/puppet-kmod-3.2.0.tar.gz matches checksum -2022-11-16T21:41:14.726458 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppet-kmod-3.2.0/tarball/puppet-kmod-3.2.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/kmod (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-10biq2w/puppet-kmod-3.2.0) -2022-11-16T21:41:14.729220 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppet-logrotate-6.1.0 tarball -2022-11-16T21:41:14.729269 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppet-logrotate-6.1.0/tarball/puppet-logrotate-6.1.0.tar.gz matches checksum -2022-11-16T21:41:14.730213 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppet-logrotate-6.1.0/tarball/puppet-logrotate-6.1.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/logrotate (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-1nxk6ng/puppet-logrotate-6.1.0) -2022-11-16T21:41:14.738043 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppet-postfix-3.0.0 tarball -2022-11-16T21:41:14.738156 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppet-postfix-3.0.0/tarball/puppet-postfix-3.0.0.tar.gz matches checksum -2022-11-16T21:41:14.739309 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppet-postfix-3.0.0/tarball/puppet-postfix-3.0.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/postfix (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-12rigxb/puppet-postfix-3.0.0) -2022-11-16T21:41:14.761339 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppet-kmod-3.2.0", "puppet-kmod-3.2.0/CHANGELOG.md", "puppet-kmod-3.2.0/HISTORY.md", "puppet-kmod-3.2.0/LICENSE", "puppet-kmod-3.2.0/README.md", "puppet-kmod-3.2.0/REFERENCE.md", "puppet-kmod-3.2.0/hiera.yaml", "puppet-kmod-3.2.0/lib", "puppet-kmod-3.2.0/lib/facter", "puppet-kmod-3.2.0/lib/facter/kmod.rb", "puppet-kmod-3.2.0/manifests", "puppet-kmod-3.2.0/manifests/alias.pp", "puppet-kmod-3.2.0/manifests/blacklist.pp", "puppet-kmod-3.2.0/manifests/init.pp", "puppet-kmod-3.2.0/manifests/install.pp", "puppet-kmod-3.2.0/manifests/load.pp", "puppet-kmod-3.2.0/manifests/option.pp", "puppet-kmod-3.2.0/manifests/setting.pp", "puppet-kmod-3.2.0/metadata.json", "puppet-kmod-3.2.0/templates", "puppet-kmod-3.2.0/templates/redhat.modprobe.erb"] -2022-11-16T21:41:14.762140 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/selinux -2022-11-16T21:41:14.777113 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppet-logrotate-6.1.0", "puppet-logrotate-6.1.0/CHANGELOG.md", "puppet-logrotate-6.1.0/CONTRIBUTORS", "puppet-logrotate-6.1.0/HISTORY.md", "puppet-logrotate-6.1.0/LICENSE", "puppet-logrotate-6.1.0/README.md", "puppet-logrotate-6.1.0/REFERENCE.md", "puppet-logrotate-6.1.0/files", "puppet-logrotate-6.1.0/files/.gitkeep", "puppet-logrotate-6.1.0/manifests", "puppet-logrotate-6.1.0/manifests/conf.pp", "puppet-logrotate-6.1.0/manifests/config.pp", "puppet-logrotate-6.1.0/manifests/cron.pp", "puppet-logrotate-6.1.0/manifests/defaults.pp", "puppet-logrotate-6.1.0/manifests/hourly.pp", "puppet-logrotate-6.1.0/manifests/init.pp", "puppet-logrotate-6.1.0/manifests/install.pp", "puppet-logrotate-6.1.0/manifests/params.pp", "puppet-logrotate-6.1.0/manifests/rule.pp", "puppet-logrotate-6.1.0/manifests/rules.pp", "puppet-logrotate-6.1.0/metadata.json", "puppet-logrotate-6.1.0/templates", "puppet-logrotate-6.1.0/templates/etc", "puppet-logrotate-6.1.0/templates/etc/cron", "puppet-logrotate-6.1.0/templates/etc/cron/logrotate.erb", "puppet-logrotate-6.1.0/templates/etc/logrotate.conf.erb", "puppet-logrotate-6.1.0/templates/etc/logrotate.d", "puppet-logrotate-6.1.0/templates/etc/logrotate.d/rule.erb", "puppet-logrotate-6.1.0/types", "puppet-logrotate-6.1.0/types/commands.pp", "puppet-logrotate-6.1.0/types/every.pp", "puppet-logrotate-6.1.0/types/path.pp", "puppet-logrotate-6.1.0/types/size.pp"] -2022-11-16T21:41:14.777700 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/systemd -2022-11-16T21:41:14.784893 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppet-firewalld-4.5.1", "puppet-firewalld-4.5.1/CHANGELOG.md", "puppet-firewalld-4.5.1/Gemfile", "puppet-firewalld-4.5.1/HISTORY.md", "puppet-firewalld-4.5.1/LICENSE", "puppet-firewalld-4.5.1/README.md", "puppet-firewalld-4.5.1/REFERENCE.md", "puppet-firewalld-4.5.1/Rakefile", "puppet-firewalld-4.5.1/Vagrantfile", "puppet-firewalld-4.5.1/examples", "puppet-firewalld-4.5.1/examples/test.pp", "puppet-firewalld-4.5.1/functions", "puppet-firewalld-4.5.1/functions/safe_filename.pp", "puppet-firewalld-4.5.1/lib", "puppet-firewalld-4.5.1/lib/facter", "puppet-firewalld-4.5.1/lib/facter/firewalld_version.rb", "puppet-firewalld-4.5.1/lib/puppet", "puppet-firewalld-4.5.1/lib/puppet/provider", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld.rb", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_custom_service", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_custom_service/firewall_cmd.rb", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_direct_chain", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_direct_chain/firewall_cmd.rb", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_direct_passthrough", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_direct_passthrough/firewall_cmd.rb", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_direct_purge", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_direct_purge/firewall_cmd.rb", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_direct_rule", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_direct_rule/firewall_cmd.rb", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_ipset", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_ipset/firewall_cmd.rb", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_port", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_port/firewall_cmd.rb", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_rich_rule", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_rich_rule/firewall_cmd.rb", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_service", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_service/firewall_cmd.rb", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_zone", "puppet-firewalld-4.5.1/lib/puppet/provider/firewalld_zone/firewall_cmd.rb", "puppet-firewalld-4.5.1/lib/puppet/type", "puppet-firewalld-4.5.1/lib/puppet/type/firewalld_custom_service.rb", "puppet-firewalld-4.5.1/lib/puppet/type/firewalld_direct_chain.rb", "puppet-firewalld-4.5.1/lib/puppet/type/firewalld_direct_passthrough.rb", "puppet-firewalld-4.5.1/lib/puppet/type/firewalld_direct_purge.rb", "puppet-firewalld-4.5.1/lib/puppet/type/firewalld_direct_rule.rb", "puppet-firewalld-4.5.1/lib/puppet/type/firewalld_ipset.rb", "puppet-firewalld-4.5.1/lib/puppet/type/firewalld_port.rb", "puppet-firewalld-4.5.1/lib/puppet/type/firewalld_rich_rule.rb", "puppet-firewalld-4.5.1/lib/puppet/type/firewalld_service.rb", "puppet-firewalld-4.5.1/lib/puppet/type/firewalld_zone.rb", "puppet-firewalld-4.5.1/manifests", "puppet-firewalld-4.5.1/manifests/custom_service.pp", "puppet-firewalld-4.5.1/manifests/init.pp", "puppet-firewalld-4.5.1/manifests/reload", "puppet-firewalld-4.5.1/manifests/reload/complete.pp", "puppet-firewalld-4.5.1/manifests/reload.pp", "puppet-firewalld-4.5.1/metadata.json", "puppet-firewalld-4.5.1/rakelib", "puppet-firewalld-4.5.1/rakelib/simp.rake", "puppet-firewalld-4.5.1/spec", "puppet-firewalld-4.5.1/spec/acceptance", "puppet-firewalld-4.5.1/spec/acceptance/nodesets", "puppet-firewalld-4.5.1/spec/acceptance/nodesets/default.yml", "puppet-firewalld-4.5.1/spec/acceptance/suites", "puppet-firewalld-4.5.1/spec/acceptance/suites/default", "puppet-firewalld-4.5.1/spec/acceptance/suites/default/00_default_spec.rb", "puppet-firewalld-4.5.1/spec/classes", "puppet-firewalld-4.5.1/spec/classes/init_spec.rb", "puppet-firewalld-4.5.1/spec/classes/reload", "puppet-firewalld-4.5.1/spec/classes/reload/complete_spec.rb", "puppet-firewalld-4.5.1/spec/classes/reload_spec.rb", "puppet-firewalld-4.5.1/spec/defines", "puppet-firewalld-4.5.1/spec/defines/custom_service_spec.rb", "puppet-firewalld-4.5.1/spec/fixtures", "puppet-firewalld-4.5.1/spec/fixtures/hiera", "puppet-firewalld-4.5.1/spec/fixtures/hiera/hiera.yaml", "puppet-firewalld-4.5.1/spec/fixtures/hieradata", "puppet-firewalld-4.5.1/spec/fixtures/hieradata/common.yaml", "puppet-firewalld-4.5.1/spec/functions", "puppet-firewalld-4.5.1/spec/functions/safe_filename_spec.rb", "puppet-firewalld-4.5.1/spec/spec_helper.rb", "puppet-firewalld-4.5.1/spec/spec_helper_acceptance.rb", "puppet-firewalld-4.5.1/spec/unit", "puppet-firewalld-4.5.1/spec/unit/facter", "puppet-firewalld-4.5.1/spec/unit/facter/firewalld_version_spec.rb", "puppet-firewalld-4.5.1/spec/unit/puppet", "puppet-firewalld-4.5.1/spec/unit/puppet/provider", "puppet-firewalld-4.5.1/spec/unit/puppet/provider/firewalld_custom_service_spec.rb", "puppet-firewalld-4.5.1/spec/unit/puppet/provider/firewalld_ipset_spec.rb", "puppet-firewalld-4.5.1/spec/unit/puppet/provider/firewalld_rich_rule_spec.rb", "puppet-firewalld-4.5.1/spec/unit/puppet/provider/firewalld_zone_spec.rb", "puppet-firewalld-4.5.1/spec/unit/puppet/type", "puppet-firewalld-4.5.1/spec/unit/puppet/type/firewalld_custom_service_spec.rb", "puppet-firewalld-4.5.1/spec/unit/puppet/type/firewalld_direct_chain_spec.rb", "puppet-firewalld-4.5.1/spec/unit/puppet/type/firewalld_direct_passthrough_spec.rb", "puppet-firewalld-4.5.1/spec/unit/puppet/type/firewalld_direct_rule_spec.rb", "puppet-firewalld-4.5.1/spec/unit/puppet/type/firewalld_ipset_spec.rb", "puppet-firewalld-4.5.1/spec/unit/puppet/type/firewalld_port_spec.rb", "puppet-firewalld-4.5.1/spec/unit/puppet/type/firewalld_rich_rule_spec.rb", "puppet-firewalld-4.5.1/spec/unit/puppet/type/firewalld_service_spec.rb", "puppet-firewalld-4.5.1/spec/unit/puppet/type/firewalld_zone_spec.rb"] -2022-11-16T21:41:14.785353 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/augeas_core -2022-11-16T21:41:14.807844 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppet-postfix-3.0.0", "puppet-postfix-3.0.0/CHANGELOG.md", "puppet-postfix-3.0.0/HISTORY.md", "puppet-postfix-3.0.0/LICENSE", "puppet-postfix-3.0.0/README.md", "puppet-postfix-3.0.0/data", "puppet-postfix-3.0.0/data/common.yaml", "puppet-postfix-3.0.0/data/os", "puppet-postfix-3.0.0/data/os/Alpine.yaml", "puppet-postfix-3.0.0/data/os/FreeBSD.yaml", "puppet-postfix-3.0.0/data/os/Solaris.yaml", "puppet-postfix-3.0.0/data/osfamily", "puppet-postfix-3.0.0/data/osfamily/Debian", "puppet-postfix-3.0.0/data/osfamily/Debian/etch.yaml", "puppet-postfix-3.0.0/data/osfamily/Debian/lenny.yaml", "puppet-postfix-3.0.0/data/osfamily/Debian/sarge.yaml", "puppet-postfix-3.0.0/data/osfamily/Debian.yaml", "puppet-postfix-3.0.0/data/osfamily/RedHat", "puppet-postfix-3.0.0/data/osfamily/RedHat/4.yaml", "puppet-postfix-3.0.0/data/osfamily/RedHat/5.yaml", "puppet-postfix-3.0.0/data/osfamily/RedHat/6.yaml", "puppet-postfix-3.0.0/data/osfamily/RedHat/9.yaml", "puppet-postfix-3.0.0/data/osfamily/RedHat.yaml", "puppet-postfix-3.0.0/data/osfamily/Suse", "puppet-postfix-3.0.0/data/osfamily/Suse/11.yaml", "puppet-postfix-3.0.0/data/osfamily/Suse.yaml", "puppet-postfix-3.0.0/examples", "puppet-postfix-3.0.0/examples/init.pp", "puppet-postfix-3.0.0/files", "puppet-postfix-3.0.0/files/lenses", "puppet-postfix-3.0.0/files/lenses/postfix_canonical.aug", "puppet-postfix-3.0.0/files/lenses/postfix_transport.aug", "puppet-postfix-3.0.0/files/lenses/postfix_virtual.aug", "puppet-postfix-3.0.0/files/lenses/test_postfix_canonical.aug", "puppet-postfix-3.0.0/files/lenses/test_postfix_transport.aug", "puppet-postfix-3.0.0/files/lenses/test_postfix_virtual.aug", "puppet-postfix-3.0.0/files/main.cf", "puppet-postfix-3.0.0/hiera.yaml", "puppet-postfix-3.0.0/manifests", "puppet-postfix-3.0.0/manifests/augeas.pp", "puppet-postfix-3.0.0/manifests/canonical.pp", "puppet-postfix-3.0.0/manifests/conffile.pp", "puppet-postfix-3.0.0/manifests/config.pp", "puppet-postfix-3.0.0/manifests/files.pp", "puppet-postfix-3.0.0/manifests/hash.pp", "puppet-postfix-3.0.0/manifests/init.pp", "puppet-postfix-3.0.0/manifests/ldap.pp", "puppet-postfix-3.0.0/manifests/mailalias.pp", "puppet-postfix-3.0.0/manifests/mailman.pp", "puppet-postfix-3.0.0/manifests/map.pp", "puppet-postfix-3.0.0/manifests/mta.pp", "puppet-postfix-3.0.0/manifests/packages.pp", "puppet-postfix-3.0.0/manifests/params.pp", "puppet-postfix-3.0.0/manifests/satellite.pp", "puppet-postfix-3.0.0/manifests/service.pp", "puppet-postfix-3.0.0/manifests/transport.pp", "puppet-postfix-3.0.0/manifests/virtual.pp", "puppet-postfix-3.0.0/metadata.json", "puppet-postfix-3.0.0/templates", "puppet-postfix-3.0.0/templates/conffile.erb", "puppet-postfix-3.0.0/templates/master.cf.FreeBSD.erb", "puppet-postfix-3.0.0/templates/master.cf.SLES11.2.erb", "puppet-postfix-3.0.0/templates/master.cf.SLES11.3.erb", "puppet-postfix-3.0.0/templates/master.cf.SLES11.4.erb", "puppet-postfix-3.0.0/templates/master.cf.SLES12.2.erb", "puppet-postfix-3.0.0/templates/master.cf.SLES12.3.erb", "puppet-postfix-3.0.0/templates/master.cf.Solaris.erb", "puppet-postfix-3.0.0/templates/master.cf.common.erb", "puppet-postfix-3.0.0/templates/master.cf.debian.erb", "puppet-postfix-3.0.0/templates/master.cf.redhat.erb", "puppet-postfix-3.0.0/templates/master.cf.sles.erb", "puppet-postfix-3.0.0/templates/postfix-ldap-aliases.cf.erb"] -2022-11-16T21:41:14.808199 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/concat -2022-11-16T21:41:14.838613 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppet-selinux-3.4.1 tarball -2022-11-16T21:41:14.838661 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppet-selinux-3.4.1/tarball/puppet-selinux-3.4.1.tar.gz matches checksum -2022-11-16T21:41:14.839558 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppet-selinux-3.4.1/tarball/puppet-selinux-3.4.1.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/selinux (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-v3jerb/puppet-selinux-3.4.1) -2022-11-16T21:41:14.859492 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppet-systemd-3.10.0 tarball -2022-11-16T21:41:14.859954 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppet-systemd-3.10.0/tarball/puppet-systemd-3.10.0.tar.gz matches checksum -2022-11-16T21:41:14.863245 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppet-systemd-3.10.0/tarball/puppet-systemd-3.10.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/systemd (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-svhg40/puppet-systemd-3.10.0) -2022-11-16T21:41:14.863776 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppetlabs-augeas_core-1.2.0 tarball -2022-11-16T21:41:14.863932 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppetlabs-augeas_core-1.2.0/tarball/puppetlabs-augeas_core-1.2.0.tar.gz matches checksum -2022-11-16T21:41:14.865096 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppetlabs-augeas_core-1.2.0/tarball/puppetlabs-augeas_core-1.2.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/augeas_core (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-1ybeilh/puppetlabs-augeas_core-1.2.0) -2022-11-16T21:41:14.894911 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppetlabs-concat-7.2.0 tarball -2022-11-16T21:41:14.894985 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppetlabs-concat-7.2.0/tarball/puppetlabs-concat-7.2.0.tar.gz matches checksum -2022-11-16T21:41:14.896065 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppetlabs-concat-7.2.0/tarball/puppetlabs-concat-7.2.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/concat (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-1qafzkn/puppetlabs-concat-7.2.0) -2022-11-16T21:41:14.914874 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppetlabs-augeas_core-1.2.0", "puppetlabs-augeas_core-1.2.0/.github", "puppetlabs-augeas_core-1.2.0/.github/workflows", "puppetlabs-augeas_core-1.2.0/.github/workflows/auto_release.yml", "puppetlabs-augeas_core-1.2.0/.github/workflows/daily_unit_tests_with_nightly_puppet_gem.yaml", "puppetlabs-augeas_core-1.2.0/.github/workflows/release.yml", "puppetlabs-augeas_core-1.2.0/.github/workflows/static_code_analysis.yaml", "puppetlabs-augeas_core-1.2.0/.github/workflows/unit_tests_with_nightly_puppet_gem.yaml", "puppetlabs-augeas_core-1.2.0/.github/workflows/unit_tests_with_released_puppet_gem.yaml", "puppetlabs-augeas_core-1.2.0/CHANGELOG.md", "puppetlabs-augeas_core-1.2.0/CODEOWNERS", "puppetlabs-augeas_core-1.2.0/LICENSE", "puppetlabs-augeas_core-1.2.0/README.md", "puppetlabs-augeas_core-1.2.0/REFERENCE.md", "puppetlabs-augeas_core-1.2.0/lib", "puppetlabs-augeas_core-1.2.0/lib/puppet", "puppetlabs-augeas_core-1.2.0/lib/puppet/feature", "puppetlabs-augeas_core-1.2.0/lib/puppet/feature/augeas.rb", "puppetlabs-augeas_core-1.2.0/lib/puppet/provider", "puppetlabs-augeas_core-1.2.0/lib/puppet/provider/augeas", "puppetlabs-augeas_core-1.2.0/lib/puppet/provider/augeas/augeas.rb", "puppetlabs-augeas_core-1.2.0/lib/puppet/type", "puppetlabs-augeas_core-1.2.0/lib/puppet/type/augeas.rb", "puppetlabs-augeas_core-1.2.0/lib/puppet_x", "puppetlabs-augeas_core-1.2.0/lib/puppet_x/augeas", "puppetlabs-augeas_core-1.2.0/lib/puppet_x/augeas/util", "puppetlabs-augeas_core-1.2.0/lib/puppet_x/augeas/util/parser.rb", "puppetlabs-augeas_core-1.2.0/locales", "puppetlabs-augeas_core-1.2.0/locales/config.yaml", "puppetlabs-augeas_core-1.2.0/locales/ja", "puppetlabs-augeas_core-1.2.0/locales/ja/puppetlabs-augeas_core.po", "puppetlabs-augeas_core-1.2.0/locales/puppetlabs-augeas_core.pot", "puppetlabs-augeas_core-1.2.0/metadata.json", "puppetlabs-augeas_core-1.2.0/pdk.yaml", "puppetlabs-augeas_core-1.2.0/readmes", "puppetlabs-augeas_core-1.2.0/readmes/README_ja_JP.md"] -2022-11-16T21:41:14.915766 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/firewall -2022-11-16T21:41:14.934497 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppet-selinux-3.4.1", "puppet-selinux-3.4.1/CHANGELOG.md", "puppet-selinux-3.4.1/LICENSE", "puppet-selinux-3.4.1/README.md", "puppet-selinux-3.4.1/REFERENCE.md", "puppet-selinux-3.4.1/data", "puppet-selinux-3.4.1/data/common.yaml", "puppet-selinux-3.4.1/data/os", "puppet-selinux-3.4.1/data/os/Debian", "puppet-selinux-3.4.1/data/os/Debian/Debian", "puppet-selinux-3.4.1/data/os/Debian/Debian/10.yaml", "puppet-selinux-3.4.1/data/os/Debian.yaml", "puppet-selinux-3.4.1/data/os/RedHat", "puppet-selinux-3.4.1/data/os/RedHat/Amazon.yaml", "puppet-selinux-3.4.1/data/os/RedHat/CentOS", "puppet-selinux-3.4.1/data/os/RedHat/CentOS/5.yaml", "puppet-selinux-3.4.1/data/os/RedHat/CentOS/6.yaml", "puppet-selinux-3.4.1/data/os/RedHat/CentOS/7.yaml", "puppet-selinux-3.4.1/data/os/RedHat/OracleLinux", "puppet-selinux-3.4.1/data/os/RedHat/OracleLinux/5.yaml", "puppet-selinux-3.4.1/data/os/RedHat/OracleLinux/6.yaml", "puppet-selinux-3.4.1/data/os/RedHat/OracleLinux/7.yaml", "puppet-selinux-3.4.1/data/os/RedHat/RedHat", "puppet-selinux-3.4.1/data/os/RedHat/RedHat/5.yaml", "puppet-selinux-3.4.1/data/os/RedHat/RedHat/6.yaml", "puppet-selinux-3.4.1/data/os/RedHat/RedHat/7.yaml", "puppet-selinux-3.4.1/data/os/RedHat/Scientific", "puppet-selinux-3.4.1/data/os/RedHat/Scientific/5.yaml", "puppet-selinux-3.4.1/data/os/RedHat/Scientific/6.yaml", "puppet-selinux-3.4.1/data/os/RedHat/Scientific/7.yaml", "puppet-selinux-3.4.1/data/os/RedHat.yaml", "puppet-selinux-3.4.1/examples", "puppet-selinux-3.4.1/examples/disable.pp", "puppet-selinux-3.4.1/examples/enable.pp", "puppet-selinux-3.4.1/examples/enable_and_targeted.pp", "puppet-selinux-3.4.1/examples/fcontext.pp", "puppet-selinux-3.4.1/examples/fcontext_equals.pp", "puppet-selinux-3.4.1/examples/minimal.pp", "puppet-selinux-3.4.1/examples/mls.pp", "puppet-selinux-3.4.1/examples/module.pp", "puppet-selinux-3.4.1/examples/targeted.pp", "puppet-selinux-3.4.1/files", "puppet-selinux-3.4.1/files/selinux_build_module_simple.sh", "puppet-selinux-3.4.1/hiera.yaml", "puppet-selinux-3.4.1/lib", "puppet-selinux-3.4.1/lib/facter", "puppet-selinux-3.4.1/lib/facter/selinux_python_command.rb", "puppet-selinux-3.4.1/lib/puppet", "puppet-selinux-3.4.1/lib/puppet/provider", "puppet-selinux-3.4.1/lib/puppet/provider/selinux_fcontext", "puppet-selinux-3.4.1/lib/puppet/provider/selinux_fcontext/semanage.rb", "puppet-selinux-3.4.1/lib/puppet/provider/selinux_fcontext_equivalence", "puppet-selinux-3.4.1/lib/puppet/provider/selinux_fcontext_equivalence/semanage.rb", "puppet-selinux-3.4.1/lib/puppet/provider/selinux_permissive", "puppet-selinux-3.4.1/lib/puppet/provider/selinux_permissive/semanage.rb", "puppet-selinux-3.4.1/lib/puppet/provider/selinux_port", "puppet-selinux-3.4.1/lib/puppet/provider/selinux_port/semanage.rb", "puppet-selinux-3.4.1/lib/puppet/type", "puppet-selinux-3.4.1/lib/puppet/type/selinux_fcontext.rb", "puppet-selinux-3.4.1/lib/puppet/type/selinux_fcontext_equivalence.rb", "puppet-selinux-3.4.1/lib/puppet/type/selinux_permissive.rb", "puppet-selinux-3.4.1/lib/puppet/type/selinux_port.rb", "puppet-selinux-3.4.1/lib/puppet_x", "puppet-selinux-3.4.1/lib/puppet_x/voxpupuli", "puppet-selinux-3.4.1/lib/puppet_x/voxpupuli/selinux", "puppet-selinux-3.4.1/lib/puppet_x/voxpupuli/selinux/semanage_ports.py", "puppet-selinux-3.4.1/manifests", "puppet-selinux-3.4.1/manifests/boolean.pp", "puppet-selinux-3.4.1/manifests/build.pp", "puppet-selinux-3.4.1/manifests/config.pp", "puppet-selinux-3.4.1/manifests/exec_restorecon.pp", "puppet-selinux-3.4.1/manifests/fcontext", "puppet-selinux-3.4.1/manifests/fcontext/equivalence.pp", "puppet-selinux-3.4.1/manifests/fcontext.pp", "puppet-selinux-3.4.1/manifests/init.pp", "puppet-selinux-3.4.1/manifests/module.pp", "puppet-selinux-3.4.1/manifests/package.pp", "puppet-selinux-3.4.1/manifests/permissive.pp", "puppet-selinux-3.4.1/manifests/port.pp", "puppet-selinux-3.4.1/manifests/refpolicy_package.pp", "puppet-selinux-3.4.1/metadata.json", "puppet-selinux-3.4.1/test-acceptance-with-vagrant"] -2022-11-16T21:41:14.935572 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/inifile -2022-11-16T21:41:14.946038 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppetlabs-concat-7.2.0", "puppetlabs-concat-7.2.0/.github", "puppetlabs-concat-7.2.0/.github/workflows", "puppetlabs-concat-7.2.0/.github/workflows/auto_release.yml", "puppetlabs-concat-7.2.0/.github/workflows/labeller.yml", "puppetlabs-concat-7.2.0/.github/workflows/nightly.yml", "puppetlabs-concat-7.2.0/.github/workflows/pr_test.yml", "puppetlabs-concat-7.2.0/.github/workflows/release.yml", "puppetlabs-concat-7.2.0/.github/workflows/spec.yml", "puppetlabs-concat-7.2.0/.github/workflows/stale.yml", "puppetlabs-concat-7.2.0/.gitpod.Dockerfile", "puppetlabs-concat-7.2.0/.gitpod.yml", "puppetlabs-concat-7.2.0/CHANGELOG.md", "puppetlabs-concat-7.2.0/CODEOWNERS", "puppetlabs-concat-7.2.0/CONTRIBUTING.md", "puppetlabs-concat-7.2.0/HISTORY.md", "puppetlabs-concat-7.2.0/LICENSE", "puppetlabs-concat-7.2.0/NOTICE", "puppetlabs-concat-7.2.0/README.md", "puppetlabs-concat-7.2.0/REFERENCE.md", "puppetlabs-concat-7.2.0/data", "puppetlabs-concat-7.2.0/data/common.yaml", "puppetlabs-concat-7.2.0/examples", "puppetlabs-concat-7.2.0/examples/format.pp", "puppetlabs-concat-7.2.0/examples/fragment.pp", "puppetlabs-concat-7.2.0/examples/init.pp", "puppetlabs-concat-7.2.0/hiera.yaml", "puppetlabs-concat-7.2.0/lib", "puppetlabs-concat-7.2.0/lib/puppet", "puppetlabs-concat-7.2.0/lib/puppet/type", "puppetlabs-concat-7.2.0/lib/puppet/type/concat_file.rb", "puppetlabs-concat-7.2.0/lib/puppet/type/concat_fragment.rb", "puppetlabs-concat-7.2.0/manifests", "puppetlabs-concat-7.2.0/manifests/fragment.pp", "puppetlabs-concat-7.2.0/manifests/init.pp", "puppetlabs-concat-7.2.0/metadata.json", "puppetlabs-concat-7.2.0/provision.yaml", "puppetlabs-concat-7.2.0/readmes", "puppetlabs-concat-7.2.0/readmes/README_ja_JP.md"] -2022-11-16T21:41:14.946548 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/mailalias_core -2022-11-16T21:41:14.956063 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppet-systemd-3.10.0", "puppet-systemd-3.10.0/CHANGELOG.md", "puppet-systemd-3.10.0/HISTORY.md", "puppet-systemd-3.10.0/LICENSE", "puppet-systemd-3.10.0/README.md", "puppet-systemd-3.10.0/REFERENCE.md", "puppet-systemd-3.10.0/data", "puppet-systemd-3.10.0/data/Archlinux.yaml", "puppet-systemd-3.10.0/data/Debian-10.yaml", "puppet-systemd-3.10.0/data/Debian-11.yaml", "puppet-systemd-3.10.0/data/Debian-8.yaml", "puppet-systemd-3.10.0/data/Debian-9.yaml", "puppet-systemd-3.10.0/data/Fedora.yaml", "puppet-systemd-3.10.0/data/Gentoo.yaml", "puppet-systemd-3.10.0/data/RedHat-7.yaml", "puppet-systemd-3.10.0/data/RedHat-8.yaml", "puppet-systemd-3.10.0/data/RedHat-9.yaml", "puppet-systemd-3.10.0/data/SLES-12.yaml", "puppet-systemd-3.10.0/data/SLES-15.yaml", "puppet-systemd-3.10.0/data/Ubuntu-16.04.yaml", "puppet-systemd-3.10.0/data/Ubuntu-18.04.yaml", "puppet-systemd-3.10.0/data/Ubuntu-20.04.yaml", "puppet-systemd-3.10.0/data/VirtuozzoLinux-7.yaml", "puppet-systemd-3.10.0/functions", "puppet-systemd-3.10.0/functions/escape.pp", "puppet-systemd-3.10.0/hiera.yaml", "puppet-systemd-3.10.0/lib", "puppet-systemd-3.10.0/lib/facter", "puppet-systemd-3.10.0/lib/facter/systemd.rb", "puppet-systemd-3.10.0/lib/puppet", "puppet-systemd-3.10.0/lib/puppet/functions", "puppet-systemd-3.10.0/lib/puppet/functions/systemd", "puppet-systemd-3.10.0/lib/puppet/functions/systemd/systemd_escape.rb", "puppet-systemd-3.10.0/lib/puppet/provider", "puppet-systemd-3.10.0/lib/puppet/provider/loginctl_user", "puppet-systemd-3.10.0/lib/puppet/provider/loginctl_user/ruby.rb", "puppet-systemd-3.10.0/lib/puppet/type", "puppet-systemd-3.10.0/lib/puppet/type/loginctl_user.rb", "puppet-systemd-3.10.0/manifests", "puppet-systemd-3.10.0/manifests/coredump.pp", "puppet-systemd-3.10.0/manifests/daemon_reload.pp", "puppet-systemd-3.10.0/manifests/dropin_file.pp", "puppet-systemd-3.10.0/manifests/init.pp", "puppet-systemd-3.10.0/manifests/install.pp", "puppet-systemd-3.10.0/manifests/journald.pp", "puppet-systemd-3.10.0/manifests/logind.pp", "puppet-systemd-3.10.0/manifests/machine_info.pp", "puppet-systemd-3.10.0/manifests/modules_load.pp", "puppet-systemd-3.10.0/manifests/modules_loads.pp", "puppet-systemd-3.10.0/manifests/network.pp", "puppet-systemd-3.10.0/manifests/networkd.pp", "puppet-systemd-3.10.0/manifests/oomd.pp", "puppet-systemd-3.10.0/manifests/resolved.pp", "puppet-systemd-3.10.0/manifests/service_limits.pp", "puppet-systemd-3.10.0/manifests/system.pp", "puppet-systemd-3.10.0/manifests/timer.pp", "puppet-systemd-3.10.0/manifests/timesyncd.pp", "puppet-systemd-3.10.0/manifests/tmpfile.pp", "puppet-systemd-3.10.0/manifests/tmpfiles.pp", "puppet-systemd-3.10.0/manifests/udev", "puppet-systemd-3.10.0/manifests/udev/rule.pp", "puppet-systemd-3.10.0/manifests/udevd.pp", "puppet-systemd-3.10.0/manifests/unit_file.pp", "puppet-systemd-3.10.0/metadata.json", "puppet-systemd-3.10.0/templates", "puppet-systemd-3.10.0/templates/limits.erb", "puppet-systemd-3.10.0/templates/udev_conf.epp", "puppet-systemd-3.10.0/templates/udev_rule.epp", "puppet-systemd-3.10.0/types", "puppet-systemd-3.10.0/types/coredumpsettings.pp", "puppet-systemd-3.10.0/types/dropin.pp", "puppet-systemd-3.10.0/types/journaldsettings", "puppet-systemd-3.10.0/types/journaldsettings/ensure.pp", "puppet-systemd-3.10.0/types/journaldsettings.pp", "puppet-systemd-3.10.0/types/logindsettings", "puppet-systemd-3.10.0/types/logindsettings/ensure.pp", "puppet-systemd-3.10.0/types/logindsettings.pp", "puppet-systemd-3.10.0/types/machineinfosettings.pp", "puppet-systemd-3.10.0/types/oomdsettings.pp", "puppet-systemd-3.10.0/types/servicelimits.pp", "puppet-systemd-3.10.0/types/unit.pp"] -2022-11-16T21:41:14.956482 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/ntp -2022-11-16T21:41:15.008022 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppetlabs-firewall-3.5.0 tarball -2022-11-16T21:41:15.008083 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppetlabs-firewall-3.5.0/tarball/puppetlabs-firewall-3.5.0.tar.gz matches checksum -2022-11-16T21:41:15.011781 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppetlabs-firewall-3.5.0/tarball/puppetlabs-firewall-3.5.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/firewall (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-1jnpm6h/puppetlabs-firewall-3.5.0) -2022-11-16T21:41:15.012498 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppetlabs-inifile-5.3.0 tarball -2022-11-16T21:41:15.012694 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppetlabs-inifile-5.3.0/tarball/puppetlabs-inifile-5.3.0.tar.gz matches checksum -2022-11-16T21:41:15.013689 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppetlabs-inifile-5.3.0/tarball/puppetlabs-inifile-5.3.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/inifile (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-14mnu1r/puppetlabs-inifile-5.3.0) -2022-11-16T21:41:15.020009 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppetlabs-mailalias_core-1.1.0 tarball -2022-11-16T21:41:15.020147 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppetlabs-mailalias_core-1.1.0/tarball/puppetlabs-mailalias_core-1.1.0.tar.gz matches checksum -2022-11-16T21:41:15.021243 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppetlabs-mailalias_core-1.1.0/tarball/puppetlabs-mailalias_core-1.1.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/mailalias_core (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-17unnup/puppetlabs-mailalias_core-1.1.0) -2022-11-16T21:41:15.040487 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppetlabs-ntp-9.1.1 tarball -2022-11-16T21:41:15.040568 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppetlabs-ntp-9.1.1/tarball/puppetlabs-ntp-9.1.1.tar.gz matches checksum -2022-11-16T21:41:15.041954 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppetlabs-ntp-9.1.1/tarball/puppetlabs-ntp-9.1.1.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/ntp (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-1twts21/puppetlabs-ntp-9.1.1) -2022-11-16T21:41:15.065322 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppetlabs-mailalias_core-1.1.0", "puppetlabs-mailalias_core-1.1.0/.github", "puppetlabs-mailalias_core-1.1.0/.github/workflows", "puppetlabs-mailalias_core-1.1.0/.github/workflows/auto_release.yml", "puppetlabs-mailalias_core-1.1.0/.github/workflows/daily_unit_tests_with_nightly_puppet_gem.yaml", "puppetlabs-mailalias_core-1.1.0/.github/workflows/release.yml", "puppetlabs-mailalias_core-1.1.0/.github/workflows/static_code_analysis.yaml", "puppetlabs-mailalias_core-1.1.0/.github/workflows/unit_tests_with_nightly_puppet_gem.yaml", "puppetlabs-mailalias_core-1.1.0/.github/workflows/unit_tests_with_released_puppet_gem.yaml", "puppetlabs-mailalias_core-1.1.0/CHANGELOG.md", "puppetlabs-mailalias_core-1.1.0/CODEOWNERS", "puppetlabs-mailalias_core-1.1.0/LICENSE", "puppetlabs-mailalias_core-1.1.0/README.md", "puppetlabs-mailalias_core-1.1.0/REFERENCE.md", "puppetlabs-mailalias_core-1.1.0/data", "puppetlabs-mailalias_core-1.1.0/data/common.yaml", "puppetlabs-mailalias_core-1.1.0/hiera.yaml", "puppetlabs-mailalias_core-1.1.0/lib", "puppetlabs-mailalias_core-1.1.0/lib/puppet", "puppetlabs-mailalias_core-1.1.0/lib/puppet/provider", "puppetlabs-mailalias_core-1.1.0/lib/puppet/provider/mailalias", "puppetlabs-mailalias_core-1.1.0/lib/puppet/provider/mailalias/aliases.rb", "puppetlabs-mailalias_core-1.1.0/lib/puppet/type", "puppetlabs-mailalias_core-1.1.0/lib/puppet/type/mailalias.rb", "puppetlabs-mailalias_core-1.1.0/locales", "puppetlabs-mailalias_core-1.1.0/locales/config.yaml", "puppetlabs-mailalias_core-1.1.0/locales/puppetlabs-mailalias_core.pot", "puppetlabs-mailalias_core-1.1.0/metadata.json", "puppetlabs-mailalias_core-1.1.0/pdk.yaml"] -2022-11-16T21:41:15.066315 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/puppet_agent -2022-11-16T21:41:15.085038 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppetlabs-inifile-5.3.0", "puppetlabs-inifile-5.3.0/.github", "puppetlabs-inifile-5.3.0/.github/workflows", "puppetlabs-inifile-5.3.0/.github/workflows/auto_release.yml", "puppetlabs-inifile-5.3.0/.github/workflows/labeller.yml", "puppetlabs-inifile-5.3.0/.github/workflows/nightly.yml", "puppetlabs-inifile-5.3.0/.github/workflows/pr_test.yml", "puppetlabs-inifile-5.3.0/.github/workflows/release.yml", "puppetlabs-inifile-5.3.0/.github/workflows/spec.yml", "puppetlabs-inifile-5.3.0/.github/workflows/stale.yml", "puppetlabs-inifile-5.3.0/.gitpod.Dockerfile", "puppetlabs-inifile-5.3.0/.gitpod.yml", "puppetlabs-inifile-5.3.0/CHANGELOG.md", "puppetlabs-inifile-5.3.0/CODEOWNERS", "puppetlabs-inifile-5.3.0/CONTRIBUTING.md", "puppetlabs-inifile-5.3.0/HISTORY.md", "puppetlabs-inifile-5.3.0/LICENSE", "puppetlabs-inifile-5.3.0/NOTICE", "puppetlabs-inifile-5.3.0/README.md", "puppetlabs-inifile-5.3.0/REFERENCE.md", "puppetlabs-inifile-5.3.0/data", "puppetlabs-inifile-5.3.0/data/common.yaml", "puppetlabs-inifile-5.3.0/examples", "puppetlabs-inifile-5.3.0/examples/ini_setting.pp", "puppetlabs-inifile-5.3.0/examples/ini_subsetting.pp", "puppetlabs-inifile-5.3.0/hiera.yaml", "puppetlabs-inifile-5.3.0/lib", "puppetlabs-inifile-5.3.0/lib/puppet", "puppetlabs-inifile-5.3.0/lib/puppet/functions", "puppetlabs-inifile-5.3.0/lib/puppet/functions/create_ini_settings.rb", "puppetlabs-inifile-5.3.0/lib/puppet/functions/inifile", "puppetlabs-inifile-5.3.0/lib/puppet/functions/inifile/create_ini_settings.rb", "puppetlabs-inifile-5.3.0/lib/puppet/provider", "puppetlabs-inifile-5.3.0/lib/puppet/provider/ini_setting", "puppetlabs-inifile-5.3.0/lib/puppet/provider/ini_setting/ruby.rb", "puppetlabs-inifile-5.3.0/lib/puppet/provider/ini_subsetting", "puppetlabs-inifile-5.3.0/lib/puppet/provider/ini_subsetting/ruby.rb", "puppetlabs-inifile-5.3.0/lib/puppet/type", "puppetlabs-inifile-5.3.0/lib/puppet/type/ini_setting.rb", "puppetlabs-inifile-5.3.0/lib/puppet/type/ini_subsetting.rb", "puppetlabs-inifile-5.3.0/lib/puppet/util", "puppetlabs-inifile-5.3.0/lib/puppet/util/external_iterator.rb", "puppetlabs-inifile-5.3.0/lib/puppet/util/ini_file", "puppetlabs-inifile-5.3.0/lib/puppet/util/ini_file/section.rb", "puppetlabs-inifile-5.3.0/lib/puppet/util/ini_file.rb", "puppetlabs-inifile-5.3.0/lib/puppet/util/setting_value.rb", "puppetlabs-inifile-5.3.0/metadata.json", "puppetlabs-inifile-5.3.0/pdk.yaml", "puppetlabs-inifile-5.3.0/provision.yaml"] -2022-11-16T21:41:15.085892 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/reboot -2022-11-16T21:41:15.098244 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppetlabs-firewall-3.5.0", "puppetlabs-firewall-3.5.0/.github", "puppetlabs-firewall-3.5.0/.github/workflows", "puppetlabs-firewall-3.5.0/.github/workflows/auto_release.yml", "puppetlabs-firewall-3.5.0/.github/workflows/labeller.yml", "puppetlabs-firewall-3.5.0/.github/workflows/nightly.yml", "puppetlabs-firewall-3.5.0/.github/workflows/pr_test.yml", "puppetlabs-firewall-3.5.0/.github/workflows/release.yml", "puppetlabs-firewall-3.5.0/.github/workflows/spec.yml", "puppetlabs-firewall-3.5.0/.github/workflows/stale.yml", "puppetlabs-firewall-3.5.0/.gitpod.Dockerfile", "puppetlabs-firewall-3.5.0/.gitpod.yml", "puppetlabs-firewall-3.5.0/.nodeset.yml", "puppetlabs-firewall-3.5.0/CHANGELOG.md", "puppetlabs-firewall-3.5.0/CODEOWNERS", "puppetlabs-firewall-3.5.0/CONTRIBUTING.md", "puppetlabs-firewall-3.5.0/HISTORY.md", "puppetlabs-firewall-3.5.0/LICENSE", "puppetlabs-firewall-3.5.0/NOTICE", "puppetlabs-firewall-3.5.0/README.md", "puppetlabs-firewall-3.5.0/REFERENCE.md", "puppetlabs-firewall-3.5.0/data", "puppetlabs-firewall-3.5.0/data/common.yaml", "puppetlabs-firewall-3.5.0/hiera.yaml", "puppetlabs-firewall-3.5.0/lib", "puppetlabs-firewall-3.5.0/lib/facter", "puppetlabs-firewall-3.5.0/lib/facter/ip6tables_version.rb", "puppetlabs-firewall-3.5.0/lib/facter/iptables_persistent_version.rb", "puppetlabs-firewall-3.5.0/lib/facter/iptables_version.rb", "puppetlabs-firewall-3.5.0/lib/puppet", "puppetlabs-firewall-3.5.0/lib/puppet/provider", "puppetlabs-firewall-3.5.0/lib/puppet/provider/firewall", "puppetlabs-firewall-3.5.0/lib/puppet/provider/firewall/ip6tables.rb", "puppetlabs-firewall-3.5.0/lib/puppet/provider/firewall/iptables.rb", "puppetlabs-firewall-3.5.0/lib/puppet/provider/firewall.rb", "puppetlabs-firewall-3.5.0/lib/puppet/provider/firewallchain", "puppetlabs-firewall-3.5.0/lib/puppet/provider/firewallchain/iptables_chain.rb", "puppetlabs-firewall-3.5.0/lib/puppet/type", "puppetlabs-firewall-3.5.0/lib/puppet/type/firewall.rb", "puppetlabs-firewall-3.5.0/lib/puppet/type/firewallchain.rb", "puppetlabs-firewall-3.5.0/lib/puppet/util", "puppetlabs-firewall-3.5.0/lib/puppet/util/firewall.rb", "puppetlabs-firewall-3.5.0/lib/puppet/util/ipcidr.rb", "puppetlabs-firewall-3.5.0/manifests", "puppetlabs-firewall-3.5.0/manifests/init.pp", "puppetlabs-firewall-3.5.0/manifests/linux", "puppetlabs-firewall-3.5.0/manifests/linux/archlinux.pp", "puppetlabs-firewall-3.5.0/manifests/linux/debian.pp", "puppetlabs-firewall-3.5.0/manifests/linux/gentoo.pp", "puppetlabs-firewall-3.5.0/manifests/linux/redhat.pp", "puppetlabs-firewall-3.5.0/manifests/linux.pp", "puppetlabs-firewall-3.5.0/manifests/params.pp", "puppetlabs-firewall-3.5.0/metadata.json", "puppetlabs-firewall-3.5.0/pdk.yaml", "puppetlabs-firewall-3.5.0/provision.yaml"] -2022-11-16T21:41:15.098763 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/stdlib -2022-11-16T21:41:15.115386 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppetlabs-ntp-9.1.1", "puppetlabs-ntp-9.1.1/.github", "puppetlabs-ntp-9.1.1/.github/workflows", "puppetlabs-ntp-9.1.1/.github/workflows/auto_release.yml", "puppetlabs-ntp-9.1.1/.github/workflows/integration_test.yml", "puppetlabs-ntp-9.1.1/.github/workflows/labeller.yml", "puppetlabs-ntp-9.1.1/.github/workflows/nightly.yml", "puppetlabs-ntp-9.1.1/.github/workflows/pr_test.yml", "puppetlabs-ntp-9.1.1/.github/workflows/release.yml", "puppetlabs-ntp-9.1.1/.github/workflows/spec.yml", "puppetlabs-ntp-9.1.1/.github/workflows/stale.yml", "puppetlabs-ntp-9.1.1/.gitpod.Dockerfile", "puppetlabs-ntp-9.1.1/.gitpod.yml", "puppetlabs-ntp-9.1.1/.rubocop_todo.yml", "puppetlabs-ntp-9.1.1/CHANGELOG.md", "puppetlabs-ntp-9.1.1/CODEOWNERS", "puppetlabs-ntp-9.1.1/CONTRIBUTING.md", "puppetlabs-ntp-9.1.1/HISTORY.md", "puppetlabs-ntp-9.1.1/LICENSE", "puppetlabs-ntp-9.1.1/NOTICE", "puppetlabs-ntp-9.1.1/README.md", "puppetlabs-ntp-9.1.1/REFERENCE.md", "puppetlabs-ntp-9.1.1/data", "puppetlabs-ntp-9.1.1/data/AIX-family.yaml", "puppetlabs-ntp-9.1.1/data/Amazon.yaml", "puppetlabs-ntp-9.1.1/data/Archlinux-family.yaml", "puppetlabs-ntp-9.1.1/data/Debian-family.yaml", "puppetlabs-ntp-9.1.1/data/Fedora.yaml", "puppetlabs-ntp-9.1.1/data/FreeBSD-family.yaml", "puppetlabs-ntp-9.1.1/data/Gentoo-family.yaml", "puppetlabs-ntp-9.1.1/data/OpenSuSE.yaml", "puppetlabs-ntp-9.1.1/data/RedHat-family.yaml", "puppetlabs-ntp-9.1.1/data/SLES-10.yaml", "puppetlabs-ntp-9.1.1/data/SLES-12.yaml", "puppetlabs-ntp-9.1.1/data/SLES-15.yaml", "puppetlabs-ntp-9.1.1/data/Solaris-10.yaml", "puppetlabs-ntp-9.1.1/data/Solaris-11.yaml", "puppetlabs-ntp-9.1.1/data/Solaris-family.yaml", "puppetlabs-ntp-9.1.1/data/Suse-family.yaml", "puppetlabs-ntp-9.1.1/data/common.yaml", "puppetlabs-ntp-9.1.1/examples", "puppetlabs-ntp-9.1.1/examples/init.pp", "puppetlabs-ntp-9.1.1/hiera.yaml", "puppetlabs-ntp-9.1.1/manifests", "puppetlabs-ntp-9.1.1/manifests/config.pp", "puppetlabs-ntp-9.1.1/manifests/init.pp", "puppetlabs-ntp-9.1.1/manifests/install.pp", "puppetlabs-ntp-9.1.1/manifests/service.pp", "puppetlabs-ntp-9.1.1/metadata.json", "puppetlabs-ntp-9.1.1/pdk.yaml", "puppetlabs-ntp-9.1.1/plans", "puppetlabs-ntp-9.1.1/plans/acceptance", "puppetlabs-ntp-9.1.1/plans/acceptance/pe_agent.pp", "puppetlabs-ntp-9.1.1/plans/acceptance/pe_server.pp", "puppetlabs-ntp-9.1.1/plans/acceptance/provision_integration.pp", "puppetlabs-ntp-9.1.1/provision.yaml", "puppetlabs-ntp-9.1.1/readmes", "puppetlabs-ntp-9.1.1/readmes/README_ja_JP.md", "puppetlabs-ntp-9.1.1/templates", "puppetlabs-ntp-9.1.1/templates/keys.epp", "puppetlabs-ntp-9.1.1/templates/ntp.conf.epp", "puppetlabs-ntp-9.1.1/templates/step-tickers.epp", "puppetlabs-ntp-9.1.1/types", "puppetlabs-ntp-9.1.1/types/key_id.pp", "puppetlabs-ntp-9.1.1/types/poll_interval.pp"] -2022-11-16T21:41:15.115729 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/auditd -2022-11-16T21:41:15.142999 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppetlabs-puppet_agent-4.12.1 tarball -2022-11-16T21:41:15.143044 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppetlabs-puppet_agent-4.12.1/tarball/puppetlabs-puppet_agent-4.12.1.tar.gz matches checksum -2022-11-16T21:41:15.144273 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppetlabs-puppet_agent-4.12.1/tarball/puppetlabs-puppet_agent-4.12.1.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/puppet_agent (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-pkjnmc/puppetlabs-puppet_agent-4.12.1) -2022-11-16T21:41:15.164022 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppetlabs-reboot-4.2.0 tarball -2022-11-16T21:41:15.164081 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppetlabs-reboot-4.2.0/tarball/puppetlabs-reboot-4.2.0.tar.gz matches checksum -2022-11-16T21:41:15.164970 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppetlabs-reboot-4.2.0/tarball/puppetlabs-reboot-4.2.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/reboot (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-1orkicj/puppetlabs-reboot-4.2.0) -2022-11-16T21:41:15.208523 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppetlabs-stdlib-6.6.0 tarball -2022-11-16T21:41:15.208613 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppetlabs-stdlib-6.6.0/tarball/puppetlabs-stdlib-6.6.0.tar.gz matches checksum -2022-11-16T21:41:15.210697 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppetlabs-stdlib-6.6.0/tarball/puppetlabs-stdlib-6.6.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/stdlib (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-mqni9w/puppetlabs-stdlib-6.6.0) -2022-11-16T21:41:15.220777 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppetlabs-reboot-4.2.0", "puppetlabs-reboot-4.2.0/.github", "puppetlabs-reboot-4.2.0/.github/pull_request_template.md", "puppetlabs-reboot-4.2.0/.github/workflows", "puppetlabs-reboot-4.2.0/.github/workflows/auto_release.yml", "puppetlabs-reboot-4.2.0/.github/workflows/labeller.yml", "puppetlabs-reboot-4.2.0/.github/workflows/nightly.yml", "puppetlabs-reboot-4.2.0/.github/workflows/pr_test.yml", "puppetlabs-reboot-4.2.0/.github/workflows/release.yml", "puppetlabs-reboot-4.2.0/.github/workflows/spec.yml", "puppetlabs-reboot-4.2.0/.github/workflows/stale.yml", "puppetlabs-reboot-4.2.0/.gitpod.Dockerfile", "puppetlabs-reboot-4.2.0/.gitpod.yml", "puppetlabs-reboot-4.2.0/CHANGELOG.md", "puppetlabs-reboot-4.2.0/CODEOWNERS", "puppetlabs-reboot-4.2.0/CONTRIBUTING.md", "puppetlabs-reboot-4.2.0/HISTORY.md", "puppetlabs-reboot-4.2.0/LICENSE", "puppetlabs-reboot-4.2.0/NOTICE", "puppetlabs-reboot-4.2.0/README.md", "puppetlabs-reboot-4.2.0/REFERENCE.md", "puppetlabs-reboot-4.2.0/data", "puppetlabs-reboot-4.2.0/data/common.yaml", "puppetlabs-reboot-4.2.0/examples", "puppetlabs-reboot-4.2.0/examples/sample.pp", "puppetlabs-reboot-4.2.0/hiera.yaml", "puppetlabs-reboot-4.2.0/lib", "puppetlabs-reboot-4.2.0/lib/puppet", "puppetlabs-reboot-4.2.0/lib/puppet/provider", "puppetlabs-reboot-4.2.0/lib/puppet/provider/reboot", "puppetlabs-reboot-4.2.0/lib/puppet/provider/reboot/linux.rb", "puppetlabs-reboot-4.2.0/lib/puppet/provider/reboot/posix.rb", "puppetlabs-reboot-4.2.0/lib/puppet/provider/reboot/windows.rb", "puppetlabs-reboot-4.2.0/lib/puppet/type", "puppetlabs-reboot-4.2.0/lib/puppet/type/reboot.rb", "puppetlabs-reboot-4.2.0/metadata.json", "puppetlabs-reboot-4.2.0/pdk.yaml", "puppetlabs-reboot-4.2.0/plans", "puppetlabs-reboot-4.2.0/plans/init.pp", "puppetlabs-reboot-4.2.0/provision.yaml", "puppetlabs-reboot-4.2.0/tasks", "puppetlabs-reboot-4.2.0/tasks/init.json", "puppetlabs-reboot-4.2.0/tasks/init.rb", "puppetlabs-reboot-4.2.0/tasks/last_boot_time.json", "puppetlabs-reboot-4.2.0/tasks/last_boot_time_nix.json", "puppetlabs-reboot-4.2.0/tasks/last_boot_time_nix.sh", "puppetlabs-reboot-4.2.0/tasks/last_boot_time_win.json", "puppetlabs-reboot-4.2.0/tasks/last_boot_time_win.ps1", "puppetlabs-reboot-4.2.0/tasks/nix.json", "puppetlabs-reboot-4.2.0/tasks/nix.sh", "puppetlabs-reboot-4.2.0/tasks/win.json", "puppetlabs-reboot-4.2.0/tasks/win.ps1"] -2022-11-16T21:41:15.221872 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/mount_core -2022-11-16T21:41:15.228682 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of ubeek-auditd-1.0.3 tarball -2022-11-16T21:41:15.228808 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/ubeek-auditd-1.0.3/tarball/ubeek-auditd-1.0.3.tar.gz matches checksum -2022-11-16T21:41:15.229933 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/ubeek-auditd-1.0.3/tarball/ubeek-auditd-1.0.3.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/auditd (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-vevde5/ubeek-auditd-1.0.3) -2022-11-16T21:41:15.248916 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["ubeek-auditd-1.0.3", "ubeek-auditd-1.0.3/CHANGELOG.md", "ubeek-auditd-1.0.3/README.md", "ubeek-auditd-1.0.3/data", "ubeek-auditd-1.0.3/data/common.yaml", "ubeek-auditd-1.0.3/debug.log", "ubeek-auditd-1.0.3/hiera.yaml", "ubeek-auditd-1.0.3/manifests", "ubeek-auditd-1.0.3/manifests/config.pp", "ubeek-auditd-1.0.3/manifests/init.pp", "ubeek-auditd-1.0.3/manifests/install.pp", "ubeek-auditd-1.0.3/manifests/service.pp", "ubeek-auditd-1.0.3/metadata.json", "ubeek-auditd-1.0.3/pdk.yaml", "ubeek-auditd-1.0.3/templates", "ubeek-auditd-1.0.3/templates/auditd.conf.erb", "ubeek-auditd-1.0.3/templates/auditd.rules.erb"] -2022-11-16T21:41:15.249454 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/cron -2022-11-16T21:41:15.307974 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppetlabs-puppet_agent-4.12.1", "puppetlabs-puppet_agent-4.12.1/.github", "puppetlabs-puppet_agent-4.12.1/.github/workflows", "puppetlabs-puppet_agent-4.12.1/.github/workflows/auto_release.yml", "puppetlabs-puppet_agent-4.12.1/.github/workflows/daily_unit_tests_with_nightly_puppet_gem.yaml", "puppetlabs-puppet_agent-4.12.1/.github/workflows/release.yml", "puppetlabs-puppet_agent-4.12.1/.github/workflows/static_code_analysis.yaml", "puppetlabs-puppet_agent-4.12.1/.github/workflows/task_acceptance_tests.yaml", "puppetlabs-puppet_agent-4.12.1/.github/workflows/unit_tests_with_nightly_puppet_gem.yaml", "puppetlabs-puppet_agent-4.12.1/.github/workflows/unit_tests_with_released_puppet_gem.yaml", "puppetlabs-puppet_agent-4.12.1/.rubocop_todo.yml", "puppetlabs-puppet_agent-4.12.1/CHANGELOG.md", "puppetlabs-puppet_agent-4.12.1/CODEOWNERS", "puppetlabs-puppet_agent-4.12.1/CODE_OF_CONDUCT.md", "puppetlabs-puppet_agent-4.12.1/CONTRIBUTING.md", "puppetlabs-puppet_agent-4.12.1/DEVELOPERS.md", "puppetlabs-puppet_agent-4.12.1/HISTORY.md", "puppetlabs-puppet_agent-4.12.1/LICENSE", "puppetlabs-puppet_agent-4.12.1/NOTICE", "puppetlabs-puppet_agent-4.12.1/README.md", "puppetlabs-puppet_agent-4.12.1/REFERENCE.md", "puppetlabs-puppet_agent-4.12.1/acceptance", "puppetlabs-puppet_agent-4.12.1/acceptance/Gemfile", "puppetlabs-puppet_agent-4.12.1/acceptance/README.md", "puppetlabs-puppet_agent-4.12.1/acceptance/Rakefile", "puppetlabs-puppet_agent-4.12.1/acceptance/files", "puppetlabs-puppet_agent-4.12.1/acceptance/files/uninstall.ps1", "puppetlabs-puppet_agent-4.12.1/acceptance/helpers.rb", "puppetlabs-puppet_agent-4.12.1/acceptance/options.rb", "puppetlabs-puppet_agent-4.12.1/acceptance/pre_suite", "puppetlabs-puppet_agent-4.12.1/acceptance/pre_suite/00_master_setup.rb", "puppetlabs-puppet_agent-4.12.1/acceptance/tests", "puppetlabs-puppet_agent-4.12.1/acceptance/tests/test_upgrade_puppet5_to_puppet6.rb", "puppetlabs-puppet_agent-4.12.1/acceptance/tests/test_upgrade_puppet6_to_puppet7.rb", "puppetlabs-puppet_agent-4.12.1/bolt_plugin.json", "puppetlabs-puppet_agent-4.12.1/data", "puppetlabs-puppet_agent-4.12.1/data/common.yaml", "puppetlabs-puppet_agent-4.12.1/docker", "puppetlabs-puppet_agent-4.12.1/docker/bin", "puppetlabs-puppet_agent-4.12.1/docker/bin/helpers", "puppetlabs-puppet_agent-4.12.1/docker/bin/helpers/run-upgrade.sh", "puppetlabs-puppet_agent-4.12.1/docker/bin/upgrade.sh", "puppetlabs-puppet_agent-4.12.1/docker/bin/versions.sh", "puppetlabs-puppet_agent-4.12.1/docker/centos", "puppetlabs-puppet_agent-4.12.1/docker/centos/Dockerfile", "puppetlabs-puppet_agent-4.12.1/docker/centos/Dockerfile.versions", "puppetlabs-puppet_agent-4.12.1/docker/deploy.pp", "puppetlabs-puppet_agent-4.12.1/docker/rocky", "puppetlabs-puppet_agent-4.12.1/docker/rocky/Dockerfile", "puppetlabs-puppet_agent-4.12.1/docker/rocky/Dockerfile.versions", "puppetlabs-puppet_agent-4.12.1/docker/ubuntu", "puppetlabs-puppet_agent-4.12.1/docker/ubuntu/Dockerfile", "puppetlabs-puppet_agent-4.12.1/docker/ubuntu/Dockerfile.versions", "puppetlabs-puppet_agent-4.12.1/docker/upgrade.pp", "puppetlabs-puppet_agent-4.12.1/examples", "puppetlabs-puppet_agent-4.12.1/examples/init.pp", "puppetlabs-puppet_agent-4.12.1/files", "puppetlabs-puppet_agent-4.12.1/files/.gitkeep", "puppetlabs-puppet_agent-4.12.1/files/GPG-KEY-puppet", "puppetlabs-puppet_agent-4.12.1/files/GPG-KEY-puppet-20250406", "puppetlabs-puppet_agent-4.12.1/files/helpers.ps1", "puppetlabs-puppet_agent-4.12.1/files/install_puppet.ps1", "puppetlabs-puppet_agent-4.12.1/files/prerequisites_check.ps1", "puppetlabs-puppet_agent-4.12.1/files/rb_task_helper.rb", "puppetlabs-puppet_agent-4.12.1/files/solaris_start_puppet.sh", "puppetlabs-puppet_agent-4.12.1/hiera.yaml", "puppetlabs-puppet_agent-4.12.1/lib", "puppetlabs-puppet_agent-4.12.1/lib/facter", "puppetlabs-puppet_agent-4.12.1/lib/facter/env_temp_variable.rb", "puppetlabs-puppet_agent-4.12.1/lib/facter/mco_config.rb", "puppetlabs-puppet_agent-4.12.1/lib/facter/puppet_agent_appdata.rb", "puppetlabs-puppet_agent-4.12.1/lib/facter/puppet_agent_pid.rb", "puppetlabs-puppet_agent-4.12.1/lib/facter/settings.rb", "puppetlabs-puppet_agent-4.12.1/lib/puppet", "puppetlabs-puppet_agent-4.12.1/lib/puppet/functions", "puppetlabs-puppet_agent-4.12.1/lib/puppet/functions/any_resources_of_type.rb", "puppetlabs-puppet_agent-4.12.1/lib/puppet/parser", "puppetlabs-puppet_agent-4.12.1/lib/puppet/parser/functions", "puppetlabs-puppet_agent-4.12.1/lib/puppet/parser/functions/uri_host_from_string.rb", "puppetlabs-puppet_agent-4.12.1/lib/puppet/parser/functions/windows_msi_installargs.rb", "puppetlabs-puppet_agent-4.12.1/lib/puppet/parser/functions/windows_native_path.rb", "puppetlabs-puppet_agent-4.12.1/lib/puppet/provider", "puppetlabs-puppet_agent-4.12.1/lib/puppet/provider/puppet_agent_end_run", "puppetlabs-puppet_agent-4.12.1/lib/puppet/provider/puppet_agent_end_run/puppet_agent_end_run.rb", "puppetlabs-puppet_agent-4.12.1/lib/puppet/provider/puppet_agent_upgrade_error", "puppetlabs-puppet_agent-4.12.1/lib/puppet/provider/puppet_agent_upgrade_error/puppet_agent_upgrade_error.rb", "puppetlabs-puppet_agent-4.12.1/lib/puppet/type", "puppetlabs-puppet_agent-4.12.1/lib/puppet/type/puppet_agent_end_run.rb", "puppetlabs-puppet_agent-4.12.1/lib/puppet/type/puppet_agent_upgrade_error.rb", "puppetlabs-puppet_agent-4.12.1/locales", "puppetlabs-puppet_agent-4.12.1/locales/config.yaml", "puppetlabs-puppet_agent-4.12.1/manifests", "puppetlabs-puppet_agent-4.12.1/manifests/configure.pp", "puppetlabs-puppet_agent-4.12.1/manifests/init.pp", "puppetlabs-puppet_agent-4.12.1/manifests/install", "puppetlabs-puppet_agent-4.12.1/manifests/install/darwin.pp", "puppetlabs-puppet_agent-4.12.1/manifests/install/solaris.pp", "puppetlabs-puppet_agent-4.12.1/manifests/install/suse.pp", "puppetlabs-puppet_agent-4.12.1/manifests/install/windows.pp", "puppetlabs-puppet_agent-4.12.1/manifests/install.pp", "puppetlabs-puppet_agent-4.12.1/manifests/osfamily", "puppetlabs-puppet_agent-4.12.1/manifests/osfamily/aix.pp", "puppetlabs-puppet_agent-4.12.1/manifests/osfamily/darwin.pp", "puppetlabs-puppet_agent-4.12.1/manifests/osfamily/debian.pp", "puppetlabs-puppet_agent-4.12.1/manifests/osfamily/redhat.pp", "puppetlabs-puppet_agent-4.12.1/manifests/osfamily/solaris.pp", "puppetlabs-puppet_agent-4.12.1/manifests/osfamily/suse.pp", "puppetlabs-puppet_agent-4.12.1/manifests/osfamily/windows.pp", "puppetlabs-puppet_agent-4.12.1/manifests/params.pp", "puppetlabs-puppet_agent-4.12.1/manifests/prepare", "puppetlabs-puppet_agent-4.12.1/manifests/prepare/package.pp", "puppetlabs-puppet_agent-4.12.1/manifests/prepare/puppet_config.pp", "puppetlabs-puppet_agent-4.12.1/manifests/prepare.pp", "puppetlabs-puppet_agent-4.12.1/manifests/service.pp", "puppetlabs-puppet_agent-4.12.1/metadata.json", "puppetlabs-puppet_agent-4.12.1/pdk.yaml", "puppetlabs-puppet_agent-4.12.1/plans", "puppetlabs-puppet_agent-4.12.1/plans/run.pp", "puppetlabs-puppet_agent-4.12.1/task_spec", "puppetlabs-puppet_agent-4.12.1/task_spec/.fixtures.yml", "puppetlabs-puppet_agent-4.12.1/task_spec/Rakefile", "puppetlabs-puppet_agent-4.12.1/task_spec/spec", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/acceptance", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/acceptance/init_spec.rb", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/acceptance/nodesets", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/acceptance/nodesets/centos-7-x64.yml", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/acceptance/nodesets/docker", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/acceptance/nodesets/docker/centos-7.yml", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/acceptance/nodesets/docker/debian-8.yml", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/acceptance/nodesets/docker/rocky-8.yml", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/acceptance/nodesets/docker/ubuntu-14.04.yml", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/acceptance/nodesets/docker/ubuntu-18.04.yml", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/acceptance/nodesets/osx1011-64.yml", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/acceptance/nodesets/osx1012-64.yml", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/acceptance/nodesets/osx1013-64.yml", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/acceptance/nodesets/osx1014-64.yml", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/acceptance/nodesets/rocky-8-x64.yml", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/acceptance/nodesets/sles11-64.yml", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/acceptance/nodesets/sles12-64.yml", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/acceptance/nodesets/windows10ent-32.yml", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/acceptance/nodesets/windows10ent-64.yml", "puppetlabs-puppet_agent-4.12.1/task_spec/spec/spec_helper_acceptance.rb", "puppetlabs-puppet_agent-4.12.1/tasks", "puppetlabs-puppet_agent-4.12.1/tasks/delete_local_filebucket.json", "puppetlabs-puppet_agent-4.12.1/tasks/delete_local_filebucket.rb", "puppetlabs-puppet_agent-4.12.1/tasks/facts_diff.json", "puppetlabs-puppet_agent-4.12.1/tasks/facts_diff.rb", "puppetlabs-puppet_agent-4.12.1/tasks/install.json", "puppetlabs-puppet_agent-4.12.1/tasks/install_powershell.json", "puppetlabs-puppet_agent-4.12.1/tasks/install_powershell.ps1", "puppetlabs-puppet_agent-4.12.1/tasks/install_shell.json", "puppetlabs-puppet_agent-4.12.1/tasks/install_shell.sh", "puppetlabs-puppet_agent-4.12.1/tasks/run.json", "puppetlabs-puppet_agent-4.12.1/tasks/run.rb", "puppetlabs-puppet_agent-4.12.1/tasks/version.json", "puppetlabs-puppet_agent-4.12.1/tasks/version_powershell.json", "puppetlabs-puppet_agent-4.12.1/tasks/version_powershell.ps1", "puppetlabs-puppet_agent-4.12.1/tasks/version_shell.json", "puppetlabs-puppet_agent-4.12.1/tasks/version_shell.sh", "puppetlabs-puppet_agent-4.12.1/templates", "puppetlabs-puppet_agent-4.12.1/templates/.gitkeep", "puppetlabs-puppet_agent-4.12.1/templates/do_install.sh.erb", "puppetlabs-puppet_agent-4.12.1/templates/osx_install.sh.erb", "puppetlabs-puppet_agent-4.12.1/templates/solaris_install.sh.erb", "puppetlabs-puppet_agent-4.12.1/types", "puppetlabs-puppet_agent-4.12.1/types/arch.pp", "puppetlabs-puppet_agent-4.12.1/types/config.pp", "puppetlabs-puppet_agent-4.12.1/types/config_setting.pp"] -2022-11-16T21:41:15.308462 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/augeasproviders_grub -2022-11-16T21:41:15.316462 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppetlabs-mount_core-1.1.0 tarball -2022-11-16T21:41:15.316517 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppetlabs-mount_core-1.1.0/tarball/puppetlabs-mount_core-1.1.0.tar.gz matches checksum -2022-11-16T21:41:15.318625 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppetlabs-mount_core-1.1.0/tarball/puppetlabs-mount_core-1.1.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/mount_core (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-43lctq/puppetlabs-mount_core-1.1.0) -2022-11-16T21:41:15.321408 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppet-cron-3.0.0 tarball -2022-11-16T21:41:15.321540 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppet-cron-3.0.0/tarball/puppet-cron-3.0.0.tar.gz matches checksum -2022-11-16T21:41:15.323801 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppet-cron-3.0.0/tarball/puppet-cron-3.0.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/cron (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-1g6pd1/puppet-cron-3.0.0) -2022-11-16T21:41:15.362243 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppetlabs-mount_core-1.1.0", "puppetlabs-mount_core-1.1.0/.github", "puppetlabs-mount_core-1.1.0/.github/workflows", "puppetlabs-mount_core-1.1.0/.github/workflows/auto_release.yml", "puppetlabs-mount_core-1.1.0/.github/workflows/daily_unit_tests_with_nightly_puppet_gem.yaml", "puppetlabs-mount_core-1.1.0/.github/workflows/release.yml", "puppetlabs-mount_core-1.1.0/.github/workflows/static_code_analysis.yaml", "puppetlabs-mount_core-1.1.0/.github/workflows/unit_tests_with_nightly_puppet_gem.yaml", "puppetlabs-mount_core-1.1.0/.github/workflows/unit_tests_with_released_puppet_gem.yaml", "puppetlabs-mount_core-1.1.0/CHANGELOG.md", "puppetlabs-mount_core-1.1.0/CODEOWNERS", "puppetlabs-mount_core-1.1.0/LICENSE", "puppetlabs-mount_core-1.1.0/README.md", "puppetlabs-mount_core-1.1.0/REFERENCE.md", "puppetlabs-mount_core-1.1.0/data", "puppetlabs-mount_core-1.1.0/data/common.yaml", "puppetlabs-mount_core-1.1.0/hiera.yaml", "puppetlabs-mount_core-1.1.0/lib", "puppetlabs-mount_core-1.1.0/lib/puppet", "puppetlabs-mount_core-1.1.0/lib/puppet/provider", "puppetlabs-mount_core-1.1.0/lib/puppet/provider/mount", "puppetlabs-mount_core-1.1.0/lib/puppet/provider/mount/parsed.rb", "puppetlabs-mount_core-1.1.0/lib/puppet/provider/mount.rb", "puppetlabs-mount_core-1.1.0/lib/puppet/type", "puppetlabs-mount_core-1.1.0/lib/puppet/type/mount.rb", "puppetlabs-mount_core-1.1.0/locales", "puppetlabs-mount_core-1.1.0/locales/config.yaml", "puppetlabs-mount_core-1.1.0/locales/ja", "puppetlabs-mount_core-1.1.0/locales/ja/puppetlabs-mount_core.po", "puppetlabs-mount_core-1.1.0/locales/puppetlabs-mount_core.pot", "puppetlabs-mount_core-1.1.0/metadata.json", "puppetlabs-mount_core-1.1.0/pdk.yaml", "puppetlabs-mount_core-1.1.0/readmes", "puppetlabs-mount_core-1.1.0/readmes/README_ja_JP.md"] -2022-11-16T21:41:15.363005 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/augeasproviders_shellvar -2022-11-16T21:41:15.381402 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppet-cron-3.0.0", "puppet-cron-3.0.0/CHANGELOG.md", "puppet-cron-3.0.0/HISTORY.md", "puppet-cron-3.0.0/LICENSE", "puppet-cron-3.0.0/README.md", "puppet-cron-3.0.0/REFERENCE.md", "puppet-cron-3.0.0/data", "puppet-cron-3.0.0/data/common.yaml", "puppet-cron-3.0.0/data/os", "puppet-cron-3.0.0/data/os/Gentoo.yaml", "puppet-cron-3.0.0/data/os/RedHat", "puppet-cron-3.0.0/data/os/RedHat/5.yaml", "puppet-cron-3.0.0/data/os/RedHat.yaml", "puppet-cron-3.0.0/hiera.yaml", "puppet-cron-3.0.0/manifests", "puppet-cron-3.0.0/manifests/daily.pp", "puppet-cron-3.0.0/manifests/hourly.pp", "puppet-cron-3.0.0/manifests/init.pp", "puppet-cron-3.0.0/manifests/install.pp", "puppet-cron-3.0.0/manifests/job", "puppet-cron-3.0.0/manifests/job/multiple.pp", "puppet-cron-3.0.0/manifests/job.pp", "puppet-cron-3.0.0/manifests/monthly.pp", "puppet-cron-3.0.0/manifests/service.pp", "puppet-cron-3.0.0/manifests/weekly.pp", "puppet-cron-3.0.0/metadata.json", "puppet-cron-3.0.0/templates", "puppet-cron-3.0.0/templates/.gitkeep", "puppet-cron-3.0.0/templates/crontab.epp", "puppet-cron-3.0.0/templates/job.erb", "puppet-cron-3.0.0/templates/multiple.erb", "puppet-cron-3.0.0/templates/users.epp", "puppet-cron-3.0.0/types", "puppet-cron-3.0.0/types/date.pp", "puppet-cron-3.0.0/types/deb_version.pp", "puppet-cron-3.0.0/types/environment.pp", "puppet-cron-3.0.0/types/hour.pp", "puppet-cron-3.0.0/types/job_ensure.pp", "puppet-cron-3.0.0/types/jobname.pp", "puppet-cron-3.0.0/types/minute.pp", "puppet-cron-3.0.0/types/mode.pp", "puppet-cron-3.0.0/types/month.pp", "puppet-cron-3.0.0/types/monthname.pp", "puppet-cron-3.0.0/types/package_ensure.pp", "puppet-cron-3.0.0/types/package_state.pp", "puppet-cron-3.0.0/types/rpm_version.pp", "puppet-cron-3.0.0/types/run_parts.pp", "puppet-cron-3.0.0/types/second.pp", "puppet-cron-3.0.0/types/service_enable.pp", "puppet-cron-3.0.0/types/service_ensure.pp", "puppet-cron-3.0.0/types/special.pp", "puppet-cron-3.0.0/types/user.pp", "puppet-cron-3.0.0/types/weekday.pp", "puppet-cron-3.0.0/types/weekdayname.pp"] -2022-11-16T21:41:15.381936 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/lvm -2022-11-16T21:41:15.388819 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppet-augeasproviders_grub-4.0.0 tarball -2022-11-16T21:41:15.388916 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppet-augeasproviders_grub-4.0.0/tarball/puppet-augeasproviders_grub-4.0.0.tar.gz matches checksum -2022-11-16T21:41:15.389752 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppet-augeasproviders_grub-4.0.0/tarball/puppet-augeasproviders_grub-4.0.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/augeasproviders_grub (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-1kr592h/puppet-augeasproviders_grub-4.0.0) -2022-11-16T21:41:15.411994 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppet-augeasproviders_grub-4.0.0", "puppet-augeasproviders_grub-4.0.0/CHANGELOG.md", "puppet-augeasproviders_grub-4.0.0/LICENSE", "puppet-augeasproviders_grub-4.0.0/README.md", "puppet-augeasproviders_grub-4.0.0/REFERENCE.md", "puppet-augeasproviders_grub-4.0.0/lib", "puppet-augeasproviders_grub-4.0.0/lib/facter", "puppet-augeasproviders_grub-4.0.0/lib/facter/augeasprovider_grub_version.rb", "puppet-augeasproviders_grub-4.0.0/lib/puppet", "puppet-augeasproviders_grub-4.0.0/lib/puppet/provider", "puppet-augeasproviders_grub-4.0.0/lib/puppet/provider/grub_config", "puppet-augeasproviders_grub-4.0.0/lib/puppet/provider/grub_config/grub2.rb", "puppet-augeasproviders_grub-4.0.0/lib/puppet/provider/grub_menuentry", "puppet-augeasproviders_grub-4.0.0/lib/puppet/provider/grub_menuentry/grub2.rb", "puppet-augeasproviders_grub-4.0.0/lib/puppet/provider/grub_user", "puppet-augeasproviders_grub-4.0.0/lib/puppet/provider/grub_user/grub2.rb", "puppet-augeasproviders_grub-4.0.0/lib/puppet/provider/kernel_parameter", "puppet-augeasproviders_grub-4.0.0/lib/puppet/provider/kernel_parameter/grub2.rb", "puppet-augeasproviders_grub-4.0.0/lib/puppet/type", "puppet-augeasproviders_grub-4.0.0/lib/puppet/type/grub_config.rb", "puppet-augeasproviders_grub-4.0.0/lib/puppet/type/grub_menuentry.rb", "puppet-augeasproviders_grub-4.0.0/lib/puppet/type/grub_user.rb", "puppet-augeasproviders_grub-4.0.0/lib/puppet/type/kernel_parameter.rb", "puppet-augeasproviders_grub-4.0.0/lib/puppetx", "puppet-augeasproviders_grub-4.0.0/lib/puppetx/augeasproviders_grub", "puppet-augeasproviders_grub-4.0.0/lib/puppetx/augeasproviders_grub/util.rb", "puppet-augeasproviders_grub-4.0.0/metadata.json"] -2022-11-16T21:41:15.412416 INFO [] [Bolt::R10KLogProxy] Deploying module to /Users/bryanbelanger/projects/secure_linux_cis/.modules/exec -2022-11-16T21:41:15.446529 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppet-augeasproviders_shellvar-5.0.0 tarball -2022-11-16T21:41:15.446589 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppet-augeasproviders_shellvar-5.0.0/tarball/puppet-augeasproviders_shellvar-5.0.0.tar.gz matches checksum -2022-11-16T21:41:15.447341 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppet-augeasproviders_shellvar-5.0.0/tarball/puppet-augeasproviders_shellvar-5.0.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/augeasproviders_shellvar (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-fieiyx/puppet-augeasproviders_shellvar-5.0.0) -2022-11-16T21:41:15.459308 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppetlabs-lvm-1.4.0 tarball -2022-11-16T21:41:15.459371 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppetlabs-lvm-1.4.0/tarball/puppetlabs-lvm-1.4.0.tar.gz matches checksum -2022-11-16T21:41:15.461514 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppetlabs-lvm-1.4.0/tarball/puppetlabs-lvm-1.4.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/lvm (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-1imlp5s/puppetlabs-lvm-1.4.0) -2022-11-16T21:41:15.470355 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppet-augeasproviders_shellvar-5.0.0", "puppet-augeasproviders_shellvar-5.0.0/CHANGELOG.md", "puppet-augeasproviders_shellvar-5.0.0/HISTORY.md", "puppet-augeasproviders_shellvar-5.0.0/LICENSE", "puppet-augeasproviders_shellvar-5.0.0/README.md", "puppet-augeasproviders_shellvar-5.0.0/REFERENCE.md", "puppet-augeasproviders_shellvar-5.0.0/data", "puppet-augeasproviders_shellvar-5.0.0/data/common.yaml", "puppet-augeasproviders_shellvar-5.0.0/hiera.yaml", "puppet-augeasproviders_shellvar-5.0.0/lib", "puppet-augeasproviders_shellvar-5.0.0/lib/puppet", "puppet-augeasproviders_shellvar-5.0.0/lib/puppet/provider", "puppet-augeasproviders_shellvar-5.0.0/lib/puppet/provider/shellvar", "puppet-augeasproviders_shellvar-5.0.0/lib/puppet/provider/shellvar/augeas.rb", "puppet-augeasproviders_shellvar-5.0.0/lib/puppet/type", "puppet-augeasproviders_shellvar-5.0.0/lib/puppet/type/shellvar.rb", "puppet-augeasproviders_shellvar-5.0.0/metadata.json"] -2022-11-16T21:41:15.471439 DEBUG [] [Bolt::R10KLogProxy] Module thread 10160 exiting: queue empty -2022-11-16T21:41:15.481076 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppetlabs-exec-2.2.0 tarball -2022-11-16T21:41:15.481141 DEBUG [] [Bolt::R10KLogProxy] Verifying that /Users/bryanbelanger/.r10k/cache/puppetlabs-exec-2.2.0/tarball/puppetlabs-exec-2.2.0.tar.gz matches checksum -2022-11-16T21:41:15.482026 DEBUG [] [Bolt::R10KLogProxy] Unpacking /Users/bryanbelanger/.r10k/cache/puppetlabs-exec-2.2.0/tarball/puppetlabs-exec-2.2.0.tar.gz to /Users/bryanbelanger/projects/secure_linux_cis/.modules/exec (with tmpdir /var/folders/yv/g3_82jt10sx_58ny34d73vlm0000gn/T/d20221116-11731-kcdv65/puppetlabs-exec-2.2.0) -2022-11-16T21:41:15.520906 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppetlabs-stdlib-6.6.0", "puppetlabs-stdlib-6.6.0/.devcontainer", "puppetlabs-stdlib-6.6.0/.devcontainer/Dockerfile", "puppetlabs-stdlib-6.6.0/.devcontainer/devcontainer.json", "puppetlabs-stdlib-6.6.0/.github", "puppetlabs-stdlib-6.6.0/.github/workflows", "puppetlabs-stdlib-6.6.0/.github/workflows/nightly.yml", "puppetlabs-stdlib-6.6.0/.github/workflows/pr_test.yml", "puppetlabs-stdlib-6.6.0/.gitpod.Dockerfile", "puppetlabs-stdlib-6.6.0/.gitpod.yml", "puppetlabs-stdlib-6.6.0/.rubocop_todo.yml", "puppetlabs-stdlib-6.6.0/.ruby-version", "puppetlabs-stdlib-6.6.0/CHANGELOG.md", "puppetlabs-stdlib-6.6.0/CODEOWNERS", "puppetlabs-stdlib-6.6.0/CONTRIBUTING.md", "puppetlabs-stdlib-6.6.0/Gemfile_puppet5", "puppetlabs-stdlib-6.6.0/Gemfile_puppet6", "puppetlabs-stdlib-6.6.0/HISTORY.md", "puppetlabs-stdlib-6.6.0/LICENSE", "puppetlabs-stdlib-6.6.0/NOTICE", "puppetlabs-stdlib-6.6.0/README.md", "puppetlabs-stdlib-6.6.0/README_DEVELOPER.markdown", "puppetlabs-stdlib-6.6.0/README_SPECS.markdown", "puppetlabs-stdlib-6.6.0/REFERENCE.md", "puppetlabs-stdlib-6.6.0/RELEASE_PROCESS.markdown", "puppetlabs-stdlib-6.6.0/data", "puppetlabs-stdlib-6.6.0/data/common.yaml", "puppetlabs-stdlib-6.6.0/examples", "puppetlabs-stdlib-6.6.0/examples/file_line.pp", "puppetlabs-stdlib-6.6.0/examples/has_interface_with.pp", "puppetlabs-stdlib-6.6.0/examples/has_ip_address.pp", "puppetlabs-stdlib-6.6.0/examples/has_ip_network.pp", "puppetlabs-stdlib-6.6.0/examples/init.pp", "puppetlabs-stdlib-6.6.0/functions", "puppetlabs-stdlib-6.6.0/functions/ensure.pp", "puppetlabs-stdlib-6.6.0/hiera.yaml", "puppetlabs-stdlib-6.6.0/lib", "puppetlabs-stdlib-6.6.0/lib/facter", "puppetlabs-stdlib-6.6.0/lib/facter/package_provider.rb", "puppetlabs-stdlib-6.6.0/lib/facter/pe_version.rb", "puppetlabs-stdlib-6.6.0/lib/facter/puppet_settings.rb", "puppetlabs-stdlib-6.6.0/lib/facter/root_home.rb", "puppetlabs-stdlib-6.6.0/lib/facter/service_provider.rb", "puppetlabs-stdlib-6.6.0/lib/facter/util", "puppetlabs-stdlib-6.6.0/lib/facter/util/puppet_settings.rb", "puppetlabs-stdlib-6.6.0/lib/puppet", "puppetlabs-stdlib-6.6.0/lib/puppet/functions", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/deprecation.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/fact.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/is_a.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/is_absolute_path.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/is_array.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/is_bool.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/is_float.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/is_ip_address.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/is_ipv4_address.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/is_ipv6_address.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/is_numeric.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/is_string.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/length.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/merge.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/os_version_gte.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/parsehocon.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/seeded_rand_string.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/sprintf_hash.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/stdlib", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/stdlib/end_with.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/stdlib/extname.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/stdlib/ip_in_range.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/stdlib/start_with.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/to_json.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/to_json_pretty.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/to_yaml.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/type_of.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/validate_absolute_path.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/validate_array.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/validate_bool.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/validate_hash.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/validate_integer.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/validate_ip_address.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/validate_ipv4_address.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/validate_ipv6_address.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/validate_legacy.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/validate_numeric.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/validate_re.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/validate_slength.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/functions/validate_string.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/abs.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/any2array.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/any2bool.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/assert_private.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/base64.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/basename.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/bool2num.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/bool2str.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/camelcase.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/capitalize.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/ceiling.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/chomp.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/chop.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/clamp.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/concat.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/convert_base.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/count.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/deep_merge.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/defined_with_params.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/delete.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/delete_at.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/delete_regex.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/delete_undef_values.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/delete_values.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/deprecation.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/difference.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/dig.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/dig44.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/dirname.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/dos2unix.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/downcase.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/empty.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/enclose_ipv6.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/ensure_packages.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/ensure_resource.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/ensure_resources.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/flatten.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/floor.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/fqdn_rand_string.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/fqdn_rotate.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/fqdn_uuid.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/get_module_path.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/getparam.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/getvar.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/glob.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/grep.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/has_interface_with.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/has_ip_address.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/has_ip_network.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/has_key.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/hash.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/intersection.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/is_absolute_path.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/is_array.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/is_bool.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/is_domain_name.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/is_email_address.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/is_float.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/is_function_available.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/is_hash.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/is_integer.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/is_ip_address.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/is_ipv4_address.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/is_ipv6_address.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/is_mac_address.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/is_numeric.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/is_string.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/join.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/join_keys_to_values.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/keys.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/load_module_metadata.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/loadjson.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/loadyaml.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/lstrip.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/max.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/member.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/merge.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/min.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/num2bool.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/parsejson.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/parseyaml.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/pick.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/pick_default.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/prefix.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/private.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/pry.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/pw_hash.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/range.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/regexpescape.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/reject.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/reverse.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/round.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/rstrip.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/seeded_rand.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/shell_escape.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/shell_join.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/shell_split.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/shuffle.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/size.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/sort.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/squeeze.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/str2bool.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/str2saltedpbkdf2.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/str2saltedsha512.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/strip.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/suffix.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/swapcase.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/time.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/to_bytes.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/try_get_value.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/type.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/type3x.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/union.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/unique.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/unix2dos.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/upcase.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/uriescape.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/validate_absolute_path.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/validate_array.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/validate_augeas.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/validate_bool.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/validate_cmd.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/validate_domain_name.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/validate_email_address.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/validate_hash.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/validate_integer.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/validate_ip_address.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/validate_ipv4_address.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/validate_ipv6_address.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/validate_numeric.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/validate_re.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/validate_slength.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/validate_string.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/validate_x509_rsa_key_pair.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/values.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/values_at.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/parser/functions/zip.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/provider", "puppetlabs-stdlib-6.6.0/lib/puppet/provider/file_line", "puppetlabs-stdlib-6.6.0/lib/puppet/provider/file_line/ruby.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/type", "puppetlabs-stdlib-6.6.0/lib/puppet/type/anchor.rb", "puppetlabs-stdlib-6.6.0/lib/puppet/type/file_line.rb", "puppetlabs-stdlib-6.6.0/locales", "puppetlabs-stdlib-6.6.0/locales/config.yaml", "puppetlabs-stdlib-6.6.0/locales/ja", "puppetlabs-stdlib-6.6.0/locales/ja/puppetlabs-stdlib.po", "puppetlabs-stdlib-6.6.0/locales/puppetlabs-stdlib.pot", "puppetlabs-stdlib-6.6.0/manifests", "puppetlabs-stdlib-6.6.0/manifests/init.pp", "puppetlabs-stdlib-6.6.0/manifests/stages.pp", "puppetlabs-stdlib-6.6.0/metadata.json", "puppetlabs-stdlib-6.6.0/provision.yaml", "puppetlabs-stdlib-6.6.0/readmes", "puppetlabs-stdlib-6.6.0/readmes/README_ja_JP.md", "puppetlabs-stdlib-6.6.0/types", "puppetlabs-stdlib-6.6.0/types/absolutepath.pp", "puppetlabs-stdlib-6.6.0/types/base32.pp", "puppetlabs-stdlib-6.6.0/types/base64.pp", "puppetlabs-stdlib-6.6.0/types/compat", "puppetlabs-stdlib-6.6.0/types/compat/absolute_path.pp", "puppetlabs-stdlib-6.6.0/types/compat/array.pp", "puppetlabs-stdlib-6.6.0/types/compat/bool.pp", "puppetlabs-stdlib-6.6.0/types/compat/float.pp", "puppetlabs-stdlib-6.6.0/types/compat/hash.pp", "puppetlabs-stdlib-6.6.0/types/compat/integer.pp", "puppetlabs-stdlib-6.6.0/types/compat/ip_address.pp", "puppetlabs-stdlib-6.6.0/types/compat/ipv4.pp", "puppetlabs-stdlib-6.6.0/types/compat/ipv6.pp", "puppetlabs-stdlib-6.6.0/types/compat/numeric.pp", "puppetlabs-stdlib-6.6.0/types/compat/re.pp", "puppetlabs-stdlib-6.6.0/types/compat/string.pp", "puppetlabs-stdlib-6.6.0/types/datasize.pp", "puppetlabs-stdlib-6.6.0/types/ensure", "puppetlabs-stdlib-6.6.0/types/ensure/file", "puppetlabs-stdlib-6.6.0/types/ensure/file/directory.pp", "puppetlabs-stdlib-6.6.0/types/ensure/file/file.pp", "puppetlabs-stdlib-6.6.0/types/ensure/file/link.pp", "puppetlabs-stdlib-6.6.0/types/ensure/file.pp", "puppetlabs-stdlib-6.6.0/types/ensure/service.pp", "puppetlabs-stdlib-6.6.0/types/filemode.pp", "puppetlabs-stdlib-6.6.0/types/filesource.pp", "puppetlabs-stdlib-6.6.0/types/fqdn.pp", "puppetlabs-stdlib-6.6.0/types/host.pp", "puppetlabs-stdlib-6.6.0/types/httpstatus.pp", "puppetlabs-stdlib-6.6.0/types/httpsurl.pp", "puppetlabs-stdlib-6.6.0/types/httpurl.pp", "puppetlabs-stdlib-6.6.0/types/ip", "puppetlabs-stdlib-6.6.0/types/ip/address", "puppetlabs-stdlib-6.6.0/types/ip/address/nosubnet.pp", "puppetlabs-stdlib-6.6.0/types/ip/address/v4", "puppetlabs-stdlib-6.6.0/types/ip/address/v4/cidr.pp", "puppetlabs-stdlib-6.6.0/types/ip/address/v4/nosubnet.pp", "puppetlabs-stdlib-6.6.0/types/ip/address/v4.pp", "puppetlabs-stdlib-6.6.0/types/ip/address/v6", "puppetlabs-stdlib-6.6.0/types/ip/address/v6/alternative.pp", "puppetlabs-stdlib-6.6.0/types/ip/address/v6/cidr.pp", "puppetlabs-stdlib-6.6.0/types/ip/address/v6/compressed.pp", "puppetlabs-stdlib-6.6.0/types/ip/address/v6/full.pp", "puppetlabs-stdlib-6.6.0/types/ip/address/v6/nosubnet", "puppetlabs-stdlib-6.6.0/types/ip/address/v6/nosubnet/alternative.pp", "puppetlabs-stdlib-6.6.0/types/ip/address/v6/nosubnet/compressed.pp", "puppetlabs-stdlib-6.6.0/types/ip/address/v6/nosubnet/full.pp", "puppetlabs-stdlib-6.6.0/types/ip/address/v6/nosubnet.pp", "puppetlabs-stdlib-6.6.0/types/ip/address/v6.pp", "puppetlabs-stdlib-6.6.0/types/ip/address.pp", "puppetlabs-stdlib-6.6.0/types/mac.pp", "puppetlabs-stdlib-6.6.0/types/objectstore", "puppetlabs-stdlib-6.6.0/types/objectstore/gsuri.pp", "puppetlabs-stdlib-6.6.0/types/objectstore/s3uri.pp", "puppetlabs-stdlib-6.6.0/types/objectstore.pp", "puppetlabs-stdlib-6.6.0/types/port", "puppetlabs-stdlib-6.6.0/types/port/dynamic.pp", "puppetlabs-stdlib-6.6.0/types/port/ephemeral.pp", "puppetlabs-stdlib-6.6.0/types/port/privileged.pp", "puppetlabs-stdlib-6.6.0/types/port/registered.pp", "puppetlabs-stdlib-6.6.0/types/port/unprivileged.pp", "puppetlabs-stdlib-6.6.0/types/port/user.pp", "puppetlabs-stdlib-6.6.0/types/port.pp", "puppetlabs-stdlib-6.6.0/types/syslogfacility.pp", "puppetlabs-stdlib-6.6.0/types/unixpath.pp", "puppetlabs-stdlib-6.6.0/types/windowspath.pp", "puppetlabs-stdlib-6.6.0/types/yes_no.pp"] -2022-11-16T21:41:15.522030 DEBUG [] [Bolt::R10KLogProxy] Module thread 10180 exiting: queue empty -2022-11-16T21:41:15.522530 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppetlabs-exec-2.2.0", "puppetlabs-exec-2.2.0/.github", "puppetlabs-exec-2.2.0/.github/workflows", "puppetlabs-exec-2.2.0/.github/workflows/auto_release.yml", "puppetlabs-exec-2.2.0/.github/workflows/labeller.yml", "puppetlabs-exec-2.2.0/.github/workflows/nightly.yml", "puppetlabs-exec-2.2.0/.github/workflows/pr_test.yml", "puppetlabs-exec-2.2.0/.github/workflows/release.yml", "puppetlabs-exec-2.2.0/.github/workflows/spec.yml", "puppetlabs-exec-2.2.0/.github/workflows/stale.yml", "puppetlabs-exec-2.2.0/.gitpod.Dockerfile", "puppetlabs-exec-2.2.0/.gitpod.yml", "puppetlabs-exec-2.2.0/.pmtignore", "puppetlabs-exec-2.2.0/.rubocop_todo.yml", "puppetlabs-exec-2.2.0/CHANGELOG.md", "puppetlabs-exec-2.2.0/CODEOWNERS", "puppetlabs-exec-2.2.0/CONTRIBUTING.md", "puppetlabs-exec-2.2.0/HISTORY.md", "puppetlabs-exec-2.2.0/LICENSE", "puppetlabs-exec-2.2.0/NOTICE", "puppetlabs-exec-2.2.0/README.md", "puppetlabs-exec-2.2.0/REFERENCE.md", "puppetlabs-exec-2.2.0/data", "puppetlabs-exec-2.2.0/data/common.yaml", "puppetlabs-exec-2.2.0/hiera.yaml", "puppetlabs-exec-2.2.0/metadata.json", "puppetlabs-exec-2.2.0/pdk.yaml", "puppetlabs-exec-2.2.0/provision.yaml", "puppetlabs-exec-2.2.0/tasks", "puppetlabs-exec-2.2.0/tasks/init.json", "puppetlabs-exec-2.2.0/tasks/init.rb", "puppetlabs-exec-2.2.0/tasks/linux.json", "puppetlabs-exec-2.2.0/tasks/linux.sh", "puppetlabs-exec-2.2.0/tasks/windows.json", "puppetlabs-exec-2.2.0/tasks/windows.ps1"] -2022-11-16T21:41:15.523717 DEBUG [] [Bolt::R10KLogProxy] Module thread 10200 exiting: queue empty -2022-11-16T21:41:15.565855 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppetlabs-lvm-1.4.0", "puppetlabs-lvm-1.4.0/.autotest", "puppetlabs-lvm-1.4.0/.puppet-lint.rc", "puppetlabs-lvm-1.4.0/.rubocop_todo.yml", "puppetlabs-lvm-1.4.0/.sync.yml", "puppetlabs-lvm-1.4.0/CHANGELOG.md", "puppetlabs-lvm-1.4.0/HISTORY.md", "puppetlabs-lvm-1.4.0/LICENSE", "puppetlabs-lvm-1.4.0/README.md", "puppetlabs-lvm-1.4.0/REFERENCE.md", "puppetlabs-lvm-1.4.0/data", "puppetlabs-lvm-1.4.0/data/common.yaml", "puppetlabs-lvm-1.4.0/functions", "puppetlabs-lvm-1.4.0/functions/bytes_to_size.pp", "puppetlabs-lvm-1.4.0/functions/size_to_bytes.pp", "puppetlabs-lvm-1.4.0/hiera.yaml", "puppetlabs-lvm-1.4.0/lib", "puppetlabs-lvm-1.4.0/lib/facter", "puppetlabs-lvm-1.4.0/lib/facter/logical_volumes.rb", "puppetlabs-lvm-1.4.0/lib/facter/lvm_support.rb", "puppetlabs-lvm-1.4.0/lib/facter/physical_volumes.rb", "puppetlabs-lvm-1.4.0/lib/facter/volume_groups.rb", "puppetlabs-lvm-1.4.0/lib/puppet", "puppetlabs-lvm-1.4.0/lib/puppet/provider", "puppetlabs-lvm-1.4.0/lib/puppet/provider/filesystem", "puppetlabs-lvm-1.4.0/lib/puppet/provider/filesystem/aix.rb", "puppetlabs-lvm-1.4.0/lib/puppet/provider/filesystem/lvm.rb", "puppetlabs-lvm-1.4.0/lib/puppet/provider/logical_volume", "puppetlabs-lvm-1.4.0/lib/puppet/provider/logical_volume/aix.rb", "puppetlabs-lvm-1.4.0/lib/puppet/provider/logical_volume/lvm.rb", "puppetlabs-lvm-1.4.0/lib/puppet/provider/physical_volume", "puppetlabs-lvm-1.4.0/lib/puppet/provider/physical_volume/aix.rb", "puppetlabs-lvm-1.4.0/lib/puppet/provider/physical_volume/lvm.rb", "puppetlabs-lvm-1.4.0/lib/puppet/provider/volume_group", "puppetlabs-lvm-1.4.0/lib/puppet/provider/volume_group/aix.rb", "puppetlabs-lvm-1.4.0/lib/puppet/provider/volume_group/lvm.rb", "puppetlabs-lvm-1.4.0/lib/puppet/type", "puppetlabs-lvm-1.4.0/lib/puppet/type/filesystem.rb", "puppetlabs-lvm-1.4.0/lib/puppet/type/logical_volume.rb", "puppetlabs-lvm-1.4.0/lib/puppet/type/physical_volume.rb", "puppetlabs-lvm-1.4.0/lib/puppet/type/volume_group.rb", "puppetlabs-lvm-1.4.0/lib/puppet_x", "puppetlabs-lvm-1.4.0/lib/puppet_x/lvm", "puppetlabs-lvm-1.4.0/lib/puppet_x/lvm/output.rb", "puppetlabs-lvm-1.4.0/manifests", "puppetlabs-lvm-1.4.0/manifests/init.pp", "puppetlabs-lvm-1.4.0/manifests/logical_volume.pp", "puppetlabs-lvm-1.4.0/manifests/physical_volume.pp", "puppetlabs-lvm-1.4.0/manifests/volume.pp", "puppetlabs-lvm-1.4.0/manifests/volume_group.pp", "puppetlabs-lvm-1.4.0/metadata.json", "puppetlabs-lvm-1.4.0/plans", "puppetlabs-lvm-1.4.0/plans/expand.pp", "puppetlabs-lvm-1.4.0/tasks", "puppetlabs-lvm-1.4.0/tasks/ensure_fs.json", "puppetlabs-lvm-1.4.0/tasks/ensure_fs.rb", "puppetlabs-lvm-1.4.0/tasks/ensure_lv.json", "puppetlabs-lvm-1.4.0/tasks/ensure_lv.rb", "puppetlabs-lvm-1.4.0/tasks/ensure_pv.json", "puppetlabs-lvm-1.4.0/tasks/ensure_pv.rb", "puppetlabs-lvm-1.4.0/tasks/ensure_vg.json", "puppetlabs-lvm-1.4.0/tasks/ensure_vg.rb", "puppetlabs-lvm-1.4.0/tasks/extend_lv.json", "puppetlabs-lvm-1.4.0/tasks/extend_lv.rb", "puppetlabs-lvm-1.4.0/tasks/extend_vg.json", "puppetlabs-lvm-1.4.0/tasks/extend_vg.rb", "puppetlabs-lvm-1.4.0/tasks/mount_lv.json", "puppetlabs-lvm-1.4.0/tasks/mount_lv.rb", "puppetlabs-lvm-1.4.0/tests", "puppetlabs-lvm-1.4.0/tests/beaker", "puppetlabs-lvm-1.4.0/tests/beaker/configs", "puppetlabs-lvm-1.4.0/tests/beaker/configs/aix-71-spec.yml", "puppetlabs-lvm-1.4.0/tests/beaker/configs/fusion.yml", "puppetlabs-lvm-1.4.0/tests/beaker/configs/redhat-6-64mda.yml", "puppetlabs-lvm-1.4.0/tests/beaker/lib", "puppetlabs-lvm-1.4.0/tests/beaker/lib/lvm_helper.rb", "puppetlabs-lvm-1.4.0/tests/beaker/pre-suite", "puppetlabs-lvm-1.4.0/tests/beaker/pre-suite/00_pe_install.rb", "puppetlabs-lvm-1.4.0/tests/beaker/pre-suite/01_lvm_module_install.rb", "puppetlabs-lvm-1.4.0/tests/beaker/pre-suite/02_add_extra_hdd.rb", "puppetlabs-lvm-1.4.0/tests/beaker/test_run_scripts", "puppetlabs-lvm-1.4.0/tests/beaker/test_run_scripts/integration_tests.sh", "puppetlabs-lvm-1.4.0/tests/beaker/test_run_scripts/integration_tests_aix.sh", "puppetlabs-lvm-1.4.0/tests/beaker/tests", "puppetlabs-lvm-1.4.0/tests/beaker/tests/aix", "puppetlabs-lvm-1.4.0/tests/beaker/tests/aix/create_lv_with_param_max_range.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/aix/create_lv_with_param_min_range.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/aix/create_lv_with_param_type.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/aix/create_physical_volume_on_aix.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/aix/create_volume_group_on_aix.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_filesystem_non-existing-format.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_filesystem_with_ensure_property_ext2.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_filesystem_with_param_fs_type_ext4.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_filesystem_with_param_name_ext3.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_filesystem_with_param_options.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_lv_with_param_alloc.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_lv_with_param_extents.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_lv_with_param_initial_size.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_lv_with_param_name.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_lv_with_param_no_sync.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_lv_with_param_readahead.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_lv_with_param_region_size.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_lv_with_param_size_is_minsize.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_lv_with_param_stripes.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_lv_with_param_stripesize.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_lv_with_property_mirror.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_lv_with_property_mirrorlog.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_lv_without_param_name.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_pv_param_unless_vg.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_pv_w_param_force.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_pv_with_param_name.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_pv_wo_param_name.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_vg_param_createonly.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_vg_property_logical_volumes.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_vg_property_physical_volumes.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_vg_w_2_physical_volumes.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_vg_w_param_name.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/create_vg_wo_param_name.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/remove_lv.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/remove_pv.rb", "puppetlabs-lvm-1.4.0/tests/beaker/tests/remove_vg.rb"] -2022-11-16T21:41:15.566280 DEBUG [] [Bolt::R10KLogProxy] Module thread 10220 exiting: queue empty -2022-11-16T21:41:15.568648 DEBUG [main] [Bolt::R10KLogProxy] No unmanaged contents in /Users/bryanbelanger/projects/secure_linux_cis/.modules, nothing to purge -2022-11-16T21:41:16.223640 WARN [main] [Puppet] Enum parameters must be identifiers or strings +2023-07-14T16:31:08.327957 INFO [main] [Bolt::Logger] Loaded project from '/root/test/secure_linux_cis' +2023-07-14T16:31:08.376490 DEBUG [main] [Bolt::Executor] Started with 100 max thread(s) +2023-07-14T16:31:08.993975 DEBUG [main] [Bolt::PAL] Loading modules from /opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/bolt-modules:/root/test/secure_linux_cis/modules:/root/test/secure_linux_cis/.modules:/opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-3.27.1/modules +2023-07-14T16:31:08.994399 DEBUG [main] [Bolt::Inventory] Tried to load inventory from /root/test/secure_linux_cis/inventory.yaml, but the file does not exist +2023-07-14T16:31:09.391354 INFO [main] [Bolt::R10KLogProxy] Using Puppetfile '/root/test/secure_linux_cis/Puppetfile' +2023-07-14T16:31:09.391472 DEBUG [main] [Bolt::R10KLogProxy] Using moduledir '/root/test/secure_linux_cis/.modules' +2023-07-14T16:31:09.398606 DEBUG [main] [Bolt::R10KLogProxy] Updating modules with 4 threads +2023-07-14T16:31:09.400636 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/chrony +2023-07-14T16:31:09.410547 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/exec +2023-07-14T16:31:09.410969 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/lvm +2023-07-14T16:31:09.411210 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/augeasproviders_shellvar +2023-07-14T16:31:09.411431 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/augeasproviders_grub +2023-07-14T16:31:09.411637 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/cron +2023-07-14T16:31:09.411891 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/mount_core +2023-07-14T16:31:09.412011 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/auditd +2023-07-14T16:31:09.412607 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/reboot +2023-07-14T16:31:09.412865 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/puppet_agent +2023-07-14T16:31:09.413187 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/ntp +2023-07-14T16:31:09.413476 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/mailalias_core +2023-07-14T16:31:09.412345 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/stdlib +2023-07-14T16:31:09.417921 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/inifile +2023-07-14T16:31:09.418151 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/firewall +2023-07-14T16:31:09.418511 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/concat +2023-07-14T16:31:09.418761 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/augeas_core +2023-07-14T16:31:09.418948 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/systemd +2023-07-14T16:31:09.419152 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/selinux +2023-07-14T16:31:09.419486 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/postfix +2023-07-14T16:31:09.419684 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/logrotate +2023-07-14T16:31:09.419881 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/kmod +2023-07-14T16:31:09.420084 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/firewalld +2023-07-14T16:31:09.420275 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/alternatives +2023-07-14T16:31:09.420514 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/augeas +2023-07-14T16:31:09.420712 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/apt +2023-07-14T16:31:09.420911 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/facts +2023-07-14T16:31:09.421118 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/augeasproviders_core +2023-07-14T16:31:09.421309 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/augeasproviders_pam +2023-07-14T16:31:09.421588 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/augeasproviders_sysctl +2023-07-14T16:31:09.421804 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/service +2023-07-14T16:31:09.422045 INFO [] [Bolt::R10KLogProxy] Deploying module to /root/test/secure_linux_cis/.modules/package +2023-07-14T16:31:09.422355 DEBUG [] [Bolt::R10KLogProxy] Module thread 10280 exiting: queue empty +2023-07-14T16:31:09.422577 DEBUG [] [Bolt::R10KLogProxy] Module thread 10300 exiting: queue empty +2023-07-14T16:31:09.422909 DEBUG [] [Bolt::R10KLogProxy] Module thread 10320 exiting: queue empty +2023-07-14T16:31:09.646037 DEBUG [] [Bolt::R10KLogProxy] Using cached copy of puppet-chrony-3.0.0 tarball +2023-07-14T16:31:09.646099 DEBUG [] [Bolt::R10KLogProxy] Verifying that /root/.r10k/cache/puppet-chrony-3.0.0/tarball/puppet-chrony-3.0.0.tar.gz matches checksum +2023-07-14T16:31:09.647165 DEBUG [] [Bolt::R10KLogProxy] Unpacking /root/.r10k/cache/puppet-chrony-3.0.0/tarball/puppet-chrony-3.0.0.tar.gz to /root/test/secure_linux_cis/.modules/chrony (with tmpdir /tmp/d20230714-13924-1xss5rf/puppet-chrony-3.0.0) +2023-07-14T16:31:09.695870 DEBUG [] [Bolt::R10KLogProxy] Valid files unpacked: ["puppet-chrony-3.0.0", "puppet-chrony-3.0.0/CHANGELOG.md", "puppet-chrony-3.0.0/CONTRIBUTORS", "puppet-chrony-3.0.0/HISTORY.md", "puppet-chrony-3.0.0/LICENSE", "puppet-chrony-3.0.0/README.md", "puppet-chrony-3.0.0/REFERENCE.md", "puppet-chrony-3.0.0/data", "puppet-chrony-3.0.0/data/Archlinux.yaml", "puppet-chrony-3.0.0/data/Gentoo.yaml", "puppet-chrony-3.0.0/data/RedHat", "puppet-chrony-3.0.0/data/RedHat/9.yaml", "puppet-chrony-3.0.0/data/RedHat.yaml", "puppet-chrony-3.0.0/data/Suse.yaml", "puppet-chrony-3.0.0/examples", "puppet-chrony-3.0.0/examples/init.pp", "puppet-chrony-3.0.0/functions", "puppet-chrony-3.0.0/functions/server_array_to_hash.pp", "puppet-chrony-3.0.0/hiera.yaml", "puppet-chrony-3.0.0/manifests", "puppet-chrony-3.0.0/manifests/config.pp", "puppet-chrony-3.0.0/manifests/init.pp", "puppet-chrony-3.0.0/manifests/install.pp", "puppet-chrony-3.0.0/manifests/service.pp", "puppet-chrony-3.0.0/metadata.json", "puppet-chrony-3.0.0/templates", "puppet-chrony-3.0.0/templates/chrony.conf.epp", "puppet-chrony-3.0.0/templates/chrony.keys.epp", "puppet-chrony-3.0.0/types", "puppet-chrony-3.0.0/types/servers.pp"] +2023-07-14T16:31:09.696201 DEBUG [] [Bolt::R10KLogProxy] Module thread 10340 exiting: queue empty +2023-07-14T16:31:09.698995 DEBUG [main] [Bolt::R10KLogProxy] No unmanaged contents in /root/test/secure_linux_cis/.modules, nothing to purge +2023-07-14T16:31:10.669714 WARN [main] [Puppet] Enum parameters must be identifiers or strings (file & line not available) -2022-11-16T21:41:16.580093 INFO [main] [Puppet] Generating Puppet resource types. -2022-11-16T21:41:16.627749 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/alternative_entry.pp' using 'pcore' format. -2022-11-16T21:41:16.669755 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/alternatives.pp' using 'pcore' format. -2022-11-16T21:41:16.718645 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/apt_key.pp' using 'pcore' format. -2022-11-16T21:41:16.771255 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/augeas.pp' using 'pcore' format. -2022-11-16T21:41:16.808097 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/augeasprovider.pp' using 'pcore' format. -2022-11-16T21:41:16.840057 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/grub_config.pp' using 'pcore' format. -2022-11-16T21:41:16.885007 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/grub_menuentry.pp' using 'pcore' format. -2022-11-16T21:41:16.918806 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/grub_user.pp' using 'pcore' format. -2022-11-16T21:41:16.968804 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/kernel_parameter.pp' using 'pcore' format. -2022-11-16T21:41:17.018624 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/pam.pp' using 'pcore' format. -2022-11-16T21:41:17.064481 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/shellvar.pp' using 'pcore' format. -2022-11-16T21:41:17.099752 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/sysctl.pp' using 'pcore' format. -2022-11-16T21:41:17.212027 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/concat_file.pp' using 'pcore' format. -2022-11-16T21:41:17.234146 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/concat_fragment.pp' using 'pcore' format. -2022-11-16T21:41:17.988995 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/firewall.pp' using 'pcore' format. -2022-11-16T21:41:18.029819 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/firewallchain.pp' using 'pcore' format. -2022-11-16T21:41:18.062821 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/firewalld_custom_service.pp' using 'pcore' format. -2022-11-16T21:41:18.092098 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/firewalld_direct_chain.pp' using 'pcore' format. -2022-11-16T21:41:18.122401 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/firewalld_direct_passthrough.pp' using 'pcore' format. -2022-11-16T21:41:18.183157 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/firewalld_direct_purge.pp' using 'pcore' format. -2022-11-16T21:41:18.187435 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/firewalld_direct_rule.pp' using 'pcore' format. -2022-11-16T21:41:18.224394 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/firewalld_ipset.pp' using 'pcore' format. -2022-11-16T21:41:18.253411 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/firewalld_port.pp' using 'pcore' format. -2022-11-16T21:41:18.285391 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/firewalld_rich_rule.pp' using 'pcore' format. -2022-11-16T21:41:18.313443 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/firewalld_service.pp' using 'pcore' format. -2022-11-16T21:41:18.346535 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/firewalld_zone.pp' using 'pcore' format. -2022-11-16T21:41:18.381216 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/ini_setting.pp' using 'pcore' format. -2022-11-16T21:41:18.416382 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/ini_subsetting.pp' using 'pcore' format. -2022-11-16T21:41:18.469276 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/filesystem.pp' using 'pcore' format. -2022-11-16T21:41:18.514832 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/logical_volume.pp' using 'pcore' format. -2022-11-16T21:41:18.547387 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/physical_volume.pp' using 'pcore' format. -2022-11-16T21:41:18.581736 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/volume_group.pp' using 'pcore' format. -2022-11-16T21:41:18.614709 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/mailalias.pp' using 'pcore' format. -2022-11-16T21:41:18.664975 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/mount.pp' using 'pcore' format. -2022-11-16T21:41:18.695134 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/puppet_agent_end_run.pp' using 'pcore' format. -2022-11-16T21:41:18.725061 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/puppet_agent_upgrade_error.pp' using 'pcore' format. -2022-11-16T21:41:18.774324 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/reboot.pp' using 'pcore' format. -2022-11-16T21:41:18.819523 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/selinux_fcontext.pp' using 'pcore' format. -2022-11-16T21:41:18.851470 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/selinux_fcontext_equivalence.pp' using 'pcore' format. -2022-11-16T21:41:18.882445 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/selinux_permissive.pp' using 'pcore' format. -2022-11-16T21:41:18.980007 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/selinux_port.pp' using 'pcore' format. -2022-11-16T21:41:19.004368 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/anchor.pp' using 'pcore' format. -2022-11-16T21:41:19.042499 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/file_line.pp' using 'pcore' format. -2022-11-16T21:41:19.073973 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/loginctl_user.pp' using 'pcore' format. -2022-11-16T21:41:19.116464 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/cron.pp' using 'pcore' format. -2022-11-16T21:41:19.156219 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/host.pp' using 'pcore' format. -2022-11-16T21:41:19.207373 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/scheduled_task.pp' using 'pcore' format. -2022-11-16T21:41:19.237704 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/selboolean.pp' using 'pcore' format. -2022-11-16T21:41:19.267913 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/selmodule.pp' using 'pcore' format. -2022-11-16T21:41:19.304118 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/ssh_authorized_key.pp' using 'pcore' format. -2022-11-16T21:41:19.339079 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/sshkey.pp' using 'pcore' format. -2022-11-16T21:41:19.403177 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/yumrepo.pp' using 'pcore' format. -2022-11-16T21:41:19.441012 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/zfs.pp' using 'pcore' format. -2022-11-16T21:41:19.478089 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/zpool.pp' using 'pcore' format. -2022-11-16T21:41:19.521239 INFO [main] [Puppet] Generating '/Users/bryanbelanger/projects/secure_linux_cis/.resource_types/zone.pp' using 'pcore' format. +2023-07-14T16:31:11.244370 INFO [main] [Puppet] Generating Puppet resource types. +2023-07-14T16:31:11.334346 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/cron.pp' using 'pcore' format. +2023-07-14T16:31:11.360107 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/host.pp' using 'pcore' format. +2023-07-14T16:31:11.408161 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/scheduled_task.pp' using 'pcore' format. +2023-07-14T16:31:11.430592 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/selboolean.pp' using 'pcore' format. +2023-07-14T16:31:11.456509 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/selmodule.pp' using 'pcore' format. +2023-07-14T16:31:11.490055 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/ssh_authorized_key.pp' using 'pcore' format. +2023-07-14T16:31:11.514729 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/sshkey.pp' using 'pcore' format. +2023-07-14T16:31:11.569120 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/yumrepo.pp' using 'pcore' format. +2023-07-14T16:31:11.600092 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/zfs.pp' using 'pcore' format. +2023-07-14T16:31:11.625177 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/zpool.pp' using 'pcore' format. +2023-07-14T16:31:11.657805 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/zone.pp' using 'pcore' format. +2023-07-14T16:31:11.711879 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/alternative_entry.pp' using 'pcore' format. +2023-07-14T16:31:11.761056 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/alternatives.pp' using 'pcore' format. +2023-07-14T16:31:11.803913 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/apt_key.pp' using 'pcore' format. +2023-07-14T16:31:11.840057 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/augeas.pp' using 'pcore' format. +2023-07-14T16:31:11.865843 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/augeasprovider.pp' using 'pcore' format. +2023-07-14T16:31:11.888690 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/grub_config.pp' using 'pcore' format. +2023-07-14T16:31:11.929796 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/grub_menuentry.pp' using 'pcore' format. +2023-07-14T16:31:11.957359 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/grub_user.pp' using 'pcore' format. +2023-07-14T16:31:11.981906 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/kernel_parameter.pp' using 'pcore' format. +2023-07-14T16:31:12.011471 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/pam.pp' using 'pcore' format. +2023-07-14T16:31:12.041425 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/shellvar.pp' using 'pcore' format. +2023-07-14T16:31:12.067453 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/sysctl.pp' using 'pcore' format. +2023-07-14T16:31:12.169717 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/concat_file.pp' using 'pcore' format. +2023-07-14T16:31:12.183310 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/concat_fragment.pp' using 'pcore' format. +2023-07-14T16:31:13.561331 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/firewall.pp' using 'pcore' format. +2023-07-14T16:31:13.595902 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/firewallchain.pp' using 'pcore' format. +2023-07-14T16:31:13.625049 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/firewalld_custom_service.pp' using 'pcore' format. +2023-07-14T16:31:13.652141 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/firewalld_direct_chain.pp' using 'pcore' format. +2023-07-14T16:31:13.677511 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/firewalld_direct_passthrough.pp' using 'pcore' format. +2023-07-14T16:31:13.728673 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/firewalld_direct_purge.pp' using 'pcore' format. +2023-07-14T16:31:13.734471 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/firewalld_direct_rule.pp' using 'pcore' format. +2023-07-14T16:31:13.765450 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/firewalld_ipset.pp' using 'pcore' format. +2023-07-14T16:31:13.790665 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/firewalld_port.pp' using 'pcore' format. +2023-07-14T16:31:13.818185 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/firewalld_rich_rule.pp' using 'pcore' format. +2023-07-14T16:31:13.839618 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/firewalld_service.pp' using 'pcore' format. +2023-07-14T16:31:13.873627 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/firewalld_zone.pp' using 'pcore' format. +2023-07-14T16:31:13.909440 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/ini_setting.pp' using 'pcore' format. +2023-07-14T16:31:13.943209 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/ini_subsetting.pp' using 'pcore' format. +2023-07-14T16:31:14.007982 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/filesystem.pp' using 'pcore' format. +2023-07-14T16:31:14.055428 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/logical_volume.pp' using 'pcore' format. +2023-07-14T16:31:14.080131 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/physical_volume.pp' using 'pcore' format. +2023-07-14T16:31:14.108727 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/volume_group.pp' using 'pcore' format. +2023-07-14T16:31:14.135868 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/mailalias.pp' using 'pcore' format. +2023-07-14T16:31:14.216259 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/mount.pp' using 'pcore' format. +2023-07-14T16:31:14.258306 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/puppet_agent_end_run.pp' using 'pcore' format. +2023-07-14T16:31:14.310758 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/puppet_agent_upgrade_error.pp' using 'pcore' format. +2023-07-14T16:31:14.390350 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/reboot.pp' using 'pcore' format. +2023-07-14T16:31:14.445556 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/selinux_fcontext.pp' using 'pcore' format. +2023-07-14T16:31:14.466540 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/selinux_fcontext_equivalence.pp' using 'pcore' format. +2023-07-14T16:31:14.490207 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/selinux_permissive.pp' using 'pcore' format. +2023-07-14T16:31:14.561036 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/selinux_port.pp' using 'pcore' format. +2023-07-14T16:31:14.574756 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/anchor.pp' using 'pcore' format. +2023-07-14T16:31:14.619411 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/file_line.pp' using 'pcore' format. +2023-07-14T16:31:14.642921 INFO [main] [Puppet] Generating '/root/test/secure_linux_cis/.resource_types/loginctl_user.pp' using 'pcore' format. diff --git a/bolt-project.yaml b/bolt-project.yaml index 946c1276..ff575813 100644 --- a/bolt-project.yaml +++ b/bolt-project.yaml @@ -30,3 +30,4 @@ modules: - puppetlabs/service - puppetlabs/exec - puppetlabs/package +- puppet/chrony diff --git a/data/os/RedHat/version/9.yaml b/data/os/RedHat/version/9.yaml new file mode 100644 index 00000000..95167f83 --- /dev/null +++ b/data/os/RedHat/version/9.yaml @@ -0,0 +1,799 @@ +--- +secure_linux_cis::server_level_1: +- ensure_tmp_is_a_separate_partition +- ensure_nodev_option_set_on_tmp_partition +- ensure_noexec_option_set_on_tmp_partition +- ensure_nosuid_option_set_on_tmp_partition +- ensure_separate_partition_exists_for_var +- ensure_nodev_option_set_on_var_partition +- ensure_noexec_option_set_on_var_partition +- ensure_nosuid_option_set_on_var_partition +- ensure_separate_partition_exists_for_var_tmp +- ensure_noexec_option_set_on_var_tmp_partition +- ensure_nosuid_option_set_on_var_tmp_partition +- ensure_nodev_option_set_on_var_tmp_partition +- ensure_nodev_option_set_on_var_log_partition +- ensure_noexec_option_set_on_var_log_partition +- ensure_nosuid_option_set_on_var_log_partition +- ensure_noexec_option_set_on_var_log_audit_partition +- ensure_nodev_option_set_on_var_log_audit_partition +- ensure_nosuid_option_set_on_var_log_audit_partition +- ensure_nodev_option_set_on_home_partition +- ensure_nosuid_option_set_on_home_partition +- ensure_separate_partition_exists_for_dev_shm +- ensure_nodev_option_set_on_dev_shm_partition +- ensure_noexec_option_set_on_dev_shm_partition +- ensure_nosuid_option_set_on_dev_shm_partition +- disable_usb_storage +- ensure_gpgcheck_is_globally_activated +- ensure_aide_is_installed +- ensure_cryptographic_mechanisms_are_used_to_protect_the_integrity_of_audit_tools +- ensure_filesystem_integrity_is_regularly_checked +- ensure_bootloader_password_is_set +- ensure_ssh_maxauthtries_is_set_to_4_or_less +- ensure_ssh_maxsessions_is_set_to_10_or_less +- ensure_permissions_on_bootloader_config_are_configured +- ensure_core_dump_storage_is_disabled +- ensure_core_dump_backtraces_are_disabled +- ensure_address_space_layout_randomization_aslr_is_enabled +- ensure_selinux_is_installed +- ensure_selinux_is_not_disabled_in_bootloader_configuration +- ensure_selinux_policy_is_configured +- ensure_the_selinux_mode_is_not_disabled +- ensure_no_unconfined_services_exist +- ensure_setroubleshoot_is_not_installed +- ensure_the_mcs_translation_service_mcstrans_is_not_installed +- ensure_message_of_the_day_is_configured_properly +- ensure_local_login_warning_banner_is_configured_properly +- ensure_remote_login_warning_banner_is_configured_properly +- ensure_permissions_on_etc_motd_are_configured +- ensure_permissions_on_etc_issue_are_configured +- ensure_permissions_on_etc_issue_net_are_configured +- ensure_gdm_login_banner_is_configured +- ensure_gdm_disable_user_list_option_is_enabled +- ensure_gdm_screen_locks_when_the_user_is_idle +- ensure_last_logged_in_user_display_is_disabled +- ensure_xdmcp_is_not_enabled +- ensure_automatic_mounting_of_removable_media_is_disabled +- ensure_system_wide_crypto_policy_is_not_legacy +- ensure_time_synchronization_is_in_use +- ensure_chrony_is_configured +- ensure_avahi_server_is_not_installed +- ensure_cups_is_not_installed +- ensure_dhcp_server_is_not_installed +- ensure_dns_server_is_not_installed +- ensure_ftp_server_is_not_installed +- ensure_vsftp_server_is_not_installed +- ensure_tftp_server_is_not_installed +- ensure_a_web_server_is_not_installed +- ensure_samba_is_not_installed +- ensure_http_proxy_server_is_not_installed +- ensure_net_snmp_is_not_installed +- ensure_telnet_server_is_not_installed +- ensure_dnsmasq_is_not_installed +- ensure_mail_transfer_agent_is_configured_for_local_only_mode +- ensure_nfs_utils_is_not_installed_or_the_nfs_server_service_is_masked +- ensure_rpcbind_is_not_installed_or_the_rpcbind_services_are_masked +- ensure_rsync_is_not_installed_or_the_rsyncd_service_is_masked +- ensure_rsh_client_is_not_installed +- ensure_talk_client_is_not_installed +- ensure_telnet_client_is_not_installed +- ensure_ldap_client_is_not_installed +- ensure_tftp_client_is_not_installed +- ensure_wireless_interfaces_are_disabled +- ensure_ip_forwarding_is_disabled +- ensure_packet_redirect_sending_is_disabled +- ensure_source_routed_packets_are_not_accepted +- ensure_icmp_redirects_are_not_accepted +- ensure_secure_icmp_redirects_are_not_accepted +- ensure_suspicious_packets_are_logged +- ensure_broadcast_icmp_requests_are_ignored +- ensure_bogus_icmp_responses_are_ignored +- ensure_reverse_path_filtering_is_enabled +- ensure_tcp_syn_cookies_is_enabled +- ensure_rsyslog_is_installed +- ensure_rsyslog_service_is_enabled +- ensure_rsyslog_default_file_permissions_are_configured +- ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_service_is_enabled +- ensure_journald_is_configured_to_compress_large_log_files +- ensure_journald_is_configured_to_write_logfiles_to_persistent_disk +- ensure_permissions_on_all_logfiles_are_configured +- ensure_cron_daemon_is_enabled +- ensure_permissions_on_etc_crontab_are_configured +- ensure_permissions_on_etc_cron_hourly_are_configured +- ensure_permissions_on_etc_cron_daily_are_configured +- ensure_permissions_on_etc_cron_weekly_are_configured +- ensure_permissions_on_etc_cron_monthly_are_configured +- ensure_permissions_on_etc_cron_d_are_configured +- ensure_cron_is_restricted_to_authorized_users +- ensure_at_is_restricted_to_authorized_users +- ensure_permissions_on_etc_ssh_sshd_config_are_configured +- ensure_permissions_on_ssh_private_host_key_files_are_configured +- ensure_permissions_on_ssh_public_host_key_files_are_configured +- ensure_ssh_access_is_limited +- ensure_ssh_loglevel_is_appropriate +- ensure_ssh_pam_is_enabled +- ensure_ssh_root_login_is_disabled +- ensure_ssh_hostbasedauthentication_is_disabled +- ensure_ssh_permitemptypasswords_is_disabled +- ensure_ssh_permituserenvironment_is_disabled +- ensure_ssh_ignorerhosts_is_enabled +- ensure_system_wide_crypto_policy_is_not_over_ridden +- ensure_ssh_warning_banner_is_configured +- ensure_ssh_maxstartups_is_configured +- ensure_ssh_logingracetime_is_set_to_one_minute_or_less +- ensure_ssh_idle_timeout_interval_is_configured +- ensure_sudo_is_installed +- ensure_sudo_commands_use_pty +- ensure_sudo_log_file_exists +- ensure_re_authentication_for_privilege_escalation_is_not_disabled_globally +- ensure_sudo_authentication_timeout_is_configured_correctly +- ensure_access_to_the_su_command_is_restricted +- ensure_authselect_includes_with_faillock +- ensure_password_creation_requirements_are_configured +- ensure_lockout_for_failed_password_attempts_is_configured +- ensure_password_reuse_is_limited +- ensure_password_hashing_algorithm_is_sha_512_or_yescrypt +- ensure_local_interactive_user_home_directories_are_mode_750_or_more_restrictive +- ensure_default_user_umask_is_027_or_more_restrictive +- ensure_default_user_shell_timeout_is_900_seconds_or_less +- ensure_at_least_one_nftables_table_exists +- ensure_host_based_firewall_loopback_traffic_is_configured +- ensure_a_single_firewall_configuration_utility_is_in_use +- ensure_root_password_is_set +- ensure_root_is_the_only_uid_0_account +- ensure_all_users_last_password_change_date_is_in_the_past +- ensure_system_accounts_are_secured +- ensure_sticky_bit_is_set_on_all_world_writable_directories +- ensure_permissions_on_etc_passwd_are_configured +- ensure_permissions_on_etc_shadow_are_configured +- ensure_permissions_on_etc_group_are_configured +- ensure_permissions_on_etc_gshadow_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_shadow_dash_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_gshadow_dash_are_configured +- ensure_no_world_writable_files_exist +- ensure_no_unowned_files_or_directories_exist +- ensure_no_ungrouped_files_or_directories_exist +- ensure_password_fields_are_not_empty +- ensure_all_groups_in_etc_passwd_exist_in_etc_group +- ensure_no_duplicate_uids_exist +- ensure_no_duplicate_gids_exist +- ensure_no_duplicate_user_names_exist +- ensure_no_duplicate_group_names_exist +- ensure_root_path_integrity +- ensure_all_users_home_directories_exist +- ensure_users_own_their_home_directories +- ensure_users_dot_files_are_not_group_or_world_writable +- ensure_users_netrc_files_are_not_group_or_world_accessible +- ensure_no_users_have_forward_files +- ensure_no_users_have_netrc_files +- ensure_no_users_have_rhosts_files +- ensure_accounts_in_etc_passwd_use_shadowed_passwords +- ensure_authselect_includes_with_faillock +secure_linux_cis::server_level_2: +- ensure_mounting_of_squashfs_filesystems_is_disabled +- ensure_mounting_of_udf_filesystems_is_disabled +- ensure_tmp_is_a_separate_partition +- ensure_nodev_option_set_on_tmp_partition +- ensure_noexec_option_set_on_tmp_partition +- ensure_nosuid_option_set_on_tmp_partition +- ensure_separate_partition_exists_for_var +- ensure_nodev_option_set_on_var_partition +- ensure_noexec_option_set_on_var_partition +- ensure_nosuid_option_set_on_var_partition +- ensure_separate_partition_exists_for_var_tmp +- ensure_noexec_option_set_on_var_tmp_partition +- ensure_nosuid_option_set_on_var_tmp_partition +- ensure_nodev_option_set_on_var_tmp_partition +- ensure_separate_partition_exists_for_var_log +- ensure_nodev_option_set_on_var_log_partition +- ensure_noexec_option_set_on_var_log_partition +- ensure_nosuid_option_set_on_var_log_partition +- ensure_separate_partition_exists_for_var_log_audit +- ensure_noexec_option_set_on_var_log_audit_partition +- ensure_nodev_option_set_on_var_log_audit_partition +- ensure_nosuid_option_set_on_var_log_audit_partition +- ensure_separate_partition_exists_for_home +- ensure_nodev_option_set_on_home_partition +- ensure_nosuid_option_set_on_home_partition +- ensure_usrquota_option_set_on_home_partition +- ensure_grpquota_option_set_on_home_partition +- ensure_separate_partition_exists_for_dev_shm +- ensure_nodev_option_set_on_dev_shm_partition +- ensure_noexec_option_set_on_dev_shm_partition +- ensure_nosuid_option_set_on_dev_shm_partition +- ensure_gpgcheck_is_globally_activated +- ensure_aide_is_installed +- ensure_cryptographic_mechanisms_are_used_to_protect_the_integrity_of_audit_tools +- ensure_filesystem_integrity_is_regularly_checked +- ensure_bootloader_password_is_set +- ensure_ssh_maxauthtries_is_set_to_4_or_less +- ensure_ssh_maxsessions_is_set_to_10_or_less +- ensure_permissions_on_bootloader_config_are_configured +- ensure_core_dump_storage_is_disabled +- ensure_core_dump_backtraces_are_disabled +- ensure_address_space_layout_randomization_aslr_is_enabled +- ensure_selinux_is_installed +- ensure_selinux_is_not_disabled_in_bootloader_configuration +- ensure_selinux_policy_is_configured +- ensure_the_selinux_mode_is_not_disabled +- ensure_the_selinux_mode_is_enforcing +- ensure_no_unconfined_services_exist +- ensure_setroubleshoot_is_not_installed +- ensure_the_mcs_translation_service_mcstrans_is_not_installed +- ensure_message_of_the_day_is_configured_properly +- ensure_local_login_warning_banner_is_configured_properly +- ensure_remote_login_warning_banner_is_configured_properly +- ensure_permissions_on_etc_motd_are_configured +- ensure_permissions_on_etc_issue_are_configured +- ensure_permissions_on_etc_issue_net_are_configured +- ensure_gdm_login_banner_is_configured +- ensure_gdm_disable_user_list_option_is_enabled +- ensure_gdm_screen_locks_when_the_user_is_idle +- ensure_last_logged_in_user_display_is_disabled +- ensure_xdmcp_is_not_enabled +- ensure_automatic_mounting_of_removable_media_is_disabled +- ensure_system_wide_crypto_policy_is_not_legacy +- ensure_time_synchronization_is_in_use +- ensure_chrony_is_configured +- ensure_xorg_x11_server_common_is_not_installed +- ensure_avahi_server_is_not_installed +- ensure_cups_is_not_installed +- ensure_dhcp_server_is_not_installed +- ensure_dns_server_is_not_installed +- ensure_ftp_server_is_not_installed +- ensure_vsftp_server_is_not_installed +- ensure_tftp_server_is_not_installed +- ensure_a_web_server_is_not_installed +- ensure_samba_is_not_installed +- ensure_http_proxy_server_is_not_installed +- ensure_net_snmp_is_not_installed +- ensure_telnet_server_is_not_installed +- ensure_dnsmasq_is_not_installed +- ensure_mail_transfer_agent_is_configured_for_local_only_mode +- ensure_nfs_utils_is_not_installed_or_the_nfs_server_service_is_masked +- ensure_rpcbind_is_not_installed_or_the_rpcbind_services_are_masked +- ensure_rsync_is_not_installed_or_the_rsyncd_service_is_masked +- ensure_rsh_client_is_not_installed +- ensure_talk_client_is_not_installed +- ensure_telnet_client_is_not_installed +- ensure_ldap_client_is_not_installed +- ensure_tftp_client_is_not_installed +- ensure_wireless_interfaces_are_disabled +- ensure_ip_forwarding_is_disabled +- ensure_packet_redirect_sending_is_disabled +- ensure_source_routed_packets_are_not_accepted +- ensure_icmp_redirects_are_not_accepted +- ensure_secure_icmp_redirects_are_not_accepted +- ensure_suspicious_packets_are_logged +- ensure_broadcast_icmp_requests_are_ignored +- ensure_bogus_icmp_responses_are_ignored +- ensure_reverse_path_filtering_is_enabled +- ensure_tcp_syn_cookies_is_enabled +- ensure_auditd_is_installed +- ensure_auditd_service_is_enabled +- ensure_auditing_for_processes_that_start_prior_to_auditd_is_enabled +- ensure_audit_backlog_limit_is_sufficient +- ensure_audit_log_storage_size_is_configured +- ensure_audit_logs_are_not_automatically_deleted +- ensure_system_is_disabled_when_audit_logs_are_full +- ensure_changes_to_system_administration_scope_sudoers_is_collected +- ensure_actions_as_another_user_are_always_logged +- ensure_events_that_modify_the_sudo_log_file_are_collected +- ensure_events_that_modify_date_and_time_information_are_collected +- ensure_events_that_modify_the_systems_network_environment_are_collected +- ensure_use_of_privileged_commands_are_collected +- ensure_unsuccessful_file_access_attempts_are_collected +- ensure_events_that_modify_user_group_information_are_collected +- ensure_discretionary_access_control_permission_modification_events_are_collected +- ensure_successful_file_system_mounts_are_collected +- ensure_session_initiation_information_is_collected +- ensure_login_and_logout_events_are_collected +- ensure_file_deletion_events_by_users_are_collected +- ensure_events_that_modify_the_systems_mandatory_access_controls_are_collected +- ensure_successful_and_unsuccessful_attempts_to_use_the_chcon_command_are_recorded +- ensure_successful_and_unsuccessful_attempts_to_use_the_setfacl_command_are_recorded +- ensure_successful_and_unsuccessful_attempts_to_use_the_chacl_command_are_recorded +- ensure_successful_and_unsuccessful_attempts_to_use_the_usermod_command_are_recorded +- ensure_kernel_module_loading_unloading_and_modification_is_collected +- ensure_the_audit_configuration_is_immutable +- ensure_audit_log_files_are_mode_0640_or_less_permissive +- ensure_only_authorized_users_own_audit_log_files +- ensure_the_audit_log_directory_is_0750_or_more_restrictive +- ensure_audit_configuration_files_are_640_or_more_restrictive +- ensure_audit_tools_are_755_or_more_restrictive +- ensure_ssh_x11_forwarding_is_disabled +- ensure_rsyslog_is_installed +- ensure_rsyslog_service_is_enabled +- ensure_rsyslog_default_file_permissions_are_configured +- ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_service_is_enabled +- ensure_journald_is_configured_to_compress_large_log_files +- ensure_journald_is_configured_to_write_logfiles_to_persistent_disk +- ensure_permissions_on_all_logfiles_are_configured +- ensure_cron_daemon_is_enabled +- ensure_permissions_on_etc_crontab_are_configured +- ensure_permissions_on_etc_cron_hourly_are_configured +- ensure_permissions_on_etc_cron_daily_are_configured +- ensure_permissions_on_etc_cron_weekly_are_configured +- ensure_permissions_on_etc_cron_monthly_are_configured +- ensure_permissions_on_etc_cron_d_are_configured +- ensure_cron_is_restricted_to_authorized_users +- ensure_at_is_restricted_to_authorized_users +- ensure_permissions_on_etc_ssh_sshd_config_are_configured +- ensure_permissions_on_ssh_private_host_key_files_are_configured +- ensure_permissions_on_ssh_public_host_key_files_are_configured +- ensure_ssh_access_is_limited +- ensure_ssh_loglevel_is_appropriate +- ensure_ssh_pam_is_enabled +- ensure_ssh_root_login_is_disabled +- ensure_ssh_hostbasedauthentication_is_disabled +- ensure_ssh_permitemptypasswords_is_disabled +- ensure_ssh_permituserenvironment_is_disabled +- ensure_ssh_ignorerhosts_is_enabled +- ensure_ssh_allowtcpforwarding_is_disabled +- ensure_system_wide_crypto_policy_is_not_over_ridden +- ensure_ssh_warning_banner_is_configured +- ensure_ssh_maxstartups_is_configured +- ensure_ssh_logingracetime_is_set_to_one_minute_or_less +- ensure_ssh_idle_timeout_interval_is_configured +- ensure_sudo_is_installed +- ensure_sudo_commands_use_pty +- ensure_sudo_log_file_exists +- ensure_users_must_provide_password_for_escalation +- ensure_re_authentication_for_privilege_escalation_is_not_disabled_globally +- ensure_sudo_authentication_timeout_is_configured_correctly +- ensure_access_to_the_su_command_is_restricted +- ensure_authselect_includes_with_faillock +- ensure_password_creation_requirements_are_configured +- ensure_lockout_for_failed_password_attempts_is_configured +- ensure_password_reuse_is_limited +- ensure_password_hashing_algorithm_is_sha_512_or_yescrypt +- ensure_local_interactive_user_home_directories_are_mode_750_or_more_restrictive +- ensure_default_user_umask_is_027_or_more_restrictive +- ensure_default_user_shell_timeout_is_900_seconds_or_less +- ensure_at_least_one_nftables_table_exists +- ensure_host_based_firewall_loopback_traffic_is_configured +- ensure_a_single_firewall_configuration_utility_is_in_use +- ensure_root_password_is_set +- ensure_root_is_the_only_uid_0_account +- ensure_all_users_last_password_change_date_is_in_the_past +- ensure_system_accounts_are_secured +- ensure_sticky_bit_is_set_on_all_world_writable_directories +- ensure_permissions_on_etc_passwd_are_configured +- ensure_permissions_on_etc_shadow_are_configured +- ensure_permissions_on_etc_group_are_configured +- ensure_permissions_on_etc_gshadow_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_shadow_dash_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_gshadow_dash_are_configured +- ensure_no_world_writable_files_exist +- ensure_no_unowned_files_or_directories_exist +- ensure_no_ungrouped_files_or_directories_exist +- ensure_password_fields_are_not_empty +- ensure_all_groups_in_etc_passwd_exist_in_etc_group +- ensure_no_duplicate_uids_exist +- ensure_no_duplicate_gids_exist +- ensure_no_duplicate_user_names_exist +- ensure_no_duplicate_group_names_exist +- ensure_root_path_integrity +- ensure_all_users_home_directories_exist +- ensure_users_own_their_home_directories +- ensure_users_dot_files_are_not_group_or_world_writable +- ensure_users_netrc_files_are_not_group_or_world_accessible +- ensure_no_users_have_forward_files +- ensure_no_users_have_netrc_files +- ensure_no_users_have_rhosts_files +- ensure_nodev_option_set_on_var_log_audit_partition +- ensure_vsftp_server_is_not_installed +- ensure_tcp_syn_cookies_is_enabled +- ensure_successful_file_system_mounts_are_collected +- ensure_journald_is_configured_to_compress_large_log_files +- ensure_ssh_permitemptypasswords_is_disabled +- ensure_no_duplicate_user_names_exist +- ensure_no_users_have_rhosts_files +- ensure_accounts_in_etc_passwd_use_shadowed_passwords +- ensure_authselect_includes_with_faillock +secure_linux_cis::workstation_level_1: +- ensure_tmp_is_a_separate_partition +- ensure_nodev_option_set_on_tmp_partition +- ensure_noexec_option_set_on_tmp_partition +- ensure_nosuid_option_set_on_tmp_partition +- ensure_separate_partition_exists_for_var +- ensure_nodev_option_set_on_var_partition +- ensure_noexec_option_set_on_var_partition +- ensure_separate_partition_exists_for_var_tmp +- ensure_noexec_option_set_on_var_tmp_partition +- ensure_nosuid_option_set_on_var_tmp_partition +- ensure_nodev_option_set_on_var_tmp_partition +- ensure_nosuid_option_set_on_var_partition +- ensure_nodev_option_set_on_var_log_partition +- ensure_noexec_option_set_on_var_log_partition +- ensure_nosuid_option_set_on_var_log_partition +- ensure_noexec_option_set_on_var_log_audit_partition +- ensure_nodev_option_set_on_var_log_audit_partition +- ensure_nosuid_option_set_on_var_log_audit_partition +- ensure_nodev_option_set_on_home_partition +- ensure_nosuid_option_set_on_home_partition +- ensure_separate_partition_exists_for_dev_shm +- ensure_nodev_option_set_on_dev_shm_partition +- ensure_noexec_option_set_on_dev_shm_partition +- ensure_nosuid_option_set_on_dev_shm_partition +- disable_usb_storage +- ensure_gpgcheck_is_globally_activated +- ensure_aide_is_installed +- ensure_cryptographic_mechanisms_are_used_to_protect_the_integrity_of_audit_tools +- ensure_filesystem_integrity_is_regularly_checked +- ensure_bootloader_password_is_set +- ensure_ssh_maxauthtries_is_set_to_4_or_less +- ensure_ssh_maxsessions_is_set_to_10_or_less +- ensure_permissions_on_bootloader_config_are_configured +- ensure_core_dump_storage_is_disabled +- ensure_core_dump_backtraces_are_disabled +- ensure_address_space_layout_randomization_aslr_is_enabled +- ensure_selinux_is_installed +- ensure_selinux_is_not_disabled_in_bootloader_configuration +- ensure_selinux_policy_is_configured +- ensure_the_selinux_mode_is_not_disabled +- ensure_no_unconfined_services_exist +- ensure_the_mcs_translation_service_mcstrans_is_not_installed +- ensure_message_of_the_day_is_configured_properly +- ensure_local_login_warning_banner_is_configured_properly +- ensure_remote_login_warning_banner_is_configured_properly +- ensure_permissions_on_etc_motd_are_configured +- ensure_permissions_on_etc_issue_are_configured +- ensure_permissions_on_etc_issue_net_are_configured +- ensure_gdm_login_banner_is_configured +- ensure_gdm_disable_user_list_option_is_enabled +- ensure_gdm_screen_locks_when_the_user_is_idle +- ensure_last_logged_in_user_display_is_disabled +- ensure_xdmcp_is_not_enabled +- ensure_system_wide_crypto_policy_is_not_legacy +- ensure_time_synchronization_is_in_use +- ensure_chrony_is_configured +- ensure_dhcp_server_is_not_installed +- ensure_dns_server_is_not_installed +- ensure_ftp_server_is_not_installed +- ensure_vsftp_server_is_not_installed +- ensure_tftp_server_is_not_installed +- ensure_a_web_server_is_not_installed +- ensure_samba_is_not_installed +- ensure_http_proxy_server_is_not_installed +- ensure_net_snmp_is_not_installed +- ensure_telnet_server_is_not_installed +- ensure_dnsmasq_is_not_installed +- ensure_mail_transfer_agent_is_configured_for_local_only_mode +- ensure_nfs_utils_is_not_installed_or_the_nfs_server_service_is_masked +- ensure_rpcbind_is_not_installed_or_the_rpcbind_services_are_masked +- ensure_rsync_is_not_installed_or_the_rsyncd_service_is_masked +- ensure_rsh_client_is_not_installed +- ensure_talk_client_is_not_installed +- ensure_telnet_client_is_not_installed +- ensure_ldap_client_is_not_installed +- ensure_tftp_client_is_not_installed +- ensure_ip_forwarding_is_disabled +- ensure_packet_redirect_sending_is_disabled +- ensure_source_routed_packets_are_not_accepted +- ensure_icmp_redirects_are_not_accepted +- ensure_secure_icmp_redirects_are_not_accepted +- ensure_suspicious_packets_are_logged +- ensure_broadcast_icmp_requests_are_ignored +- ensure_bogus_icmp_responses_are_ignored +- ensure_reverse_path_filtering_is_enabled +- ensure_tcp_syn_cookies_is_enabled +- ensure_rsyslog_is_installed +- ensure_rsyslog_service_is_enabled +- ensure_rsyslog_default_file_permissions_are_configured +- ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_service_is_enabled +- ensure_journald_is_configured_to_compress_large_log_files +- ensure_journald_is_configured_to_write_logfiles_to_persistent_disk +- ensure_permissions_on_all_logfiles_are_configured +- ensure_cron_daemon_is_enabled +- ensure_permissions_on_etc_crontab_are_configured +- ensure_permissions_on_etc_cron_hourly_are_configured +- ensure_permissions_on_etc_cron_daily_are_configured +- ensure_permissions_on_etc_cron_weekly_are_configured +- ensure_permissions_on_etc_cron_monthly_are_configured +- ensure_permissions_on_etc_cron_d_are_configured +- ensure_cron_is_restricted_to_authorized_users +- ensure_at_is_restricted_to_authorized_users +- ensure_permissions_on_etc_ssh_sshd_config_are_configured +- ensure_permissions_on_ssh_private_host_key_files_are_configured +- ensure_permissions_on_ssh_public_host_key_files_are_configured +- ensure_ssh_access_is_limited +- ensure_ssh_loglevel_is_appropriate +- ensure_ssh_pam_is_enabled +- ensure_ssh_root_login_is_disabled +- ensure_ssh_hostbasedauthentication_is_disabled +- ensure_ssh_permitemptypasswords_is_disabled +- ensure_ssh_permituserenvironment_is_disabled +- ensure_ssh_ignorerhosts_is_enabled +- ensure_system_wide_crypto_policy_is_not_over_ridden +- ensure_ssh_x11_forwarding_is_disabled +- ensure_ssh_warning_banner_is_configured +- ensure_ssh_maxstartups_is_configured +- ensure_ssh_logingracetime_is_set_to_one_minute_or_less +- ensure_ssh_idle_timeout_interval_is_configured +- ensure_sudo_is_installed +- ensure_sudo_commands_use_pty +- ensure_sudo_log_file_exists +- ensure_re_authentication_for_privilege_escalation_is_not_disabled_globally +- ensure_sudo_authentication_timeout_is_configured_correctly +- ensure_access_to_the_su_command_is_restricted +- ensure_authselect_includes_with_faillock +- ensure_password_creation_requirements_are_configured +- ensure_lockout_for_failed_password_attempts_is_configured +- ensure_password_reuse_is_limited +- ensure_password_hashing_algorithm_is_sha_512_or_yescrypt +- ensure_local_interactive_user_home_directories_are_mode_750_or_more_restrictive +- ensure_default_user_umask_is_027_or_more_restrictive +- ensure_default_user_shell_timeout_is_900_seconds_or_less +- ensure_at_least_one_nftables_table_exists +- ensure_host_based_firewall_loopback_traffic_is_configured +- ensure_a_single_firewall_configuration_utility_is_in_use +- ensure_root_password_is_set +- ensure_root_is_the_only_uid_0_account +- ensure_all_users_last_password_change_date_is_in_the_past +- ensure_system_accounts_are_secured +- ensure_sticky_bit_is_set_on_all_world_writable_directories +- ensure_permissions_on_etc_passwd_are_configured +- ensure_permissions_on_etc_shadow_are_configured +- ensure_permissions_on_etc_group_are_configured +- ensure_permissions_on_etc_gshadow_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_shadow_dash_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_gshadow_dash_are_configured +- ensure_no_world_writable_files_exist +- ensure_no_unowned_files_or_directories_exist +- ensure_no_ungrouped_files_or_directories_exist +- ensure_password_fields_are_not_empty +- ensure_all_groups_in_etc_passwd_exist_in_etc_group +- ensure_no_duplicate_uids_exist +- ensure_no_duplicate_gids_exist +- ensure_no_duplicate_user_names_exist +- ensure_no_duplicate_group_names_exist +- ensure_root_path_integrity +- ensure_all_users_home_directories_exist +- ensure_users_own_their_home_directories +- ensure_users_dot_files_are_not_group_or_world_writable +- ensure_users_netrc_files_are_not_group_or_world_accessible +- ensure_no_users_have_forward_files +- ensure_no_users_have_netrc_files +- ensure_no_users_have_rhosts_files +- ensure_accounts_in_etc_passwd_use_shadowed_passwords +- ensure_authselect_includes_with_faillock +secure_linux_cis::workstation_level_2: +- ensure_mounting_of_squashfs_filesystems_is_disabled +- ensure_mounting_of_udf_filesystems_is_disabled +- ensure_tmp_is_a_separate_partition +- ensure_nodev_option_set_on_tmp_partition +- ensure_noexec_option_set_on_tmp_partition +- ensure_nosuid_option_set_on_tmp_partition +- ensure_separate_partition_exists_for_var +- ensure_nodev_option_set_on_var_partition +- ensure_noexec_option_set_on_var_partition +- ensure_nosuid_option_set_on_var_partition +- ensure_separate_partition_exists_for_var_tmp +- ensure_noexec_option_set_on_var_tmp_partition +- ensure_nosuid_option_set_on_var_tmp_partition +- ensure_nodev_option_set_on_var_tmp_partition +- ensure_separate_partition_exists_for_var_log +- ensure_nodev_option_set_on_var_log_partition +- ensure_noexec_option_set_on_var_log_partition +- ensure_nosuid_option_set_on_var_log_partition +- ensure_separate_partition_exists_for_var_log_audit +- ensure_noexec_option_set_on_var_log_audit_partition +- ensure_nodev_option_set_on_var_log_audit_partition +- ensure_nosuid_option_set_on_var_log_audit_partition +- ensure_separate_partition_exists_for_home +- ensure_nodev_option_set_on_home_partition +- ensure_nosuid_option_set_on_home_partition +- ensure_usrquota_option_set_on_home_partition +- ensure_grpquota_option_set_on_home_partition +- ensure_separate_partition_exists_for_dev_shm +- ensure_nodev_option_set_on_dev_shm_partition +- ensure_noexec_option_set_on_dev_shm_partition +- ensure_nosuid_option_set_on_dev_shm_partition +- disable_usb_storage +- ensure_gpgcheck_is_globally_activated +- ensure_aide_is_installed +- ensure_cryptographic_mechanisms_are_used_to_protect_the_integrity_of_audit_tools +- ensure_filesystem_integrity_is_regularly_checked +- ensure_bootloader_password_is_set +- ensure_ssh_maxauthtries_is_set_to_4_or_less +- ensure_ssh_maxsessions_is_set_to_10_or_less +- ensure_permissions_on_bootloader_config_are_configured +- ensure_core_dump_storage_is_disabled +- ensure_core_dump_backtraces_are_disabled +- ensure_address_space_layout_randomization_aslr_is_enabled +- ensure_selinux_is_installed +- ensure_selinux_policy_is_configured +- ensure_the_selinux_mode_is_not_disabled +- ensure_the_selinux_mode_is_enforcing +- ensure_no_unconfined_services_exist +- ensure_the_mcs_translation_service_mcstrans_is_not_installed +- ensure_message_of_the_day_is_configured_properly +- ensure_local_login_warning_banner_is_configured_properly +- ensure_remote_login_warning_banner_is_configured_properly +- ensure_permissions_on_etc_motd_are_configured +- ensure_permissions_on_etc_issue_are_configured +- ensure_permissions_on_etc_issue_net_are_configured +- ensure_gnome_display_manager_is_removed +- ensure_gdm_login_banner_is_configured +- ensure_gdm_disable_user_list_option_is_enabled +- ensure_gdm_screen_locks_when_the_user_is_idle +- ensure_last_logged_in_user_display_is_disabled +- ensure_xdmcp_is_not_enabled +- ensure_automatic_mounting_of_removable_media_is_disabled +- ensure_system_wide_crypto_policy_is_not_legacy +- ensure_time_synchronization_is_in_use +- ensure_chrony_is_configured +- ensure_avahi_server_is_not_installed +- ensure_cups_is_not_installed +- ensure_dhcp_server_is_not_installed +- ensure_dns_server_is_not_installed +- ensure_ftp_server_is_not_installed +- ensure_vsftp_server_is_not_installed +- ensure_tftp_server_is_not_installed +- ensure_a_web_server_is_not_installed +- ensure_samba_is_not_installed +- ensure_http_proxy_server_is_not_installed +- ensure_net_snmp_is_not_installed +- ensure_telnet_server_is_not_installed +- ensure_dnsmasq_is_not_installed +- ensure_mail_transfer_agent_is_configured_for_local_only_mode +- ensure_nfs_utils_is_not_installed_or_the_nfs_server_service_is_masked +- ensure_rpcbind_is_not_installed_or_the_rpcbind_services_are_masked +- ensure_rsync_is_not_installed_or_the_rsyncd_service_is_masked +- ensure_rsh_client_is_not_installed +- ensure_talk_client_is_not_installed +- ensure_telnet_client_is_not_installed +- ensure_ldap_client_is_not_installed +- ensure_tftp_client_is_not_installed +- ensure_wireless_interfaces_are_disabled +- ensure_ip_forwarding_is_disabled +- ensure_packet_redirect_sending_is_disabled +- ensure_source_routed_packets_are_not_accepted +- ensure_icmp_redirects_are_not_accepted +- ensure_secure_icmp_redirects_are_not_accepted +- ensure_suspicious_packets_are_logged +- ensure_broadcast_icmp_requests_are_ignored +- ensure_bogus_icmp_responses_are_ignored +- ensure_reverse_path_filtering_is_enabled +- ensure_tcp_syn_cookies_is_enabled +- ensure_auditd_is_installed +- ensure_auditd_service_is_enabled +- ensure_auditing_for_processes_that_start_prior_to_auditd_is_enabled +- ensure_audit_backlog_limit_is_sufficient +- ensure_audit_log_storage_size_is_configured +- ensure_audit_logs_are_not_automatically_deleted +- ensure_system_is_disabled_when_audit_logs_are_full +- ensure_changes_to_system_administration_scope_sudoers_is_collected +- ensure_actions_as_another_user_are_always_logged +- ensure_events_that_modify_the_sudo_log_file_are_collected +- ensure_events_that_modify_date_and_time_information_are_collected +- ensure_events_that_modify_the_systems_network_environment_are_collected +- ensure_use_of_privileged_commands_are_collected +- ensure_unsuccessful_file_access_attempts_are_collected +- ensure_events_that_modify_user_group_information_are_collected +- ensure_discretionary_access_control_permission_modification_events_are_collected +- ensure_successful_file_system_mounts_are_collected +- ensure_session_initiation_information_is_collected +- ensure_login_and_logout_events_are_collected +- ensure_file_deletion_events_by_users_are_collected +- ensure_events_that_modify_the_systems_mandatory_access_controls_are_collected +- ensure_successful_and_unsuccessful_attempts_to_use_the_chcon_command_are_recorded +- ensure_successful_and_unsuccessful_attempts_to_use_the_setfacl_command_are_recorded +- ensure_successful_and_unsuccessful_attempts_to_use_the_chacl_command_are_recorded +- ensure_successful_and_unsuccessful_attempts_to_use_the_usermod_command_are_recorded +- ensure_kernel_module_loading_unloading_and_modification_is_collected +- ensure_the_audit_configuration_is_immutable +- ensure_audit_log_files_are_mode_0640_or_less_permissive +- ensure_only_authorized_users_own_audit_log_files +- ensure_the_audit_log_directory_is_0750_or_more_restrictive +- ensure_audit_configuration_files_are_640_or_more_restrictive +- ensure_audit_tools_are_755_or_more_restrictive +- ensure_ssh_x11_forwarding_is_disabled +- ensure_rsyslog_is_installed +- ensure_rsyslog_service_is_enabled +- ensure_rsyslog_default_file_permissions_are_configured +- ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_service_is_enabled +- ensure_journald_is_configured_to_compress_large_log_files +- ensure_journald_is_configured_to_write_logfiles_to_persistent_disk +- ensure_permissions_on_all_logfiles_are_configured +- ensure_cron_daemon_is_enabled +- ensure_permissions_on_etc_crontab_are_configured +- ensure_permissions_on_etc_cron_hourly_are_configured +- ensure_permissions_on_etc_cron_daily_are_configured +- ensure_permissions_on_etc_cron_weekly_are_configured +- ensure_permissions_on_etc_cron_monthly_are_configured +- ensure_permissions_on_etc_cron_d_are_configured +- ensure_cron_is_restricted_to_authorized_users +- ensure_at_is_restricted_to_authorized_users +- ensure_permissions_on_etc_ssh_sshd_config_are_configured +- ensure_permissions_on_ssh_private_host_key_files_are_configured +- ensure_permissions_on_ssh_public_host_key_files_are_configured +- ensure_ssh_access_is_limited +- ensure_ssh_loglevel_is_appropriate +- ensure_ssh_pam_is_enabled +- ensure_ssh_root_login_is_disabled +- ensure_ssh_hostbasedauthentication_is_disabled +- ensure_ssh_permitemptypasswords_is_disabled +- ensure_ssh_permituserenvironment_is_disabled +- ensure_ssh_ignorerhosts_is_enabled +- ensure_ssh_allowtcpforwarding_is_disabled +- ensure_system_wide_crypto_policy_is_not_over_ridden +- ensure_ssh_warning_banner_is_configured +- ensure_ssh_maxstartups_is_configured +- ensure_ssh_logingracetime_is_set_to_one_minute_or_less +- ensure_ssh_idle_timeout_interval_is_configured +- ensure_sudo_is_installed +- ensure_sudo_commands_use_pty +- ensure_sudo_log_file_exists +- ensure_users_must_provide_password_for_escalation +- ensure_re_authentication_for_privilege_escalation_is_not_disabled_globally +- ensure_sudo_authentication_timeout_is_configured_correctly +- ensure_access_to_the_su_command_is_restricted +- ensure_authselect_includes_with_faillock +- ensure_password_creation_requirements_are_configured +- ensure_lockout_for_failed_password_attempts_is_configured +- ensure_password_reuse_is_limited +- ensure_password_hashing_algorithm_is_sha_512_or_yescrypt +- ensure_local_interactive_user_home_directories_are_mode_750_or_more_restrictive +- ensure_default_user_umask_is_027_or_more_restrictive +- ensure_default_user_shell_timeout_is_900_seconds_or_less +- ensure_at_least_one_nftables_table_exists +- ensure_host_based_firewall_loopback_traffic_is_configured +- ensure_a_single_firewall_configuration_utility_is_in_use +- ensure_root_password_is_set +- ensure_root_is_the_only_uid_0_account +- ensure_all_users_last_password_change_date_is_in_the_past +- ensure_system_accounts_are_secured +- ensure_sticky_bit_is_set_on_all_world_writable_directories +- ensure_permissions_on_etc_passwd_are_configured +- ensure_permissions_on_etc_shadow_are_configured +- ensure_permissions_on_etc_group_are_configured +- ensure_permissions_on_etc_gshadow_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_shadow_dash_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_gshadow_dash_are_configured +- ensure_no_world_writable_files_exist +- ensure_no_unowned_files_or_directories_exist +- ensure_no_ungrouped_files_or_directories_exist +- ensure_password_fields_are_not_empty +- ensure_all_groups_in_etc_passwd_exist_in_etc_group +- ensure_no_duplicate_uids_exist +- ensure_no_duplicate_gids_exist +- ensure_no_duplicate_user_names_exist +- ensure_no_duplicate_group_names_exist +- ensure_root_path_integrity +- ensure_all_users_home_directories_exist +- ensure_users_own_their_home_directories +- ensure_users_dot_files_are_not_group_or_world_writable +- ensure_users_netrc_files_are_not_group_or_world_accessible +- ensure_no_users_have_forward_files +- ensure_no_users_have_netrc_files +- ensure_no_users_have_rhosts_files +- ensure_nodev_option_set_on_var_log_audit_partition +- ensure_selinux_is_not_disabled_in_bootloader_configuration +- ensure_vsftp_server_is_not_installed +- ensure_tcp_syn_cookies_is_enabled +- ensure_successful_file_system_mounts_are_collected +- ensure_journald_is_configured_to_compress_large_log_files +- ensure_ssh_permitemptypasswords_is_disabled +- ensure_no_duplicate_user_names_exist +- ensure_no_users_have_rhosts_files +- ensure_accounts_in_etc_passwd_use_shadowed_passwords +- ensure_authselect_includes_with_faillock diff --git a/data/os/Rocky/version/8.yaml b/data/os/Rocky/version/8.yaml new file mode 100644 index 00000000..d099e729 --- /dev/null +++ b/data/os/Rocky/version/8.yaml @@ -0,0 +1,746 @@ +--- +secure_linux_cis::server_level_1: +- ensure_mounting_of_cramfs_filesystems_is_disabled +- ensure_tmp_is_a_separate_partition +- ensure_nodev_option_set_on_tmp_partition +- ensure_noexec_option_set_on_tmp_partition +- ensure_nosuid_option_set_on_tmp_partition +- ensure_nodev_option_set_on_dev_shm_partition +- ensure_noexec_option_set_on_dev_shm_partition +- ensure_nosuid_option_set_on_dev_shm_partition +- disable_automounting +- disable_usb_storage +- ensure_gpgcheck_is_globally_activated +- ensure_aide_is_installed +- ensure_filesystem_integrity_is_regularly_checked +- ensure_bootloader_password_is_set +- ensure_permissions_on_bootloader_config_are_configured +- ensure_authentication_is_required_when_booting_into_rescue_mode +- ensure_core_dump_storage_is_disabled +- ensure_core_dump_backtraces_are_disabled +- ensure_address_space_layout_randomization_aslr_is_enabled +- ensure_selinux_is_installed +- ensure_selinux_is_not_disabled_in_bootloader_configuration +- ensure_selinux_policy_is_configured +- ensure_the_selinux_mode_is_not_disabled +- ensure_no_unconfined_services_exist +- ensure_setroubleshoot_is_not_installed +- ensure_the_mcs_translation_service_mcstrans_is_not_installed +- ensure_message_of_the_day_is_configured_properly +- ensure_local_login_warning_banner_is_configured_properly +- ensure_remote_login_warning_banner_is_configured_properly +- ensure_permissions_on_etc_motd_are_configured +- ensure_permissions_on_etc_issue_are_configured +- ensure_permissions_on_etc_issue_net_are_configured +- ensure_gdm_login_banner_is_configured +- ensure_last_logged_in_user_display_is_disabled +- ensure_xdmcp_is_not_enabled +- ensure_automatic_mounting_of_removable_media_is_disabled +- ensure_system_wide_crypto_policy_is_not_legacy +- ensure_time_synchronization_is_in_use +- ensure_chrony_is_configured +- ensure_xinetd_is_not_installed +- ensure_avahi_server_is_not_installed +- ensure_cups_is_not_installed +- ensure_dhcp_server_is_not_installed +- ensure_dns_server_is_not_installed +- ensure_ftp_server_is_not_installed +- ensure_vsftp_server_is_not_installed +- ensure_tftp_server_is_not_installed +- ensure_a_web_server_is_not_installed +- ensure_samba_is_not_installed +- ensure_http_proxy_server_is_not_installed +- ensure_net_snmp_is_not_installed +- ensure_nis_server_is_not_installed +- ensure_telnet_server_is_not_installed +- ensure_mail_transfer_agent_is_configured_for_local_only_mode +- ensure_nfs_utils_is_not_installed_or_the_nfs_server_service_is_masked +- ensure_rpcbind_is_not_installed_or_the_rpcbind_services_are_masked +- ensure_rsync_is_not_installed_or_the_rsyncd_service_is_masked +- ensure_nis_client_is_not_installed +- ensure_rsh_client_is_not_installed +- ensure_talk_client_is_not_installed +- ensure_telnet_client_is_not_installed +- ensure_ldap_client_is_not_installed +- ensure_tftp_client_is_not_installed +- ensure_wireless_interfaces_are_disabled +- ensure_ip_forwarding_is_disabled +- ensure_packet_redirect_sending_is_disabled +- ensure_source_routed_packets_are_not_accepted +- ensure_icmp_redirects_are_not_accepted +- ensure_secure_icmp_redirects_are_not_accepted +- ensure_suspicious_packets_are_logged +- ensure_broadcast_icmp_requests_are_ignored +- ensure_bogus_icmp_responses_are_ignored +- ensure_reverse_path_filtering_is_enabled +- ensure_tcp_syn_cookies_is_enabled +- ensure_iptables_packages_are_installed +- ensure_nftables_is_not_installed_with_iptables +- ensure_firewalld_is_either_not_installed_or_masked_with_iptables +- ensure_iptables_loopback_traffic_is_configured +- ensure_iptables_rules_exist_for_all_open_ports +- ensure_iptables_default_deny_firewall_policy +- ensure_iptables_rules_are_saved +- ensure_iptables_is_enabled_and_active +- ensure_rsyslog_is_installed +- ensure_rsyslog_service_is_enabled +- ensure_rsyslog_default_file_permissions_are_configured +- ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_service_is_enabled +- ensure_journald_is_configured_to_compress_large_log_files +- ensure_journald_is_configured_to_write_logfiles_to_persistent_disk +- ensure_permissions_on_all_logfiles_are_configured +- ensure_cron_daemon_is_enabled +- ensure_permissions_on_etc_crontab_are_configured +- ensure_permissions_on_etc_cron_hourly_are_configured +- ensure_permissions_on_etc_cron_daily_are_configured +- ensure_permissions_on_etc_cron_weekly_are_configured +- ensure_permissions_on_etc_cron_monthly_are_configured +- ensure_permissions_on_etc_cron_d_are_configured +- ensure_cron_is_restricted_to_authorized_users +- ensure_at_is_restricted_to_authorized_users +- ensure_permissions_on_etc_ssh_sshd_config_are_configured +- ensure_permissions_on_ssh_private_host_key_files_are_configured +- ensure_permissions_on_ssh_public_host_key_files_are_configured +- ensure_ssh_access_is_limited +- ensure_ssh_loglevel_is_appropriate +- ensure_ssh_pam_is_enabled +- ensure_ssh_root_login_is_disabled +- ensure_ssh_hostbasedauthentication_is_disabled +- ensure_ssh_permitemptypasswords_is_disabled +- ensure_ssh_permituserenvironment_is_disabled +- ensure_ssh_ignorerhosts_is_enabled +- ensure_system_wide_crypto_policy_is_not_over_ridden +- ensure_ssh_warning_banner_is_configured +- ensure_ssh_maxstartups_is_configured +- ensure_ssh_logingracetime_is_set_to_one_minute_or_less +- ensure_ssh_idle_timeout_interval_is_configured +- ensure_sudo_is_installed +- ensure_sudo_commands_use_pty +- ensure_sudo_log_file_exists +- ensure_re_authentication_for_privilege_escalation_is_not_disabled_globally +- ensure_sudo_authentication_timeout_is_configured_correctly +- ensure_access_to_the_su_command_is_restricted +- ensure_authselect_includes_with_faillock +- ensure_password_creation_requirements_are_configured +- ensure_lockout_for_failed_password_attempts_is_configured +- ensure_password_reuse_is_limited +- ensure_all_users_last_password_change_date_is_in_the_past +- ensure_system_accounts_are_secured +- ensure_sticky_bit_is_set_on_all_world_writable_directories +- ensure_permissions_on_etc_passwd_are_configured +- ensure_permissions_on_etc_shadow_are_configured +- ensure_permissions_on_etc_group_are_configured +- ensure_permissions_on_etc_gshadow_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_shadow_dash_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_gshadow_dash_are_configured +- ensure_no_world_writable_files_exist +- ensure_no_unowned_files_or_directories_exist +- ensure_no_ungrouped_files_or_directories_exist +- ensure_password_fields_are_not_empty +- ensure_all_groups_in_etc_passwd_exist_in_etc_group +- ensure_no_duplicate_uids_exist +- ensure_no_duplicate_gids_exist +- ensure_no_duplicate_user_names_exist +- ensure_no_duplicate_group_names_exist +- ensure_root_path_integrity +- ensure_all_users_home_directories_exist +- ensure_users_own_their_home_directories +- ensure_users_dot_files_are_not_group_or_world_writable +- ensure_users_netrc_files_are_not_group_or_world_accessible +- ensure_no_users_have_forward_files +- ensure_no_users_have_netrc_files +- ensure_no_users_have_rhosts_files +secure_linux_cis::server_level_2: +- ensure_mounting_of_cramfs_filesystems_is_disabled +- ensure_mounting_of_squashfs_filesystems_is_disabled +- ensure_mounting_of_udf_filesystems_is_disabled +- ensure_tmp_is_a_separate_partition +- ensure_nodev_option_set_on_tmp_partition +- ensure_noexec_option_set_on_tmp_partition +- ensure_nosuid_option_set_on_tmp_partition +- ensure_separate_partition_exists_for_var +- ensure_nodev_option_set_on_var_partition +- ensure_noexec_option_set_on_var_partition +- ensure_nosuid_option_set_on_var_partition +- ensure_separate_partition_exists_for_var_tmp +- ensure_noexec_option_set_on_var_tmp_partition +- ensure_nosuid_option_set_on_var_tmp_partition +- ensure_nodev_option_set_on_var_tmp_partition +- ensure_separate_partition_exists_for_var_log +- ensure_nodev_option_set_on_var_log_partition +- ensure_noexec_option_set_on_var_log_partition +- ensure_nosuid_option_set_on_var_log_partition +- ensure_separate_partition_exists_for_var_log_audit +- ensure_noexec_option_set_on_var_log_audit_partition +- ensure_nodev_option_set_on_var_log_audit_partition +- ensure_nosuid_option_set_on_var_log_audit_partition +- ensure_separate_partition_exists_for_home +- ensure_nodev_option_set_on_home_partition +- ensure_nosuid_option_set_on_home_partition +- ensure_usrquota_option_set_on_home_partition +- ensure_grpquota_option_set_on_home_partition +- ensure_nodev_option_set_on_dev_shm_partition +- ensure_noexec_option_set_on_dev_shm_partition +- ensure_nosuid_option_set_on_dev_shm_partition +- disable_automounting +- disable_usb_storage +- ensure_gpgcheck_is_globally_activated +- ensure_aide_is_installed +- ensure_filesystem_integrity_is_regularly_checked +- ensure_bootloader_password_is_set +- ensure_permissions_on_bootloader_config_are_configured +- ensure_authentication_is_required_when_booting_into_rescue_mode +- ensure_core_dump_storage_is_disabled +- ensure_core_dump_backtraces_are_disabled +- ensure_address_space_layout_randomization_aslr_is_enabled +- ensure_selinux_is_installed +- ensure_selinux_is_not_disabled_in_bootloader_configuration +- ensure_selinux_policy_is_configured +- ensure_the_selinux_mode_is_not_disabled +- ensure_the_selinux_mode_is_enforcing +- ensure_no_unconfined_services_exist +- ensure_setroubleshoot_is_not_installed +- ensure_the_mcs_translation_service_mcstrans_is_not_installed +- ensure_message_of_the_day_is_configured_properly +- ensure_local_login_warning_banner_is_configured_properly +- ensure_remote_login_warning_banner_is_configured_properly +- ensure_permissions_on_etc_motd_are_configured +- ensure_permissions_on_etc_issue_are_configured +- ensure_permissions_on_etc_issue_net_are_configured +- ensure_gdm_login_banner_is_configured +- ensure_last_logged_in_user_display_is_disabled +- ensure_xdmcp_is_not_enabled +- ensure_automatic_mounting_of_removable_media_is_disabled +- ensure_system_wide_crypto_policy_is_not_legacy +- ensure_time_synchronization_is_in_use +- ensure_chrony_is_configured +- ensure_xinetd_is_not_installed +- ensure_avahi_server_is_not_installed +- ensure_cups_is_not_installed +- ensure_dhcp_server_is_not_installed +- ensure_dns_server_is_not_installed +- ensure_ftp_server_is_not_installed +- ensure_vsftp_server_is_not_installed +- ensure_tftp_server_is_not_installed +- ensure_a_web_server_is_not_installed +- ensure_samba_is_not_installed +- ensure_http_proxy_server_is_not_installed +- ensure_net_snmp_is_not_installed +- ensure_nis_server_is_not_installed +- ensure_telnet_server_is_not_installed +- ensure_mail_transfer_agent_is_configured_for_local_only_mode +- ensure_nfs_utils_is_not_installed_or_the_nfs_server_service_is_masked +- ensure_rpcbind_is_not_installed_or_the_rpcbind_services_are_masked +- ensure_rsync_is_not_installed_or_the_rsyncd_service_is_masked +- ensure_nis_client_is_not_installed +- ensure_rsh_client_is_not_installed +- ensure_talk_client_is_not_installed +- ensure_telnet_client_is_not_installed +- ensure_ldap_client_is_not_installed +- ensure_tftp_client_is_not_installed +- ensure_sctp_is_disabled +- ensure_dccp_is_disabled +- ensure_wireless_interfaces_are_disabled +- ensure_ip_forwarding_is_disabled +- ensure_packet_redirect_sending_is_disabled +- ensure_source_routed_packets_are_not_accepted +- ensure_icmp_redirects_are_not_accepted +- ensure_secure_icmp_redirects_are_not_accepted +- ensure_suspicious_packets_are_logged +- ensure_broadcast_icmp_requests_are_ignored +- ensure_bogus_icmp_responses_are_ignored +- ensure_reverse_path_filtering_is_enabled +- ensure_tcp_syn_cookies_is_enabled +- ensure_iptables_packages_are_installed +- ensure_nftables_is_not_installed_with_iptables +- ensure_firewalld_is_either_not_installed_or_masked_with_iptables +- ensure_iptables_loopback_traffic_is_configured +- ensure_iptables_rules_exist_for_all_open_ports +- ensure_iptables_default_deny_firewall_policy +- ensure_iptables_rules_are_saved +- ensure_iptables_is_enabled_and_active +- ensure_auditd_is_installed +- ensure_auditd_service_is_enabled +- ensure_auditing_for_processes_that_start_prior_to_auditd_is_enabled +- ensure_audit_backlog_limit_is_sufficient +- ensure_audit_log_storage_size_is_configured +- ensure_audit_logs_are_not_automatically_deleted +- ensure_system_is_disabled_when_audit_logs_are_full +- ensure_changes_to_system_administration_scope_sudoers_is_collected +- ensure_actions_as_another_user_are_always_logged +- ensure_events_that_modify_the_sudo_log_file_are_collected +- ensure_events_that_modify_date_and_time_information_are_collected +- ensure_events_that_modify_the_systems_network_environment_are_collected +- ensure_use_of_privileged_commands_are_collected +- ensure_unsuccessful_file_access_attempts_are_collected +- ensure_events_that_modify_user_group_information_are_collected +- ensure_discretionary_access_control_permission_modification_events_are_collected +- ensure_successful_file_system_mounts_are_collected +- ensure_session_initiation_information_is_collected +- ensure_login_and_logout_events_are_collected +- ensure_file_deletion_events_by_users_are_collected +- ensure_events_that_modify_the_systems_mandatory_access_controls_are_collected +- ensure_successful_and_unsuccessful_attempts_to_use_the_chcon_command_are_recorded +- ensure_successful_and_unsuccessful_attempts_to_use_the_setfacl_command_are_recorded +- ensure_successful_and_unsuccessful_attempts_to_use_the_chacl_command_are_recorded +- ensure_successful_and_unsuccessful_attempts_to_use_the_usermod_command_are_recorded +- ensure_kernel_module_loading_unloading_and_modification_is_collected +- ensure_the_audit_configuration_is_immutable +- ensure_rsyslog_is_installed +- ensure_rsyslog_service_is_enabled +- ensure_rsyslog_default_file_permissions_are_configured +- ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_service_is_enabled +- ensure_journald_is_configured_to_compress_large_log_files +- ensure_journald_is_configured_to_write_logfiles_to_persistent_disk +- ensure_permissions_on_all_logfiles_are_configured +- ensure_cron_daemon_is_enabled +- ensure_permissions_on_etc_crontab_are_configured +- ensure_permissions_on_etc_cron_hourly_are_configured +- ensure_permissions_on_etc_cron_daily_are_configured +- ensure_permissions_on_etc_cron_weekly_are_configured +- ensure_permissions_on_etc_cron_monthly_are_configured +- ensure_permissions_on_etc_cron_d_are_configured +- ensure_cron_is_restricted_to_authorized_users +- ensure_at_is_restricted_to_authorized_users +- ensure_permissions_on_etc_ssh_sshd_config_are_configured +- ensure_permissions_on_ssh_private_host_key_files_are_configured +- ensure_permissions_on_ssh_public_host_key_files_are_configured +- ensure_ssh_access_is_limited +- ensure_ssh_loglevel_is_appropriate +- ensure_ssh_pam_is_enabled +- ensure_ssh_root_login_is_disabled +- ensure_ssh_hostbasedauthentication_is_disabled +- ensure_ssh_permitemptypasswords_is_disabled +- ensure_ssh_permituserenvironment_is_disabled +- ensure_ssh_ignorerhosts_is_enabled +- ensure_ssh_allowtcpforwarding_is_disabled +- ensure_system_wide_crypto_policy_is_not_over_ridden +- ensure_ssh_warning_banner_is_configured +- ensure_ssh_maxstartups_is_configured +- ensure_ssh_logingracetime_is_set_to_one_minute_or_less +- ensure_ssh_idle_timeout_interval_is_configured +- ensure_sudo_is_installed +- ensure_sudo_commands_use_pty +- ensure_sudo_log_file_exists +- ensure_users_must_provide_password_for_escalation +- ensure_re_authentication_for_privilege_escalation_is_not_disabled_globally +- ensure_sudo_authentication_timeout_is_configured_correctly +- ensure_access_to_the_su_command_is_restricted +- ensure_authselect_includes_with_faillock +- ensure_password_creation_requirements_are_configured +- ensure_lockout_for_failed_password_attempts_is_configured +- ensure_password_reuse_is_limited +- ensure_all_users_last_password_change_date_is_in_the_past +- ensure_system_accounts_are_secured +- ensure_sticky_bit_is_set_on_all_world_writable_directories +- ensure_permissions_on_etc_passwd_are_configured +- ensure_permissions_on_etc_shadow_are_configured +- ensure_permissions_on_etc_group_are_configured +- ensure_permissions_on_etc_gshadow_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_shadow_dash_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_gshadow_dash_are_configured +- ensure_no_world_writable_files_exist +- ensure_no_unowned_files_or_directories_exist +- ensure_no_ungrouped_files_or_directories_exist +- ensure_password_fields_are_not_empty +- ensure_all_groups_in_etc_passwd_exist_in_etc_group +- ensure_no_duplicate_uids_exist +- ensure_no_duplicate_gids_exist +- ensure_no_duplicate_user_names_exist +- ensure_no_duplicate_group_names_exist +- ensure_root_path_integrity +- ensure_all_users_home_directories_exist +- ensure_users_own_their_home_directories +- ensure_users_dot_files_are_not_group_or_world_writable +- ensure_users_netrc_files_are_not_group_or_world_accessible +- ensure_no_users_have_forward_files +- ensure_no_users_have_netrc_files +- ensure_no_users_have_rhosts_files +- ensure_nodev_option_set_on_var_log_audit_partition +- ensure_selinux_is_not_disabled_in_bootloader_configuration +- ensure_vsftp_server_is_not_installed +- ensure_tcp_syn_cookies_is_enabled +- ensure_iptables_is_enabled_and_active +- ensure_successful_file_system_mounts_are_collected +- ensure_journald_is_configured_to_compress_large_log_files +- ensure_ssh_permitemptypasswords_is_disabled +- ensure_password_reuse_is_limited +- ensure_no_duplicate_user_names_exist +- ensure_no_users_have_rhosts_files +secure_linux_cis::workstation_level_1: +- ensure_mounting_of_cramfs_filesystems_is_disabled +- ensure_tmp_is_a_separate_partition +- ensure_nodev_option_set_on_tmp_partition +- ensure_noexec_option_set_on_tmp_partition +- ensure_nosuid_option_set_on_tmp_partition +- ensure_nodev_option_set_on_dev_shm_partition +- ensure_noexec_option_set_on_dev_shm_partition +- ensure_nosuid_option_set_on_dev_shm_partition +- ensure_gpgcheck_is_globally_activated +- ensure_aide_is_installed +- ensure_filesystem_integrity_is_regularly_checked +- ensure_bootloader_password_is_set +- ensure_permissions_on_bootloader_config_are_configured +- ensure_authentication_is_required_when_booting_into_rescue_mode +- ensure_core_dump_storage_is_disabled +- ensure_core_dump_backtraces_are_disabled +- ensure_address_space_layout_randomization_aslr_is_enabled +- ensure_selinux_is_installed +- ensure_selinux_is_not_disabled_in_bootloader_configuration +- ensure_selinux_policy_is_configured +- ensure_the_selinux_mode_is_not_disabled +- ensure_no_unconfined_services_exist +- ensure_the_mcs_translation_service_mcstrans_is_not_installed +- ensure_message_of_the_day_is_configured_properly +- ensure_local_login_warning_banner_is_configured_properly +- ensure_remote_login_warning_banner_is_configured_properly +- ensure_permissions_on_etc_motd_are_configured +- ensure_permissions_on_etc_issue_are_configured +- ensure_permissions_on_etc_issue_net_are_configured +- ensure_gdm_login_banner_is_configured +- ensure_last_logged_in_user_display_is_disabled +- ensure_xdmcp_is_not_enabled +- ensure_system_wide_crypto_policy_is_not_legacy +- ensure_time_synchronization_is_in_use +- ensure_chrony_is_configured +- ensure_xinetd_is_not_installed +- ensure_dhcp_server_is_not_installed +- ensure_dns_server_is_not_installed +- ensure_ftp_server_is_not_installed +- ensure_vsftp_server_is_not_installed +- ensure_tftp_server_is_not_installed +- ensure_a_web_server_is_not_installed +- ensure_samba_is_not_installed +- ensure_http_proxy_server_is_not_installed +- ensure_net_snmp_is_not_installed +- ensure_nis_server_is_not_installed +- ensure_telnet_server_is_not_installed +- ensure_mail_transfer_agent_is_configured_for_local_only_mode +- ensure_nfs_utils_is_not_installed_or_the_nfs_server_service_is_masked +- ensure_rpcbind_is_not_installed_or_the_rpcbind_services_are_masked +- ensure_rsync_is_not_installed_or_the_rsyncd_service_is_masked +- ensure_nis_client_is_not_installed +- ensure_rsh_client_is_not_installed +- ensure_talk_client_is_not_installed +- ensure_telnet_client_is_not_installed +- ensure_ldap_client_is_not_installed +- ensure_tftp_client_is_not_installed +- ensure_ip_forwarding_is_disabled +- ensure_packet_redirect_sending_is_disabled +- ensure_source_routed_packets_are_not_accepted +- ensure_icmp_redirects_are_not_accepted +- ensure_secure_icmp_redirects_are_not_accepted +- ensure_suspicious_packets_are_logged +- ensure_broadcast_icmp_requests_are_ignored +- ensure_bogus_icmp_responses_are_ignored +- ensure_reverse_path_filtering_is_enabled +- ensure_tcp_syn_cookies_is_enabled +- ensure_iptables_packages_are_installed +- ensure_nftables_is_not_installed_with_iptables +- ensure_firewalld_is_either_not_installed_or_masked_with_iptables +- ensure_iptables_loopback_traffic_is_configured +- ensure_iptables_rules_exist_for_all_open_ports +- ensure_iptables_default_deny_firewall_policy +- ensure_iptables_rules_are_saved +- ensure_iptables_is_enabled_and_active +- ensure_rsyslog_is_installed +- ensure_rsyslog_service_is_enabled +- ensure_rsyslog_default_file_permissions_are_configured +- ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_service_is_enabled +- ensure_journald_is_configured_to_compress_large_log_files +- ensure_journald_is_configured_to_write_logfiles_to_persistent_disk +- ensure_permissions_on_all_logfiles_are_configured +- ensure_cron_daemon_is_enabled +- ensure_permissions_on_etc_crontab_are_configured +- ensure_permissions_on_etc_cron_hourly_are_configured +- ensure_permissions_on_etc_cron_daily_are_configured +- ensure_permissions_on_etc_cron_weekly_are_configured +- ensure_permissions_on_etc_cron_monthly_are_configured +- ensure_permissions_on_etc_cron_d_are_configured +- ensure_cron_is_restricted_to_authorized_users +- ensure_at_is_restricted_to_authorized_users +- ensure_permissions_on_etc_ssh_sshd_config_are_configured +- ensure_permissions_on_ssh_private_host_key_files_are_configured +- ensure_permissions_on_ssh_public_host_key_files_are_configured +- ensure_ssh_access_is_limited +- ensure_ssh_loglevel_is_appropriate +- ensure_ssh_pam_is_enabled +- ensure_ssh_root_login_is_disabled +- ensure_ssh_hostbasedauthentication_is_disabled +- ensure_ssh_permitemptypasswords_is_disabled +- ensure_ssh_permituserenvironment_is_disabled +- ensure_ssh_ignorerhosts_is_enabled +- ensure_system_wide_crypto_policy_is_not_over_ridden +- ensure_ssh_warning_banner_is_configured +- ensure_ssh_maxstartups_is_configured +- ensure_ssh_logingracetime_is_set_to_one_minute_or_less +- ensure_ssh_idle_timeout_interval_is_configured +- ensure_sudo_is_installed +- ensure_sudo_commands_use_pty +- ensure_sudo_log_file_exists +- ensure_re_authentication_for_privilege_escalation_is_not_disabled_globally +- ensure_sudo_authentication_timeout_is_configured_correctly +- ensure_access_to_the_su_command_is_restricted +- ensure_authselect_includes_with_faillock +- ensure_password_creation_requirements_are_configured +- ensure_lockout_for_failed_password_attempts_is_configured +- ensure_password_reuse_is_limited +- ensure_all_users_last_password_change_date_is_in_the_past +- ensure_system_accounts_are_secured +- ensure_sticky_bit_is_set_on_all_world_writable_directories +- ensure_permissions_on_etc_passwd_are_configured +- ensure_permissions_on_etc_shadow_are_configured +- ensure_permissions_on_etc_group_are_configured +- ensure_permissions_on_etc_gshadow_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_shadow_dash_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_gshadow_dash_are_configured +- ensure_no_world_writable_files_exist +- ensure_no_unowned_files_or_directories_exist +- ensure_no_ungrouped_files_or_directories_exist +- ensure_password_fields_are_not_empty +- ensure_all_groups_in_etc_passwd_exist_in_etc_group +- ensure_no_duplicate_uids_exist +- ensure_no_duplicate_gids_exist +- ensure_no_duplicate_user_names_exist +- ensure_no_duplicate_group_names_exist +- ensure_root_path_integrity +- ensure_all_users_home_directories_exist +- ensure_users_own_their_home_directories +- ensure_users_dot_files_are_not_group_or_world_writable +- ensure_users_netrc_files_are_not_group_or_world_accessible +- ensure_no_users_have_forward_files +- ensure_no_users_have_netrc_files +- ensure_no_users_have_rhosts_files +secure_linux_cis::workstation_level_2: +- ensure_mounting_of_cramfs_filesystems_is_disabled +- ensure_mounting_of_squashfs_filesystems_is_disabled +- ensure_mounting_of_udf_filesystems_is_disabled +- ensure_tmp_is_a_separate_partition +- ensure_nodev_option_set_on_tmp_partition +- ensure_noexec_option_set_on_tmp_partition +- ensure_nosuid_option_set_on_tmp_partition +- ensure_separate_partition_exists_for_var +- ensure_nodev_option_set_on_var_partition +- ensure_noexec_option_set_on_var_partition +- ensure_nosuid_option_set_on_var_partition +- ensure_separate_partition_exists_for_var_tmp +- ensure_noexec_option_set_on_var_tmp_partition +- ensure_nosuid_option_set_on_var_tmp_partition +- ensure_nodev_option_set_on_var_tmp_partition +- ensure_separate_partition_exists_for_var_log +- ensure_nodev_option_set_on_var_log_partition +- ensure_noexec_option_set_on_var_log_partition +- ensure_nosuid_option_set_on_var_log_partition +- ensure_separate_partition_exists_for_var_log_audit +- ensure_noexec_option_set_on_var_log_audit_partition +- ensure_nodev_option_set_on_var_log_audit_partition +- ensure_nosuid_option_set_on_var_log_audit_partition +- ensure_separate_partition_exists_for_home +- ensure_nodev_option_set_on_home_partition +- ensure_nosuid_option_set_on_home_partition +- ensure_usrquota_option_set_on_home_partition +- ensure_grpquota_option_set_on_home_partition +- ensure_nodev_option_set_on_dev_shm_partition +- ensure_noexec_option_set_on_dev_shm_partition +- ensure_nosuid_option_set_on_dev_shm_partition +- disable_automounting +- disable_usb_storage +- ensure_gpgcheck_is_globally_activated +- ensure_aide_is_installed +- ensure_filesystem_integrity_is_regularly_checked +- ensure_bootloader_password_is_set +- ensure_permissions_on_bootloader_config_are_configured +- ensure_authentication_is_required_when_booting_into_rescue_mode +- ensure_core_dump_storage_is_disabled +- ensure_core_dump_backtraces_are_disabled +- ensure_address_space_layout_randomization_aslr_is_enabled +- ensure_selinux_is_installed +- ensure_selinux_is_not_disabled_in_bootloader_configuration +- ensure_selinux_policy_is_configured +- ensure_the_selinux_mode_is_not_disabled +- ensure_the_selinux_mode_is_enforcing +- ensure_no_unconfined_services_exist +- ensure_setroubleshoot_is_not_installed +- ensure_the_mcs_translation_service_mcstrans_is_not_installed +- ensure_message_of_the_day_is_configured_properly +- ensure_local_login_warning_banner_is_configured_properly +- ensure_remote_login_warning_banner_is_configured_properly +- ensure_permissions_on_etc_motd_are_configured +- ensure_permissions_on_etc_issue_are_configured +- ensure_permissions_on_etc_issue_net_are_configured +- ensure_gdm_login_banner_is_configured +- ensure_last_logged_in_user_display_is_disabled +- ensure_xdmcp_is_not_enabled +- ensure_automatic_mounting_of_removable_media_is_disabled +- ensure_system_wide_crypto_policy_is_not_legacy +- ensure_time_synchronization_is_in_use +- ensure_chrony_is_configured +- ensure_xinetd_is_not_installed +- ensure_avahi_server_is_not_installed +- ensure_cups_is_not_installed +- ensure_dhcp_server_is_not_installed +- ensure_dns_server_is_not_installed +- ensure_ftp_server_is_not_installed +- ensure_vsftp_server_is_not_installed +- ensure_tftp_server_is_not_installed +- ensure_a_web_server_is_not_installed +- ensure_samba_is_not_installed +- ensure_http_proxy_server_is_not_installed +- ensure_net_snmp_is_not_installed +- ensure_nis_server_is_not_installed +- ensure_telnet_server_is_not_installed +- ensure_mail_transfer_agent_is_configured_for_local_only_mode +- ensure_nfs_utils_is_not_installed_or_the_nfs_server_service_is_masked +- ensure_rpcbind_is_not_installed_or_the_rpcbind_services_are_masked +- ensure_rsync_is_not_installed_or_the_rsyncd_service_is_masked +- ensure_nis_client_is_not_installed +- ensure_rsh_client_is_not_installed +- ensure_talk_client_is_not_installed +- ensure_telnet_client_is_not_installed +- ensure_ldap_client_is_not_installed +- ensure_tftp_client_is_not_installed +- ensure_sctp_is_disabled +- ensure_dccp_is_disabled +- ensure_wireless_interfaces_are_disabled +- ensure_ip_forwarding_is_disabled +- ensure_packet_redirect_sending_is_disabled +- ensure_source_routed_packets_are_not_accepted +- ensure_icmp_redirects_are_not_accepted +- ensure_secure_icmp_redirects_are_not_accepted +- ensure_suspicious_packets_are_logged +- ensure_broadcast_icmp_requests_are_ignored +- ensure_bogus_icmp_responses_are_ignored +- ensure_reverse_path_filtering_is_enabled +- ensure_tcp_syn_cookies_is_enabled +- ensure_iptables_packages_are_installed +- ensure_nftables_is_not_installed_with_iptables +- ensure_firewalld_is_either_not_installed_or_masked_with_iptables +- ensure_iptables_loopback_traffic_is_configured +- ensure_iptables_rules_exist_for_all_open_ports +- ensure_iptables_default_deny_firewall_policy +- ensure_iptables_rules_are_saved +- ensure_iptables_is_enabled_and_active +- ensure_auditd_is_installed +- ensure_auditd_service_is_enabled +- ensure_auditing_for_processes_that_start_prior_to_auditd_is_enabled +- ensure_audit_backlog_limit_is_sufficient +- ensure_audit_log_storage_size_is_configured +- ensure_audit_logs_are_not_automatically_deleted +- ensure_system_is_disabled_when_audit_logs_are_full +- ensure_changes_to_system_administration_scope_sudoers_is_collected +- ensure_actions_as_another_user_are_always_logged +- ensure_events_that_modify_the_sudo_log_file_are_collected +- ensure_events_that_modify_date_and_time_information_are_collected +- ensure_events_that_modify_the_systems_network_environment_are_collected +- ensure_use_of_privileged_commands_are_collected +- ensure_unsuccessful_file_access_attempts_are_collected +- ensure_events_that_modify_user_group_information_are_collected +- ensure_discretionary_access_control_permission_modification_events_are_collected +- ensure_successful_file_system_mounts_are_collected +- ensure_session_initiation_information_is_collected +- ensure_login_and_logout_events_are_collected +- ensure_file_deletion_events_by_users_are_collected +- ensure_events_that_modify_the_systems_mandatory_access_controls_are_collected +- ensure_successful_and_unsuccessful_attempts_to_use_the_chcon_command_are_recorded +- ensure_successful_and_unsuccessful_attempts_to_use_the_setfacl_command_are_recorded +- ensure_successful_and_unsuccessful_attempts_to_use_the_chacl_command_are_recorded +- ensure_successful_and_unsuccessful_attempts_to_use_the_usermod_command_are_recorded +- ensure_kernel_module_loading_unloading_and_modification_is_collected +- ensure_the_audit_configuration_is_immutable +- ensure_rsyslog_is_installed +- ensure_rsyslog_service_is_enabled +- ensure_rsyslog_default_file_permissions_are_configured +- ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_service_is_enabled +- ensure_journald_is_configured_to_compress_large_log_files +- ensure_journald_is_configured_to_write_logfiles_to_persistent_disk +- ensure_permissions_on_all_logfiles_are_configured +- ensure_cron_daemon_is_enabled +- ensure_permissions_on_etc_crontab_are_configured +- ensure_permissions_on_etc_cron_hourly_are_configured +- ensure_permissions_on_etc_cron_daily_are_configured +- ensure_permissions_on_etc_cron_weekly_are_configured +- ensure_permissions_on_etc_cron_monthly_are_configured +- ensure_permissions_on_etc_cron_d_are_configured +- ensure_cron_is_restricted_to_authorized_users +- ensure_at_is_restricted_to_authorized_users +- ensure_permissions_on_etc_ssh_sshd_config_are_configured +- ensure_permissions_on_ssh_private_host_key_files_are_configured +- ensure_permissions_on_ssh_public_host_key_files_are_configured +- ensure_ssh_access_is_limited +- ensure_ssh_loglevel_is_appropriate +- ensure_ssh_pam_is_enabled +- ensure_ssh_root_login_is_disabled +- ensure_ssh_hostbasedauthentication_is_disabled +- ensure_ssh_permitemptypasswords_is_disabled +- ensure_ssh_permituserenvironment_is_disabled +- ensure_ssh_ignorerhosts_is_enabled +- ensure_ssh_allowtcpforwarding_is_disabled +- ensure_system_wide_crypto_policy_is_not_over_ridden +- ensure_ssh_warning_banner_is_configured +- ensure_ssh_maxstartups_is_configured +- ensure_ssh_logingracetime_is_set_to_one_minute_or_less +- ensure_ssh_idle_timeout_interval_is_configured +- ensure_sudo_is_installed +- ensure_sudo_commands_use_pty +- ensure_sudo_log_file_exists +- ensure_users_must_provide_password_for_escalation +- ensure_re_authentication_for_privilege_escalation_is_not_disabled_globally +- ensure_sudo_authentication_timeout_is_configured_correctly +- ensure_access_to_the_su_command_is_restricted +- ensure_authselect_includes_with_faillock +- ensure_password_creation_requirements_are_configured +- ensure_lockout_for_failed_password_attempts_is_configured +- ensure_password_reuse_is_limited +- ensure_all_users_last_password_change_date_is_in_the_past +- ensure_system_accounts_are_secured +- ensure_sticky_bit_is_set_on_all_world_writable_directories +- ensure_permissions_on_etc_passwd_are_configured +- ensure_permissions_on_etc_shadow_are_configured +- ensure_permissions_on_etc_group_are_configured +- ensure_permissions_on_etc_gshadow_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_shadow_dash_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_gshadow_dash_are_configured +- ensure_no_world_writable_files_exist +- ensure_no_unowned_files_or_directories_exist +- ensure_no_ungrouped_files_or_directories_exist +- ensure_password_fields_are_not_empty +- ensure_all_groups_in_etc_passwd_exist_in_etc_group +- ensure_no_duplicate_uids_exist +- ensure_no_duplicate_gids_exist +- ensure_no_duplicate_user_names_exist +- ensure_no_duplicate_group_names_exist +- ensure_root_path_integrity +- ensure_all_users_home_directories_exist +- ensure_users_own_their_home_directories +- ensure_users_dot_files_are_not_group_or_world_writable +- ensure_users_netrc_files_are_not_group_or_world_accessible +- ensure_no_users_have_forward_files +- ensure_no_users_have_netrc_files +- ensure_no_users_have_rhosts_files +- ensure_nodev_option_set_on_var_log_audit_partition +- ensure_selinux_is_not_disabled_in_bootloader_configuration +- ensure_vsftp_server_is_not_installed +- ensure_tcp_syn_cookies_is_enabled +- ensure_iptables_is_enabled_and_active +- ensure_successful_file_system_mounts_are_collected +- ensure_journald_is_configured_to_compress_large_log_files +- ensure_ssh_permitemptypasswords_is_disabled +- ensure_password_reuse_is_limited +- ensure_no_duplicate_user_names_exist +- ensure_no_users_have_rhosts_files diff --git a/data/os/Rocky/version/9.yaml b/data/os/Rocky/version/9.yaml new file mode 100644 index 00000000..95167f83 --- /dev/null +++ b/data/os/Rocky/version/9.yaml @@ -0,0 +1,799 @@ +--- +secure_linux_cis::server_level_1: +- ensure_tmp_is_a_separate_partition +- ensure_nodev_option_set_on_tmp_partition +- ensure_noexec_option_set_on_tmp_partition +- ensure_nosuid_option_set_on_tmp_partition +- ensure_separate_partition_exists_for_var +- ensure_nodev_option_set_on_var_partition +- ensure_noexec_option_set_on_var_partition +- ensure_nosuid_option_set_on_var_partition +- ensure_separate_partition_exists_for_var_tmp +- ensure_noexec_option_set_on_var_tmp_partition +- ensure_nosuid_option_set_on_var_tmp_partition +- ensure_nodev_option_set_on_var_tmp_partition +- ensure_nodev_option_set_on_var_log_partition +- ensure_noexec_option_set_on_var_log_partition +- ensure_nosuid_option_set_on_var_log_partition +- ensure_noexec_option_set_on_var_log_audit_partition +- ensure_nodev_option_set_on_var_log_audit_partition +- ensure_nosuid_option_set_on_var_log_audit_partition +- ensure_nodev_option_set_on_home_partition +- ensure_nosuid_option_set_on_home_partition +- ensure_separate_partition_exists_for_dev_shm +- ensure_nodev_option_set_on_dev_shm_partition +- ensure_noexec_option_set_on_dev_shm_partition +- ensure_nosuid_option_set_on_dev_shm_partition +- disable_usb_storage +- ensure_gpgcheck_is_globally_activated +- ensure_aide_is_installed +- ensure_cryptographic_mechanisms_are_used_to_protect_the_integrity_of_audit_tools +- ensure_filesystem_integrity_is_regularly_checked +- ensure_bootloader_password_is_set +- ensure_ssh_maxauthtries_is_set_to_4_or_less +- ensure_ssh_maxsessions_is_set_to_10_or_less +- ensure_permissions_on_bootloader_config_are_configured +- ensure_core_dump_storage_is_disabled +- ensure_core_dump_backtraces_are_disabled +- ensure_address_space_layout_randomization_aslr_is_enabled +- ensure_selinux_is_installed +- ensure_selinux_is_not_disabled_in_bootloader_configuration +- ensure_selinux_policy_is_configured +- ensure_the_selinux_mode_is_not_disabled +- ensure_no_unconfined_services_exist +- ensure_setroubleshoot_is_not_installed +- ensure_the_mcs_translation_service_mcstrans_is_not_installed +- ensure_message_of_the_day_is_configured_properly +- ensure_local_login_warning_banner_is_configured_properly +- ensure_remote_login_warning_banner_is_configured_properly +- ensure_permissions_on_etc_motd_are_configured +- ensure_permissions_on_etc_issue_are_configured +- ensure_permissions_on_etc_issue_net_are_configured +- ensure_gdm_login_banner_is_configured +- ensure_gdm_disable_user_list_option_is_enabled +- ensure_gdm_screen_locks_when_the_user_is_idle +- ensure_last_logged_in_user_display_is_disabled +- ensure_xdmcp_is_not_enabled +- ensure_automatic_mounting_of_removable_media_is_disabled +- ensure_system_wide_crypto_policy_is_not_legacy +- ensure_time_synchronization_is_in_use +- ensure_chrony_is_configured +- ensure_avahi_server_is_not_installed +- ensure_cups_is_not_installed +- ensure_dhcp_server_is_not_installed +- ensure_dns_server_is_not_installed +- ensure_ftp_server_is_not_installed +- ensure_vsftp_server_is_not_installed +- ensure_tftp_server_is_not_installed +- ensure_a_web_server_is_not_installed +- ensure_samba_is_not_installed +- ensure_http_proxy_server_is_not_installed +- ensure_net_snmp_is_not_installed +- ensure_telnet_server_is_not_installed +- ensure_dnsmasq_is_not_installed +- ensure_mail_transfer_agent_is_configured_for_local_only_mode +- ensure_nfs_utils_is_not_installed_or_the_nfs_server_service_is_masked +- ensure_rpcbind_is_not_installed_or_the_rpcbind_services_are_masked +- ensure_rsync_is_not_installed_or_the_rsyncd_service_is_masked +- ensure_rsh_client_is_not_installed +- ensure_talk_client_is_not_installed +- ensure_telnet_client_is_not_installed +- ensure_ldap_client_is_not_installed +- ensure_tftp_client_is_not_installed +- ensure_wireless_interfaces_are_disabled +- ensure_ip_forwarding_is_disabled +- ensure_packet_redirect_sending_is_disabled +- ensure_source_routed_packets_are_not_accepted +- ensure_icmp_redirects_are_not_accepted +- ensure_secure_icmp_redirects_are_not_accepted +- ensure_suspicious_packets_are_logged +- ensure_broadcast_icmp_requests_are_ignored +- ensure_bogus_icmp_responses_are_ignored +- ensure_reverse_path_filtering_is_enabled +- ensure_tcp_syn_cookies_is_enabled +- ensure_rsyslog_is_installed +- ensure_rsyslog_service_is_enabled +- ensure_rsyslog_default_file_permissions_are_configured +- ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_service_is_enabled +- ensure_journald_is_configured_to_compress_large_log_files +- ensure_journald_is_configured_to_write_logfiles_to_persistent_disk +- ensure_permissions_on_all_logfiles_are_configured +- ensure_cron_daemon_is_enabled +- ensure_permissions_on_etc_crontab_are_configured +- ensure_permissions_on_etc_cron_hourly_are_configured +- ensure_permissions_on_etc_cron_daily_are_configured +- ensure_permissions_on_etc_cron_weekly_are_configured +- ensure_permissions_on_etc_cron_monthly_are_configured +- ensure_permissions_on_etc_cron_d_are_configured +- ensure_cron_is_restricted_to_authorized_users +- ensure_at_is_restricted_to_authorized_users +- ensure_permissions_on_etc_ssh_sshd_config_are_configured +- ensure_permissions_on_ssh_private_host_key_files_are_configured +- ensure_permissions_on_ssh_public_host_key_files_are_configured +- ensure_ssh_access_is_limited +- ensure_ssh_loglevel_is_appropriate +- ensure_ssh_pam_is_enabled +- ensure_ssh_root_login_is_disabled +- ensure_ssh_hostbasedauthentication_is_disabled +- ensure_ssh_permitemptypasswords_is_disabled +- ensure_ssh_permituserenvironment_is_disabled +- ensure_ssh_ignorerhosts_is_enabled +- ensure_system_wide_crypto_policy_is_not_over_ridden +- ensure_ssh_warning_banner_is_configured +- ensure_ssh_maxstartups_is_configured +- ensure_ssh_logingracetime_is_set_to_one_minute_or_less +- ensure_ssh_idle_timeout_interval_is_configured +- ensure_sudo_is_installed +- ensure_sudo_commands_use_pty +- ensure_sudo_log_file_exists +- ensure_re_authentication_for_privilege_escalation_is_not_disabled_globally +- ensure_sudo_authentication_timeout_is_configured_correctly +- ensure_access_to_the_su_command_is_restricted +- ensure_authselect_includes_with_faillock +- ensure_password_creation_requirements_are_configured +- ensure_lockout_for_failed_password_attempts_is_configured +- ensure_password_reuse_is_limited +- ensure_password_hashing_algorithm_is_sha_512_or_yescrypt +- ensure_local_interactive_user_home_directories_are_mode_750_or_more_restrictive +- ensure_default_user_umask_is_027_or_more_restrictive +- ensure_default_user_shell_timeout_is_900_seconds_or_less +- ensure_at_least_one_nftables_table_exists +- ensure_host_based_firewall_loopback_traffic_is_configured +- ensure_a_single_firewall_configuration_utility_is_in_use +- ensure_root_password_is_set +- ensure_root_is_the_only_uid_0_account +- ensure_all_users_last_password_change_date_is_in_the_past +- ensure_system_accounts_are_secured +- ensure_sticky_bit_is_set_on_all_world_writable_directories +- ensure_permissions_on_etc_passwd_are_configured +- ensure_permissions_on_etc_shadow_are_configured +- ensure_permissions_on_etc_group_are_configured +- ensure_permissions_on_etc_gshadow_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_shadow_dash_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_gshadow_dash_are_configured +- ensure_no_world_writable_files_exist +- ensure_no_unowned_files_or_directories_exist +- ensure_no_ungrouped_files_or_directories_exist +- ensure_password_fields_are_not_empty +- ensure_all_groups_in_etc_passwd_exist_in_etc_group +- ensure_no_duplicate_uids_exist +- ensure_no_duplicate_gids_exist +- ensure_no_duplicate_user_names_exist +- ensure_no_duplicate_group_names_exist +- ensure_root_path_integrity +- ensure_all_users_home_directories_exist +- ensure_users_own_their_home_directories +- ensure_users_dot_files_are_not_group_or_world_writable +- ensure_users_netrc_files_are_not_group_or_world_accessible +- ensure_no_users_have_forward_files +- ensure_no_users_have_netrc_files +- ensure_no_users_have_rhosts_files +- ensure_accounts_in_etc_passwd_use_shadowed_passwords +- ensure_authselect_includes_with_faillock +secure_linux_cis::server_level_2: +- ensure_mounting_of_squashfs_filesystems_is_disabled +- ensure_mounting_of_udf_filesystems_is_disabled +- ensure_tmp_is_a_separate_partition +- ensure_nodev_option_set_on_tmp_partition +- ensure_noexec_option_set_on_tmp_partition +- ensure_nosuid_option_set_on_tmp_partition +- ensure_separate_partition_exists_for_var +- ensure_nodev_option_set_on_var_partition +- ensure_noexec_option_set_on_var_partition +- ensure_nosuid_option_set_on_var_partition +- ensure_separate_partition_exists_for_var_tmp +- ensure_noexec_option_set_on_var_tmp_partition +- ensure_nosuid_option_set_on_var_tmp_partition +- ensure_nodev_option_set_on_var_tmp_partition +- ensure_separate_partition_exists_for_var_log +- ensure_nodev_option_set_on_var_log_partition +- ensure_noexec_option_set_on_var_log_partition +- ensure_nosuid_option_set_on_var_log_partition +- ensure_separate_partition_exists_for_var_log_audit +- ensure_noexec_option_set_on_var_log_audit_partition +- ensure_nodev_option_set_on_var_log_audit_partition +- ensure_nosuid_option_set_on_var_log_audit_partition +- ensure_separate_partition_exists_for_home +- ensure_nodev_option_set_on_home_partition +- ensure_nosuid_option_set_on_home_partition +- ensure_usrquota_option_set_on_home_partition +- ensure_grpquota_option_set_on_home_partition +- ensure_separate_partition_exists_for_dev_shm +- ensure_nodev_option_set_on_dev_shm_partition +- ensure_noexec_option_set_on_dev_shm_partition +- ensure_nosuid_option_set_on_dev_shm_partition +- ensure_gpgcheck_is_globally_activated +- ensure_aide_is_installed +- ensure_cryptographic_mechanisms_are_used_to_protect_the_integrity_of_audit_tools +- ensure_filesystem_integrity_is_regularly_checked +- ensure_bootloader_password_is_set +- ensure_ssh_maxauthtries_is_set_to_4_or_less +- ensure_ssh_maxsessions_is_set_to_10_or_less +- ensure_permissions_on_bootloader_config_are_configured +- ensure_core_dump_storage_is_disabled +- ensure_core_dump_backtraces_are_disabled +- ensure_address_space_layout_randomization_aslr_is_enabled +- ensure_selinux_is_installed +- ensure_selinux_is_not_disabled_in_bootloader_configuration +- ensure_selinux_policy_is_configured +- ensure_the_selinux_mode_is_not_disabled +- ensure_the_selinux_mode_is_enforcing +- ensure_no_unconfined_services_exist +- ensure_setroubleshoot_is_not_installed +- ensure_the_mcs_translation_service_mcstrans_is_not_installed +- ensure_message_of_the_day_is_configured_properly +- ensure_local_login_warning_banner_is_configured_properly +- ensure_remote_login_warning_banner_is_configured_properly +- ensure_permissions_on_etc_motd_are_configured +- ensure_permissions_on_etc_issue_are_configured +- ensure_permissions_on_etc_issue_net_are_configured +- ensure_gdm_login_banner_is_configured +- ensure_gdm_disable_user_list_option_is_enabled +- ensure_gdm_screen_locks_when_the_user_is_idle +- ensure_last_logged_in_user_display_is_disabled +- ensure_xdmcp_is_not_enabled +- ensure_automatic_mounting_of_removable_media_is_disabled +- ensure_system_wide_crypto_policy_is_not_legacy +- ensure_time_synchronization_is_in_use +- ensure_chrony_is_configured +- ensure_xorg_x11_server_common_is_not_installed +- ensure_avahi_server_is_not_installed +- ensure_cups_is_not_installed +- ensure_dhcp_server_is_not_installed +- ensure_dns_server_is_not_installed +- ensure_ftp_server_is_not_installed +- ensure_vsftp_server_is_not_installed +- ensure_tftp_server_is_not_installed +- ensure_a_web_server_is_not_installed +- ensure_samba_is_not_installed +- ensure_http_proxy_server_is_not_installed +- ensure_net_snmp_is_not_installed +- ensure_telnet_server_is_not_installed +- ensure_dnsmasq_is_not_installed +- ensure_mail_transfer_agent_is_configured_for_local_only_mode +- ensure_nfs_utils_is_not_installed_or_the_nfs_server_service_is_masked +- ensure_rpcbind_is_not_installed_or_the_rpcbind_services_are_masked +- ensure_rsync_is_not_installed_or_the_rsyncd_service_is_masked +- ensure_rsh_client_is_not_installed +- ensure_talk_client_is_not_installed +- ensure_telnet_client_is_not_installed +- ensure_ldap_client_is_not_installed +- ensure_tftp_client_is_not_installed +- ensure_wireless_interfaces_are_disabled +- ensure_ip_forwarding_is_disabled +- ensure_packet_redirect_sending_is_disabled +- ensure_source_routed_packets_are_not_accepted +- ensure_icmp_redirects_are_not_accepted +- ensure_secure_icmp_redirects_are_not_accepted +- ensure_suspicious_packets_are_logged +- ensure_broadcast_icmp_requests_are_ignored +- ensure_bogus_icmp_responses_are_ignored +- ensure_reverse_path_filtering_is_enabled +- ensure_tcp_syn_cookies_is_enabled +- ensure_auditd_is_installed +- ensure_auditd_service_is_enabled +- ensure_auditing_for_processes_that_start_prior_to_auditd_is_enabled +- ensure_audit_backlog_limit_is_sufficient +- ensure_audit_log_storage_size_is_configured +- ensure_audit_logs_are_not_automatically_deleted +- ensure_system_is_disabled_when_audit_logs_are_full +- ensure_changes_to_system_administration_scope_sudoers_is_collected +- ensure_actions_as_another_user_are_always_logged +- ensure_events_that_modify_the_sudo_log_file_are_collected +- ensure_events_that_modify_date_and_time_information_are_collected +- ensure_events_that_modify_the_systems_network_environment_are_collected +- ensure_use_of_privileged_commands_are_collected +- ensure_unsuccessful_file_access_attempts_are_collected +- ensure_events_that_modify_user_group_information_are_collected +- ensure_discretionary_access_control_permission_modification_events_are_collected +- ensure_successful_file_system_mounts_are_collected +- ensure_session_initiation_information_is_collected +- ensure_login_and_logout_events_are_collected +- ensure_file_deletion_events_by_users_are_collected +- ensure_events_that_modify_the_systems_mandatory_access_controls_are_collected +- ensure_successful_and_unsuccessful_attempts_to_use_the_chcon_command_are_recorded +- ensure_successful_and_unsuccessful_attempts_to_use_the_setfacl_command_are_recorded +- ensure_successful_and_unsuccessful_attempts_to_use_the_chacl_command_are_recorded +- ensure_successful_and_unsuccessful_attempts_to_use_the_usermod_command_are_recorded +- ensure_kernel_module_loading_unloading_and_modification_is_collected +- ensure_the_audit_configuration_is_immutable +- ensure_audit_log_files_are_mode_0640_or_less_permissive +- ensure_only_authorized_users_own_audit_log_files +- ensure_the_audit_log_directory_is_0750_or_more_restrictive +- ensure_audit_configuration_files_are_640_or_more_restrictive +- ensure_audit_tools_are_755_or_more_restrictive +- ensure_ssh_x11_forwarding_is_disabled +- ensure_rsyslog_is_installed +- ensure_rsyslog_service_is_enabled +- ensure_rsyslog_default_file_permissions_are_configured +- ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_service_is_enabled +- ensure_journald_is_configured_to_compress_large_log_files +- ensure_journald_is_configured_to_write_logfiles_to_persistent_disk +- ensure_permissions_on_all_logfiles_are_configured +- ensure_cron_daemon_is_enabled +- ensure_permissions_on_etc_crontab_are_configured +- ensure_permissions_on_etc_cron_hourly_are_configured +- ensure_permissions_on_etc_cron_daily_are_configured +- ensure_permissions_on_etc_cron_weekly_are_configured +- ensure_permissions_on_etc_cron_monthly_are_configured +- ensure_permissions_on_etc_cron_d_are_configured +- ensure_cron_is_restricted_to_authorized_users +- ensure_at_is_restricted_to_authorized_users +- ensure_permissions_on_etc_ssh_sshd_config_are_configured +- ensure_permissions_on_ssh_private_host_key_files_are_configured +- ensure_permissions_on_ssh_public_host_key_files_are_configured +- ensure_ssh_access_is_limited +- ensure_ssh_loglevel_is_appropriate +- ensure_ssh_pam_is_enabled +- ensure_ssh_root_login_is_disabled +- ensure_ssh_hostbasedauthentication_is_disabled +- ensure_ssh_permitemptypasswords_is_disabled +- ensure_ssh_permituserenvironment_is_disabled +- ensure_ssh_ignorerhosts_is_enabled +- ensure_ssh_allowtcpforwarding_is_disabled +- ensure_system_wide_crypto_policy_is_not_over_ridden +- ensure_ssh_warning_banner_is_configured +- ensure_ssh_maxstartups_is_configured +- ensure_ssh_logingracetime_is_set_to_one_minute_or_less +- ensure_ssh_idle_timeout_interval_is_configured +- ensure_sudo_is_installed +- ensure_sudo_commands_use_pty +- ensure_sudo_log_file_exists +- ensure_users_must_provide_password_for_escalation +- ensure_re_authentication_for_privilege_escalation_is_not_disabled_globally +- ensure_sudo_authentication_timeout_is_configured_correctly +- ensure_access_to_the_su_command_is_restricted +- ensure_authselect_includes_with_faillock +- ensure_password_creation_requirements_are_configured +- ensure_lockout_for_failed_password_attempts_is_configured +- ensure_password_reuse_is_limited +- ensure_password_hashing_algorithm_is_sha_512_or_yescrypt +- ensure_local_interactive_user_home_directories_are_mode_750_or_more_restrictive +- ensure_default_user_umask_is_027_or_more_restrictive +- ensure_default_user_shell_timeout_is_900_seconds_or_less +- ensure_at_least_one_nftables_table_exists +- ensure_host_based_firewall_loopback_traffic_is_configured +- ensure_a_single_firewall_configuration_utility_is_in_use +- ensure_root_password_is_set +- ensure_root_is_the_only_uid_0_account +- ensure_all_users_last_password_change_date_is_in_the_past +- ensure_system_accounts_are_secured +- ensure_sticky_bit_is_set_on_all_world_writable_directories +- ensure_permissions_on_etc_passwd_are_configured +- ensure_permissions_on_etc_shadow_are_configured +- ensure_permissions_on_etc_group_are_configured +- ensure_permissions_on_etc_gshadow_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_shadow_dash_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_gshadow_dash_are_configured +- ensure_no_world_writable_files_exist +- ensure_no_unowned_files_or_directories_exist +- ensure_no_ungrouped_files_or_directories_exist +- ensure_password_fields_are_not_empty +- ensure_all_groups_in_etc_passwd_exist_in_etc_group +- ensure_no_duplicate_uids_exist +- ensure_no_duplicate_gids_exist +- ensure_no_duplicate_user_names_exist +- ensure_no_duplicate_group_names_exist +- ensure_root_path_integrity +- ensure_all_users_home_directories_exist +- ensure_users_own_their_home_directories +- ensure_users_dot_files_are_not_group_or_world_writable +- ensure_users_netrc_files_are_not_group_or_world_accessible +- ensure_no_users_have_forward_files +- ensure_no_users_have_netrc_files +- ensure_no_users_have_rhosts_files +- ensure_nodev_option_set_on_var_log_audit_partition +- ensure_vsftp_server_is_not_installed +- ensure_tcp_syn_cookies_is_enabled +- ensure_successful_file_system_mounts_are_collected +- ensure_journald_is_configured_to_compress_large_log_files +- ensure_ssh_permitemptypasswords_is_disabled +- ensure_no_duplicate_user_names_exist +- ensure_no_users_have_rhosts_files +- ensure_accounts_in_etc_passwd_use_shadowed_passwords +- ensure_authselect_includes_with_faillock +secure_linux_cis::workstation_level_1: +- ensure_tmp_is_a_separate_partition +- ensure_nodev_option_set_on_tmp_partition +- ensure_noexec_option_set_on_tmp_partition +- ensure_nosuid_option_set_on_tmp_partition +- ensure_separate_partition_exists_for_var +- ensure_nodev_option_set_on_var_partition +- ensure_noexec_option_set_on_var_partition +- ensure_separate_partition_exists_for_var_tmp +- ensure_noexec_option_set_on_var_tmp_partition +- ensure_nosuid_option_set_on_var_tmp_partition +- ensure_nodev_option_set_on_var_tmp_partition +- ensure_nosuid_option_set_on_var_partition +- ensure_nodev_option_set_on_var_log_partition +- ensure_noexec_option_set_on_var_log_partition +- ensure_nosuid_option_set_on_var_log_partition +- ensure_noexec_option_set_on_var_log_audit_partition +- ensure_nodev_option_set_on_var_log_audit_partition +- ensure_nosuid_option_set_on_var_log_audit_partition +- ensure_nodev_option_set_on_home_partition +- ensure_nosuid_option_set_on_home_partition +- ensure_separate_partition_exists_for_dev_shm +- ensure_nodev_option_set_on_dev_shm_partition +- ensure_noexec_option_set_on_dev_shm_partition +- ensure_nosuid_option_set_on_dev_shm_partition +- disable_usb_storage +- ensure_gpgcheck_is_globally_activated +- ensure_aide_is_installed +- ensure_cryptographic_mechanisms_are_used_to_protect_the_integrity_of_audit_tools +- ensure_filesystem_integrity_is_regularly_checked +- ensure_bootloader_password_is_set +- ensure_ssh_maxauthtries_is_set_to_4_or_less +- ensure_ssh_maxsessions_is_set_to_10_or_less +- ensure_permissions_on_bootloader_config_are_configured +- ensure_core_dump_storage_is_disabled +- ensure_core_dump_backtraces_are_disabled +- ensure_address_space_layout_randomization_aslr_is_enabled +- ensure_selinux_is_installed +- ensure_selinux_is_not_disabled_in_bootloader_configuration +- ensure_selinux_policy_is_configured +- ensure_the_selinux_mode_is_not_disabled +- ensure_no_unconfined_services_exist +- ensure_the_mcs_translation_service_mcstrans_is_not_installed +- ensure_message_of_the_day_is_configured_properly +- ensure_local_login_warning_banner_is_configured_properly +- ensure_remote_login_warning_banner_is_configured_properly +- ensure_permissions_on_etc_motd_are_configured +- ensure_permissions_on_etc_issue_are_configured +- ensure_permissions_on_etc_issue_net_are_configured +- ensure_gdm_login_banner_is_configured +- ensure_gdm_disable_user_list_option_is_enabled +- ensure_gdm_screen_locks_when_the_user_is_idle +- ensure_last_logged_in_user_display_is_disabled +- ensure_xdmcp_is_not_enabled +- ensure_system_wide_crypto_policy_is_not_legacy +- ensure_time_synchronization_is_in_use +- ensure_chrony_is_configured +- ensure_dhcp_server_is_not_installed +- ensure_dns_server_is_not_installed +- ensure_ftp_server_is_not_installed +- ensure_vsftp_server_is_not_installed +- ensure_tftp_server_is_not_installed +- ensure_a_web_server_is_not_installed +- ensure_samba_is_not_installed +- ensure_http_proxy_server_is_not_installed +- ensure_net_snmp_is_not_installed +- ensure_telnet_server_is_not_installed +- ensure_dnsmasq_is_not_installed +- ensure_mail_transfer_agent_is_configured_for_local_only_mode +- ensure_nfs_utils_is_not_installed_or_the_nfs_server_service_is_masked +- ensure_rpcbind_is_not_installed_or_the_rpcbind_services_are_masked +- ensure_rsync_is_not_installed_or_the_rsyncd_service_is_masked +- ensure_rsh_client_is_not_installed +- ensure_talk_client_is_not_installed +- ensure_telnet_client_is_not_installed +- ensure_ldap_client_is_not_installed +- ensure_tftp_client_is_not_installed +- ensure_ip_forwarding_is_disabled +- ensure_packet_redirect_sending_is_disabled +- ensure_source_routed_packets_are_not_accepted +- ensure_icmp_redirects_are_not_accepted +- ensure_secure_icmp_redirects_are_not_accepted +- ensure_suspicious_packets_are_logged +- ensure_broadcast_icmp_requests_are_ignored +- ensure_bogus_icmp_responses_are_ignored +- ensure_reverse_path_filtering_is_enabled +- ensure_tcp_syn_cookies_is_enabled +- ensure_rsyslog_is_installed +- ensure_rsyslog_service_is_enabled +- ensure_rsyslog_default_file_permissions_are_configured +- ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_service_is_enabled +- ensure_journald_is_configured_to_compress_large_log_files +- ensure_journald_is_configured_to_write_logfiles_to_persistent_disk +- ensure_permissions_on_all_logfiles_are_configured +- ensure_cron_daemon_is_enabled +- ensure_permissions_on_etc_crontab_are_configured +- ensure_permissions_on_etc_cron_hourly_are_configured +- ensure_permissions_on_etc_cron_daily_are_configured +- ensure_permissions_on_etc_cron_weekly_are_configured +- ensure_permissions_on_etc_cron_monthly_are_configured +- ensure_permissions_on_etc_cron_d_are_configured +- ensure_cron_is_restricted_to_authorized_users +- ensure_at_is_restricted_to_authorized_users +- ensure_permissions_on_etc_ssh_sshd_config_are_configured +- ensure_permissions_on_ssh_private_host_key_files_are_configured +- ensure_permissions_on_ssh_public_host_key_files_are_configured +- ensure_ssh_access_is_limited +- ensure_ssh_loglevel_is_appropriate +- ensure_ssh_pam_is_enabled +- ensure_ssh_root_login_is_disabled +- ensure_ssh_hostbasedauthentication_is_disabled +- ensure_ssh_permitemptypasswords_is_disabled +- ensure_ssh_permituserenvironment_is_disabled +- ensure_ssh_ignorerhosts_is_enabled +- ensure_system_wide_crypto_policy_is_not_over_ridden +- ensure_ssh_x11_forwarding_is_disabled +- ensure_ssh_warning_banner_is_configured +- ensure_ssh_maxstartups_is_configured +- ensure_ssh_logingracetime_is_set_to_one_minute_or_less +- ensure_ssh_idle_timeout_interval_is_configured +- ensure_sudo_is_installed +- ensure_sudo_commands_use_pty +- ensure_sudo_log_file_exists +- ensure_re_authentication_for_privilege_escalation_is_not_disabled_globally +- ensure_sudo_authentication_timeout_is_configured_correctly +- ensure_access_to_the_su_command_is_restricted +- ensure_authselect_includes_with_faillock +- ensure_password_creation_requirements_are_configured +- ensure_lockout_for_failed_password_attempts_is_configured +- ensure_password_reuse_is_limited +- ensure_password_hashing_algorithm_is_sha_512_or_yescrypt +- ensure_local_interactive_user_home_directories_are_mode_750_or_more_restrictive +- ensure_default_user_umask_is_027_or_more_restrictive +- ensure_default_user_shell_timeout_is_900_seconds_or_less +- ensure_at_least_one_nftables_table_exists +- ensure_host_based_firewall_loopback_traffic_is_configured +- ensure_a_single_firewall_configuration_utility_is_in_use +- ensure_root_password_is_set +- ensure_root_is_the_only_uid_0_account +- ensure_all_users_last_password_change_date_is_in_the_past +- ensure_system_accounts_are_secured +- ensure_sticky_bit_is_set_on_all_world_writable_directories +- ensure_permissions_on_etc_passwd_are_configured +- ensure_permissions_on_etc_shadow_are_configured +- ensure_permissions_on_etc_group_are_configured +- ensure_permissions_on_etc_gshadow_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_shadow_dash_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_gshadow_dash_are_configured +- ensure_no_world_writable_files_exist +- ensure_no_unowned_files_or_directories_exist +- ensure_no_ungrouped_files_or_directories_exist +- ensure_password_fields_are_not_empty +- ensure_all_groups_in_etc_passwd_exist_in_etc_group +- ensure_no_duplicate_uids_exist +- ensure_no_duplicate_gids_exist +- ensure_no_duplicate_user_names_exist +- ensure_no_duplicate_group_names_exist +- ensure_root_path_integrity +- ensure_all_users_home_directories_exist +- ensure_users_own_their_home_directories +- ensure_users_dot_files_are_not_group_or_world_writable +- ensure_users_netrc_files_are_not_group_or_world_accessible +- ensure_no_users_have_forward_files +- ensure_no_users_have_netrc_files +- ensure_no_users_have_rhosts_files +- ensure_accounts_in_etc_passwd_use_shadowed_passwords +- ensure_authselect_includes_with_faillock +secure_linux_cis::workstation_level_2: +- ensure_mounting_of_squashfs_filesystems_is_disabled +- ensure_mounting_of_udf_filesystems_is_disabled +- ensure_tmp_is_a_separate_partition +- ensure_nodev_option_set_on_tmp_partition +- ensure_noexec_option_set_on_tmp_partition +- ensure_nosuid_option_set_on_tmp_partition +- ensure_separate_partition_exists_for_var +- ensure_nodev_option_set_on_var_partition +- ensure_noexec_option_set_on_var_partition +- ensure_nosuid_option_set_on_var_partition +- ensure_separate_partition_exists_for_var_tmp +- ensure_noexec_option_set_on_var_tmp_partition +- ensure_nosuid_option_set_on_var_tmp_partition +- ensure_nodev_option_set_on_var_tmp_partition +- ensure_separate_partition_exists_for_var_log +- ensure_nodev_option_set_on_var_log_partition +- ensure_noexec_option_set_on_var_log_partition +- ensure_nosuid_option_set_on_var_log_partition +- ensure_separate_partition_exists_for_var_log_audit +- ensure_noexec_option_set_on_var_log_audit_partition +- ensure_nodev_option_set_on_var_log_audit_partition +- ensure_nosuid_option_set_on_var_log_audit_partition +- ensure_separate_partition_exists_for_home +- ensure_nodev_option_set_on_home_partition +- ensure_nosuid_option_set_on_home_partition +- ensure_usrquota_option_set_on_home_partition +- ensure_grpquota_option_set_on_home_partition +- ensure_separate_partition_exists_for_dev_shm +- ensure_nodev_option_set_on_dev_shm_partition +- ensure_noexec_option_set_on_dev_shm_partition +- ensure_nosuid_option_set_on_dev_shm_partition +- disable_usb_storage +- ensure_gpgcheck_is_globally_activated +- ensure_aide_is_installed +- ensure_cryptographic_mechanisms_are_used_to_protect_the_integrity_of_audit_tools +- ensure_filesystem_integrity_is_regularly_checked +- ensure_bootloader_password_is_set +- ensure_ssh_maxauthtries_is_set_to_4_or_less +- ensure_ssh_maxsessions_is_set_to_10_or_less +- ensure_permissions_on_bootloader_config_are_configured +- ensure_core_dump_storage_is_disabled +- ensure_core_dump_backtraces_are_disabled +- ensure_address_space_layout_randomization_aslr_is_enabled +- ensure_selinux_is_installed +- ensure_selinux_policy_is_configured +- ensure_the_selinux_mode_is_not_disabled +- ensure_the_selinux_mode_is_enforcing +- ensure_no_unconfined_services_exist +- ensure_the_mcs_translation_service_mcstrans_is_not_installed +- ensure_message_of_the_day_is_configured_properly +- ensure_local_login_warning_banner_is_configured_properly +- ensure_remote_login_warning_banner_is_configured_properly +- ensure_permissions_on_etc_motd_are_configured +- ensure_permissions_on_etc_issue_are_configured +- ensure_permissions_on_etc_issue_net_are_configured +- ensure_gnome_display_manager_is_removed +- ensure_gdm_login_banner_is_configured +- ensure_gdm_disable_user_list_option_is_enabled +- ensure_gdm_screen_locks_when_the_user_is_idle +- ensure_last_logged_in_user_display_is_disabled +- ensure_xdmcp_is_not_enabled +- ensure_automatic_mounting_of_removable_media_is_disabled +- ensure_system_wide_crypto_policy_is_not_legacy +- ensure_time_synchronization_is_in_use +- ensure_chrony_is_configured +- ensure_avahi_server_is_not_installed +- ensure_cups_is_not_installed +- ensure_dhcp_server_is_not_installed +- ensure_dns_server_is_not_installed +- ensure_ftp_server_is_not_installed +- ensure_vsftp_server_is_not_installed +- ensure_tftp_server_is_not_installed +- ensure_a_web_server_is_not_installed +- ensure_samba_is_not_installed +- ensure_http_proxy_server_is_not_installed +- ensure_net_snmp_is_not_installed +- ensure_telnet_server_is_not_installed +- ensure_dnsmasq_is_not_installed +- ensure_mail_transfer_agent_is_configured_for_local_only_mode +- ensure_nfs_utils_is_not_installed_or_the_nfs_server_service_is_masked +- ensure_rpcbind_is_not_installed_or_the_rpcbind_services_are_masked +- ensure_rsync_is_not_installed_or_the_rsyncd_service_is_masked +- ensure_rsh_client_is_not_installed +- ensure_talk_client_is_not_installed +- ensure_telnet_client_is_not_installed +- ensure_ldap_client_is_not_installed +- ensure_tftp_client_is_not_installed +- ensure_wireless_interfaces_are_disabled +- ensure_ip_forwarding_is_disabled +- ensure_packet_redirect_sending_is_disabled +- ensure_source_routed_packets_are_not_accepted +- ensure_icmp_redirects_are_not_accepted +- ensure_secure_icmp_redirects_are_not_accepted +- ensure_suspicious_packets_are_logged +- ensure_broadcast_icmp_requests_are_ignored +- ensure_bogus_icmp_responses_are_ignored +- ensure_reverse_path_filtering_is_enabled +- ensure_tcp_syn_cookies_is_enabled +- ensure_auditd_is_installed +- ensure_auditd_service_is_enabled +- ensure_auditing_for_processes_that_start_prior_to_auditd_is_enabled +- ensure_audit_backlog_limit_is_sufficient +- ensure_audit_log_storage_size_is_configured +- ensure_audit_logs_are_not_automatically_deleted +- ensure_system_is_disabled_when_audit_logs_are_full +- ensure_changes_to_system_administration_scope_sudoers_is_collected +- ensure_actions_as_another_user_are_always_logged +- ensure_events_that_modify_the_sudo_log_file_are_collected +- ensure_events_that_modify_date_and_time_information_are_collected +- ensure_events_that_modify_the_systems_network_environment_are_collected +- ensure_use_of_privileged_commands_are_collected +- ensure_unsuccessful_file_access_attempts_are_collected +- ensure_events_that_modify_user_group_information_are_collected +- ensure_discretionary_access_control_permission_modification_events_are_collected +- ensure_successful_file_system_mounts_are_collected +- ensure_session_initiation_information_is_collected +- ensure_login_and_logout_events_are_collected +- ensure_file_deletion_events_by_users_are_collected +- ensure_events_that_modify_the_systems_mandatory_access_controls_are_collected +- ensure_successful_and_unsuccessful_attempts_to_use_the_chcon_command_are_recorded +- ensure_successful_and_unsuccessful_attempts_to_use_the_setfacl_command_are_recorded +- ensure_successful_and_unsuccessful_attempts_to_use_the_chacl_command_are_recorded +- ensure_successful_and_unsuccessful_attempts_to_use_the_usermod_command_are_recorded +- ensure_kernel_module_loading_unloading_and_modification_is_collected +- ensure_the_audit_configuration_is_immutable +- ensure_audit_log_files_are_mode_0640_or_less_permissive +- ensure_only_authorized_users_own_audit_log_files +- ensure_the_audit_log_directory_is_0750_or_more_restrictive +- ensure_audit_configuration_files_are_640_or_more_restrictive +- ensure_audit_tools_are_755_or_more_restrictive +- ensure_ssh_x11_forwarding_is_disabled +- ensure_rsyslog_is_installed +- ensure_rsyslog_service_is_enabled +- ensure_rsyslog_default_file_permissions_are_configured +- ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_is_not_configured_to_recieve_logs_from_a_remote_client +- ensure_journald_service_is_enabled +- ensure_journald_is_configured_to_compress_large_log_files +- ensure_journald_is_configured_to_write_logfiles_to_persistent_disk +- ensure_permissions_on_all_logfiles_are_configured +- ensure_cron_daemon_is_enabled +- ensure_permissions_on_etc_crontab_are_configured +- ensure_permissions_on_etc_cron_hourly_are_configured +- ensure_permissions_on_etc_cron_daily_are_configured +- ensure_permissions_on_etc_cron_weekly_are_configured +- ensure_permissions_on_etc_cron_monthly_are_configured +- ensure_permissions_on_etc_cron_d_are_configured +- ensure_cron_is_restricted_to_authorized_users +- ensure_at_is_restricted_to_authorized_users +- ensure_permissions_on_etc_ssh_sshd_config_are_configured +- ensure_permissions_on_ssh_private_host_key_files_are_configured +- ensure_permissions_on_ssh_public_host_key_files_are_configured +- ensure_ssh_access_is_limited +- ensure_ssh_loglevel_is_appropriate +- ensure_ssh_pam_is_enabled +- ensure_ssh_root_login_is_disabled +- ensure_ssh_hostbasedauthentication_is_disabled +- ensure_ssh_permitemptypasswords_is_disabled +- ensure_ssh_permituserenvironment_is_disabled +- ensure_ssh_ignorerhosts_is_enabled +- ensure_ssh_allowtcpforwarding_is_disabled +- ensure_system_wide_crypto_policy_is_not_over_ridden +- ensure_ssh_warning_banner_is_configured +- ensure_ssh_maxstartups_is_configured +- ensure_ssh_logingracetime_is_set_to_one_minute_or_less +- ensure_ssh_idle_timeout_interval_is_configured +- ensure_sudo_is_installed +- ensure_sudo_commands_use_pty +- ensure_sudo_log_file_exists +- ensure_users_must_provide_password_for_escalation +- ensure_re_authentication_for_privilege_escalation_is_not_disabled_globally +- ensure_sudo_authentication_timeout_is_configured_correctly +- ensure_access_to_the_su_command_is_restricted +- ensure_authselect_includes_with_faillock +- ensure_password_creation_requirements_are_configured +- ensure_lockout_for_failed_password_attempts_is_configured +- ensure_password_reuse_is_limited +- ensure_password_hashing_algorithm_is_sha_512_or_yescrypt +- ensure_local_interactive_user_home_directories_are_mode_750_or_more_restrictive +- ensure_default_user_umask_is_027_or_more_restrictive +- ensure_default_user_shell_timeout_is_900_seconds_or_less +- ensure_at_least_one_nftables_table_exists +- ensure_host_based_firewall_loopback_traffic_is_configured +- ensure_a_single_firewall_configuration_utility_is_in_use +- ensure_root_password_is_set +- ensure_root_is_the_only_uid_0_account +- ensure_all_users_last_password_change_date_is_in_the_past +- ensure_system_accounts_are_secured +- ensure_sticky_bit_is_set_on_all_world_writable_directories +- ensure_permissions_on_etc_passwd_are_configured +- ensure_permissions_on_etc_shadow_are_configured +- ensure_permissions_on_etc_group_are_configured +- ensure_permissions_on_etc_gshadow_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_shadow_dash_are_configured +- ensure_permissions_on_etc_passwd_dash_are_configured +- ensure_permissions_on_etc_gshadow_dash_are_configured +- ensure_no_world_writable_files_exist +- ensure_no_unowned_files_or_directories_exist +- ensure_no_ungrouped_files_or_directories_exist +- ensure_password_fields_are_not_empty +- ensure_all_groups_in_etc_passwd_exist_in_etc_group +- ensure_no_duplicate_uids_exist +- ensure_no_duplicate_gids_exist +- ensure_no_duplicate_user_names_exist +- ensure_no_duplicate_group_names_exist +- ensure_root_path_integrity +- ensure_all_users_home_directories_exist +- ensure_users_own_their_home_directories +- ensure_users_dot_files_are_not_group_or_world_writable +- ensure_users_netrc_files_are_not_group_or_world_accessible +- ensure_no_users_have_forward_files +- ensure_no_users_have_netrc_files +- ensure_no_users_have_rhosts_files +- ensure_nodev_option_set_on_var_log_audit_partition +- ensure_selinux_is_not_disabled_in_bootloader_configuration +- ensure_vsftp_server_is_not_installed +- ensure_tcp_syn_cookies_is_enabled +- ensure_successful_file_system_mounts_are_collected +- ensure_journald_is_configured_to_compress_large_log_files +- ensure_ssh_permitemptypasswords_is_disabled +- ensure_no_duplicate_user_names_exist +- ensure_no_users_have_rhosts_files +- ensure_accounts_in_etc_passwd_use_shadowed_passwords +- ensure_authselect_includes_with_faillock diff --git a/data/osfamily/RedHat/version/9.yaml b/data/osfamily/RedHat/version/9.yaml new file mode 100644 index 00000000..d5e6bbe5 --- /dev/null +++ b/data/osfamily/RedHat/version/9.yaml @@ -0,0 +1,2 @@ +--- +secure_linux_cis::rules::ensure_gpgcheck_is_globally_activated::package_configuration: /etc/dnf/dnf.conf diff --git a/files/ensure_a_single_firewall_configuration_utility_is_in_use.sh b/files/ensure_a_single_firewall_configuration_utility_is_in_use.sh new file mode 100644 index 00000000..48d76587 --- /dev/null +++ b/files/ensure_a_single_firewall_configuration_utility_is_in_use.sh @@ -0,0 +1,46 @@ +#!/usr/bin/env bash +{ + l_output="" l_output2="" l_fwd_status="" l_nft_status="" l_fwutil_status="" + # Determine FirewallD utility Status + rpm -q firewalld > /dev/null 2>&1 && l_fwd_status="$(systemctl is-enabled firewalld.service):$(systemctl is-active firewalld.service)" + # Determine NFTables utility Status + rpm -q nftables > /dev/null 2>&1 && l_nft_status="$(systemctl is-enabled nftables.service):$(systemctl is-active nftables.service)" + l_fwutil_status="$l_fwd_status:$l_nft_status" + case $l_fwutil_status in + enabled:active:masked:inactive|enabled:active:disabled:inactive) + echo -e "\n - FirewallD utility is in use, enabled and active\n - NFTables utility is correctly disabled or masked and inactive\n - no remediation required" ;; + masked:inactive:enabled:active|disabled:inactive:enabled:active) + echo -e "\n - NFTables utility is in use, enabled and active\n - FirewallD utility is correctly disabled or masked and inactive\n - no remediation required" ;; + enabled:active:enabled:active) + echo -e "\n - Both FirewallD and NFTables utilities are enabled and active\n - stopping and masking NFTables utility" + systemctl stop nftables && systemctl --now mask nftables ;; + enabled:*:enabled:*) + echo -e "\n - Both FirewallD and NFTables utilities are enabled\n - remediating" + if [ "$(awk -F: '{print $2}' <<< "$l_fwutil_status")" = "active" ] && [ "$(awk -F: '{print $4}' <<< "$l_fwutil_status")" = "inactive" ]; then + echo " - masking NFTables utility" + systemctl stop nftables && systemctl --now mask nftables + elif [ "$(awk -F: '{print $4}' <<< "$l_fwutil_status")" = "active" ] && [ "$(awk -F: '{print $2}' <<< "$l_fwutil_status")" = "inactive" ]; then + echo " - masking FirewallD utility" + systemctl stop firewalld && systemctl --now mask firewalld + fi ;; + *:active:*:active) + echo -e "\n - Both FirewallD and NFTables utilities are active\n - remediating" + if [ "$(awk -F: '{print $1}' <<< "$l_fwutil_status")" = "enabled" ] && [ "$(awk -F: '{print $3}' <<< "$l_fwutil_status")" != "enabled" ]; then + echo " - stopping and masking NFTables utility" + systemctl stop nftables && systemctl --now mask nftables + elif [ "$(awk -F: '{print $3}' <<< "$l_fwutil_status")" = "enabled" ] && [ "$(awk -F: '{print $1}' <<< "$l_fwutil_status")" != "enabled" ]; then + echo " - stopping and masking FirewallD utility" + systemctl stop firewalld && systemctl --now mask firewalld + fi ;; + :enabled:active) + echo -e "\n - NFTables utility is in use, enabled, and active\n - FirewallD package is not installed\n - no remediation required" ;; + :) + echo -e "\n - Neither FirewallD or NFTables is installed.\n - remediating\n - installing NFTables" + dnf -q install nftables ;; + *:*:) + echo -e "\n - NFTables package is not installed on the system\n - remediating\n - installing NFTables" + dnf -q install nftables ;; + *) + echo -e "\n - Unable to determine firewall state" ;; + esac +} diff --git a/files/ensure_at_least_one_nftables_table_exists.sh b/files/ensure_at_least_one_nftables_table_exists.sh new file mode 100644 index 00000000..1b851e26 --- /dev/null +++ b/files/ensure_at_least_one_nftables_table_exists.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash +{ + l_hbfw="" + if systemctl is-enabled firewalld.service | grep -q 'enabled' && systemctl is-enabled nftables.service | grep -q 'enabled'; then + echo -e "\n - Error - Both FirewallD and NFTables are enabled\n - Please follow recommendation: \"Ensure a single firewall configuration utility is in use\"" + elif ! systemctl is-enabled firewalld.service | grep -q 'enabled' && ! systemctl is-enabled nftables.service | grep -q 'enabled'; then + echo -e "\n - Error - Neither FirewallD or NFTables is enabled\n - Please follow recommendation: \"Ensure a single firewall configuration utility is in use\"" + else + if systemctl is-enabled firewalld.service | grep -q 'enabled' && ! systemctl is-enabled nftables.service | grep -q 'enabled'; then + echo -e "\n - FirewallD is in use on the system" && l_hbfw="fwd" + if ! nft list tables | grep -Pq -- 'table'; then + echo -e "\n - No tables found, create table firewalld" + nft create table inet firewalld + fi + elif ! systemctl is-enabled firewalld.service | grep -q 'enabled' && systemctl is-enabled nftables.service | grep -q 'enabled'; then + echo -e "\n - NFTables is in use on the system" && l_hbfw="nft" + if ! nft list tables | grep -Pq -- 'table'; then + echo -e "\n - No tables found, create table filter" + nft create table inet filter + fi + fi + fi +} diff --git a/files/ensure_authselect_includes_with_faillock.sh b/files/ensure_authselect_includes_with_faillock.sh new file mode 100644 index 00000000..ceaeb5e4 --- /dev/null +++ b/files/ensure_authselect_includes_with_faillock.sh @@ -0,0 +1,2 @@ + +/usr/bin/authselect enable-feature with-faillock && /usr/bin/authselect apply-changes diff --git a/files/ensure_default_user_shell_timeout_is_900_seconds_or_less.sh b/files/ensure_default_user_shell_timeout_is_900_seconds_or_less.sh new file mode 100644 index 00000000..351e1964 --- /dev/null +++ b/files/ensure_default_user_shell_timeout_is_900_seconds_or_less.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash +{ + # this script just changes inline all the occurences of TMOUT=xxx to TMOUT=yyy where yyy = 900 if yyy > 900 + # actually cares variable is properly exported as set readonly other manifest: 'ensure_default_user_shell_timeout_is_configured.pp' + for f in /etc/bashrc /etc/profile /etc/profile.d/*.sh ; do + + test -f "$f" && awk -i inplace 'match($0, /(^|[^\w])TMOUT=([0-9]+)/, capvar) { print (capvar[2] <= 900? $0: gensub(/(^|[^\w])TMOUT=([0-9]+)/, "\\1TMOUT=900", "g")) } !/(^|\s+|[^\w])TMOUT=([0-9]+)/ { print $0 }' $f + done +} diff --git a/files/ensure_default_user_umask_is_027_or_more_restrictive.sh b/files/ensure_default_user_umask_is_027_or_more_restrictive.sh new file mode 100644 index 00000000..63b02f32 --- /dev/null +++ b/files/ensure_default_user_umask_is_027_or_more_restrictive.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +{ + for f in /etc/bashrc /etc/profile /etc/profile.d/*.sh ; do + + # TODO: does not work with symbolic umasks yet + test -f "$f" && awk -i inplace 'match($0, /(^|[^\w])umask\s+([^\s]+)/, capvar) { print (capvar[2] >= 027? $0: gensub(/(^|[^\w])umask\s+([^\s]+)/, "\\1umask 027", "g")) } !/(^|[^\w])umask\s+([^\s]+)/ { print $0 }' $f + done + + awk -i inplace 'match($0, /(^|[^\w])UMASK\s+([^\s]+)/, capvar) { print (capvar[2] >= 027? $0: gensub(/(^|[^\w])UMASK\s+([^\s]+)/, "\\1UMASK 027", "g")) } !/(^|[^\w])UMASK\s+([^\s]+)/ { print $0 }' /etc/login.defs +} diff --git a/files/ensure_host_based_firewall_loopback_traffic_is_configured.sh b/files/ensure_host_based_firewall_loopback_traffic_is_configured.sh new file mode 100644 index 00000000..707a4742 --- /dev/null +++ b/files/ensure_host_based_firewall_loopback_traffic_is_configured.sh @@ -0,0 +1,49 @@ +#!/usr/bin/env bash +{ + l_hbfw="" + if systemctl is-enabled firewalld.service | grep -q 'enabled' && systemctl is-enabled nftables.service | grep -q 'enabled'; then + echo -e "\n - Error - Both FirewallD and NFTables are enabled\n - Please follow recommendation: \"Ensure a single firewall configuration utility is in use\"" + elif ! systemctl is-enabled firewalld.service | grep -q 'enabled' && ! systemctl is-enabled nftables.service | grep -q 'enabled'; then + echo -e "\n - Error - Neither FirewallD or NFTables is enabled\n - Please follow recommendation: \"Ensure a single firewall configuration utility is in use\"" + else + if systemctl is-enabled firewalld.service | grep -q 'enabled' && ! systemctl is-enabled nftables.service | grep -q 'enabled'; then + echo -e "\n - FirewallD is in use on the system" && l_hbfw="fwd" + elif ! systemctl is-enabled firewalld.service | grep -q 'enabled' && systemctl is-enabled nftables.service | grep -q 'enabled'; then + echo -e "\n - NFTables is in use on the system" && l_hbfw="nft" + fi + l_ipsaddr="$(nft list ruleset | awk '/filter_IN_public_deny|hook\s+input\s+/,/\}\s*(#.*)?$/' | grep -P -- 'ip\h+saddr')" + if ! nft list ruleset | awk '/hook\s+input\s+/,/\}\s*(#.*)?$/' | grep -Pq -- '\H+\h+"lo"\h+accept'; then + echo -e "\n - Enabling input to accept for loopback address" + if [ "$l_hbfw" = "fwd" ]; then + firewall-cmd --permanent --zone=trusted --add-interface=lo + firewall-cmd --reload + elif [ "$l_hbfw" = "nft" ]; then + nft add rule inet filter input iif lo accept + fi + fi + if ! grep -Pq -- 'ip\h+saddr\h+127\.0\.0\.0\/8\h+(counter\h+packets\h+\d+\h+bytes\h+\d+\h+)?drop' <<< "$l_ipsaddr" && ! grep -Pq -- 'ip\h+daddr\h+\!\=\h+127\.0\.0\.1\h+ip\h+saddr\h+127\.0\.0\.1\h+drop' <<< "$l_ipsaddr"; then + echo -e "\n - Setting IPv4 network traffic from loopback address to drop" + if [ "$l_hbfw" = "fwd" ]; then + firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="127.0.0.1" destination not address="127.0.0.1" drop' + firewall-cmd --permanent --zone=trusted --add-rich-rule='rule family=ipv4 source address="127.0.0.1" destination not address="127.0.0.1" drop' + firewall-cmd --reload + elif [ "$l_hbfw" = "nft" ]; then + nft create rule inet filter input ip saddr 127.0.0.0/8 counter drop + fi + fi + + if grep -Pq -- '^\h*0\h*$' /sys/module/ipv6/parameters/disable; then + l_ip6saddr="$(nft list ruleset | awk '/filter_IN_public_deny|hook input/,/}/' | grep 'ip6 saddr')" + if ! grep -Pq 'ip6\h+saddr\h+::1\h+(counter\h+packets\h+\d+\h+bytes\h+\d+\h+)?drop' <<< "$l_ip6saddr" && ! grep -Pq -- 'ip6\h+daddr\h+\!=\h+::1\h+ip6\h+saddr\h+::1\h+drop' <<< "$l_ip6saddr"; then + echo -e "\n - Setting IPv6 network traffic from loopback address to drop" + if [ "$l_hbfw" = "fwd" ]; then + firewall-cmd --permanent --add-rich-rule='rule family=ipv6 source address="::1" destination not address="::1" drop' + firewall-cmd --permanent --zone=trusted --add-rich-rule='rule family=ipv6 source address="::1" destination not address="::1" drop' + firewall-cmd --reload + elif [ "$l_hbfw" = "nft" ]; then + nft add rule inet filter input ip6 saddr ::1 counter drop + fi + fi + fi + fi +} diff --git a/files/ensure_local_interactive_user_home_directories_are_mode_750_or_more_restrictive.sh b/files/ensure_local_interactive_user_home_directories_are_mode_750_or_more_restrictive.sh new file mode 100644 index 00000000..c2928156 --- /dev/null +++ b/files/ensure_local_interactive_user_home_directories_are_mode_750_or_more_restrictive.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash +{ + perm_mask='0027' + maxperm="$( printf '%o' $(( 0777 & ~$perm_mask)) )" + valid_shells="^($( sed -rn '/^\//{s,/,\\\\/,g;p}' /etc/shells | paste -s -d '|' - ))$" + awk -v pat="$valid_shells" -F: '$(NF) ~ pat { print $1 " " $(NF-1) }' /etc/passwd | (while read -r user home; do + mode=$( stat -L -c '%#a' "$home" ) + if [ $(( $mode & $perm_mask )) -gt 0 ]; then + echo -e "- modifying User $user home directory: \"$home\"\n- removing excessive permissions from current mode of \"$mode\"" + chmod g-w,o-rwx "$home" + fi + done) +} diff --git a/files/ensure_password_hashing_algorithm_is_sha_512_or_yescrypt.sh b/files/ensure_password_hashing_algorithm_is_sha_512_or_yescrypt.sh new file mode 100644 index 00000000..0e16fb6d --- /dev/null +++ b/files/ensure_password_hashing_algorithm_is_sha_512_or_yescrypt.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash +{ + if [ -f /etc/authselect/authselect.conf ]; then + for fn in system-auth password-auth; do + file="/etc/authselect/$(head -1 /etc/authselect/authselect.conf | grep 'custom/')/$fn" + if ! grep -Pq -- '^\h*password\h+(requisite|required|sufficient)\h+pam_unix\.so(\h+[^#\n\r]+)?\h+sha512\b.*$' "$file"; then + if grep -Pq -- '^\h*password\h+(requisite|required|sufficient)\h+pam_unix\.so(\h+[^#\n\r]+)?\h+(md5|blowfish|bigcrypt|sha256|yescrypt)\b.*$' "$file"; then + sed -ri 's/(md5|blowfish|bigcrypt|sha256|yescrypt)/sha512/' "$file" + else + sed -ri 's/(^\s*password\s+(requisite|required|sufficient)\s+pam_unix.so\s+)(.*)$/\1sha512 \3/' "$file" + fi + authselect apply-changes + fi + done + fi +} diff --git a/lib/facter/are_legacy_crypto_policies.rb b/lib/facter/are_legacy_crypto_policies.rb index daa4e557..55b0a507 100644 --- a/lib/facter/are_legacy_crypto_policies.rb +++ b/lib/facter/are_legacy_crypto_policies.rb @@ -1,6 +1,6 @@ Facter.add('are_legacy_crypto_policies') do confine osfamily: 'RedHat' - confine operatingsystemmajrelease: '8' + confine operatingsystemmajrelease: ['8', '9'] setcode do File.open('/etc/crypto-policies/config').each do |i| diff --git a/lib/facter/crypto_policy_sshd.rb b/lib/facter/crypto_policy_sshd.rb index 355a001b..f5b25813 100644 --- a/lib/facter/crypto_policy_sshd.rb +++ b/lib/facter/crypto_policy_sshd.rb @@ -1,11 +1,14 @@ Facter.add('crypto_policy_sshd') do confine osfamily: 'RedHat' - confine operatingsystemmajrelease: '8' + confine operatingsystemmajrelease: ['8', '9'] setcode do + code=false File.open('/etc/sysconfig/sshd').each do |i| - return true if %r{^\s*CRYPTO_POLICY=*$}i.match?(i) + if %r{^\s*CRYPTO_POLICY=.*$}i.match?(i) + code=true + end end - false + code end end diff --git a/lib/facter/root_password_empty.rb b/lib/facter/root_password_empty.rb new file mode 100644 index 00000000..a7cc4584 --- /dev/null +++ b/lib/facter/root_password_empty.rb @@ -0,0 +1,8 @@ +# frozen_string_literal: true + +# root_password_empty.rb + +Facter.add('root_password_empty') do + confine kernel: 'Linux' + setcode "egrep '^root:' /etc/shadow | awk -F: \'($2 == \"\" ) { print $1 \" does not have a password \"}\'" +end diff --git a/manifests/rules/ensure_a_single_firewall_configuration_utility_is_in_use.pp b/manifests/rules/ensure_a_single_firewall_configuration_utility_is_in_use.pp new file mode 100644 index 00000000..8a616ec7 --- /dev/null +++ b/manifests/rules/ensure_a_single_firewall_configuration_utility_is_in_use.pp @@ -0,0 +1,10 @@ +# @api private +# +# @summary Ensure a single firewall configuration utility is in use +# +class secure_linux_cis::rules::ensure_a_single_firewall_configuration_utility_is_in_use { + exec { "Ensure a single firewall configuration utility is in use": + command => "/usr/share/cis_scripts/ensure_a_single_firewall_configuration_utility_is_in_use.sh", + logoutput => true, + } +} diff --git a/manifests/rules/ensure_accounts_in_etc_passwd_use_shadowed_passwords.pp b/manifests/rules/ensure_accounts_in_etc_passwd_use_shadowed_passwords.pp index 54ac66ed..20b147a9 100644 --- a/manifests/rules/ensure_accounts_in_etc_passwd_use_shadowed_passwords.pp +++ b/manifests/rules/ensure_accounts_in_etc_passwd_use_shadowed_passwords.pp @@ -3,5 +3,9 @@ # @summary Ensure accounts in /etc/passwd use shadowed passwords # class secure_linux_cis::rules::ensure_accounts_in_etc_passwd_use_shadowed_passwords { - # TODO: fix + exec { 'Ensure accounts in /etc/passwd use shadowed passwords': + command => "/usr/bin/sed -e 's/^\\([a-zA-Z0-9_]*\\):[^:]*:/\\1:x:/' -i /etc/passwd", + onlyif => "/usr/bin/egrep -qv '^[^:]+:x:' /etc/passwd", + logoutput => true, + } } diff --git a/manifests/rules/ensure_at_least_one_nftables_table_exists.pp b/manifests/rules/ensure_at_least_one_nftables_table_exists.pp new file mode 100644 index 00000000..7c94d55b --- /dev/null +++ b/manifests/rules/ensure_at_least_one_nftables_table_exists.pp @@ -0,0 +1,10 @@ +# @api private +# +# @summary Ensure at least one nftables table exists +# +class secure_linux_cis::rules::ensure_at_least_one_nftables_table_exists { + exec { "Ensure at least one nftables table exists": + command => "/usr/share/cis_scripts/ensure_at_least_one_nftables_table_exists.sh", + logoutput => true, + } +} diff --git a/manifests/rules/ensure_audit_configuration_files_are_640_or_more_restrictive.pp b/manifests/rules/ensure_audit_configuration_files_are_640_or_more_restrictive.pp new file mode 100644 index 00000000..fedc3aa8 --- /dev/null +++ b/manifests/rules/ensure_audit_configuration_files_are_640_or_more_restrictive.pp @@ -0,0 +1,11 @@ +# @api private +# +# @summary Ensure audit configuration files are 640 or more restrictive +# +class secure_linux_cis::rules::ensure_audit_configuration_files_are_640_or_more_restrictive { + exec { 'Ensure audit configuration files are 640 or more restrictive': + command => 'find /etc/audit/ -type f \( -name "*.conf" -o -name "*.rules" \) -exec chmod u-x,g-wx,o-rwx {} +', + unless => 'test -z `find /etc/audit/ -type f \( -name "*.conf" -o -name "*.rules" \) -exec stat -Lc "%n %a" {} + | grep -Pv -- \'^\h*\H+\h*([0,2,4,6][0,4]0)\h*$\' | grep -Pv -- \'^\h*\H+\h+([0,2,4,6][0,4]0)\'`', + path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin'], + } +} diff --git a/manifests/rules/ensure_audit_log_files_are_mode_0640_or_less_permissive.pp b/manifests/rules/ensure_audit_log_files_are_mode_0640_or_less_permissive.pp new file mode 100644 index 00000000..0343281e --- /dev/null +++ b/manifests/rules/ensure_audit_log_files_are_mode_0640_or_less_permissive.pp @@ -0,0 +1,11 @@ +# @api private +# +# @summary Ensure audit log files are mode 0640 or less permissive +# +class secure_linux_cis::rules::ensure_audit_log_files_are_mode_0640_or_less_permissive { + exec { 'Ensure audit log files are mode 0640 or less permissive': + command => 'find $(dirname $(awk -F"=" \'/^\s*log_file/ {print $2}\' /etc/audit/auditd.conf | xargs)) -type f \( ! -perm 600 -a ! -perm 0400 -a ! -perm 0200 -a ! -perm 0000 -a ! -perm 0640 -a ! -perm 0440 -a ! -perm 0040 \) -exec chmod u-x,g-wx,o-rwx {} +', + unless => 'test -z `stat -Lc "%n %#a" "$(dirname $(awk -F"=" \'/^\s*log_file\s*=\s*/ {print $2}\' /etc/audit/auditd.conf | xargs))"/* | grep -Pv \'^\h*\H+\h+(0600|0400|0200|0000|0640|0440|0040)\b\'`', + path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin'], + } +} diff --git a/manifests/rules/ensure_audit_tools_are_755_or_more_restrictive.pp b/manifests/rules/ensure_audit_tools_are_755_or_more_restrictive.pp new file mode 100644 index 00000000..b2428900 --- /dev/null +++ b/manifests/rules/ensure_audit_tools_are_755_or_more_restrictive.pp @@ -0,0 +1,11 @@ +# @api private +# +# @summary Ensure audit tools are 755 or more restrictive +# +class secure_linux_cis::rules::ensure_audit_tools_are_755_or_more_restrictive { + exec { 'Ensure audit tools are 755 or more restrictive': + command => 'chmod go-w /sbin/auditctl /sbin/aureport /sbin/ausearch /sbin/autrace /sbin/auditd /sbin/augenrules', + unless => 'test -z `stat -c "%n %a" /sbin/auditctl /sbin/aureport /sbin/ausearch /sbin/autrace /sbin/auditd /sbin/augenrules | grep -Pv -- \'^\h*\H+\h+([0-7][0,1,4,5][0,1,4,5])\h*$\'`', + path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin'], + } +} diff --git a/manifests/rules/ensure_auditing_for_processes_that_start_prior_to_auditd_is_enabled.pp b/manifests/rules/ensure_auditing_for_processes_that_start_prior_to_auditd_is_enabled.pp index 8dc8881f..97cea020 100644 --- a/manifests/rules/ensure_auditing_for_processes_that_start_prior_to_auditd_is_enabled.pp +++ b/manifests/rules/ensure_auditing_for_processes_that_start_prior_to_auditd_is_enabled.pp @@ -7,7 +7,7 @@ ~> Class['secure_linux_cis'] exec { 'Ensure auditing for processes that start prior to auditd is enabled': command => "/usr/sbin/grubby --update-kernel ALL --args 'audit=1'", #lint:ignore:140chars - unless => "/usr/bin/find /boot -type f -name 'grubenv' -exec grep -P 'kernelopts=([^#\n\r]+\h+)?(audit=1)' {} \;", #lint:ignore:140chars + unless => "/usr/bin/find /boot -type f -name 'grubenv' -exec grep -P 'kernelopts=([^#\\n\\r]+\\h+)?(audit=1)' {} \\;", #lint:ignore:140chars logoutput => true, } } diff --git a/manifests/rules/ensure_authselect_includes_with_faillock.pp b/manifests/rules/ensure_authselect_includes_with_faillock.pp index ab19b6c7..86912a03 100644 --- a/manifests/rules/ensure_authselect_includes_with_faillock.pp +++ b/manifests/rules/ensure_authselect_includes_with_faillock.pp @@ -3,4 +3,9 @@ # @summary Ensure authselect includes with-faillock # class secure_linux_cis::rules::ensure_authselect_includes_with_faillock { + exec { 'Ensure authselect includes with-faillock': + command => "/usr/share/cis_scripts/ensure_authselect_includes_with_faillock.sh", + unless => "/usr/bin/grep -q pam_faillock.so /etc/pam.d/password-auth /etc/pam.d/system-auth", + logoutput => true, + } } diff --git a/manifests/rules/ensure_automatic_mounting_of_removable_media_is_disabled.pp b/manifests/rules/ensure_automatic_mounting_of_removable_media_is_disabled.pp index 010ab587..6971fd9a 100644 --- a/manifests/rules/ensure_automatic_mounting_of_removable_media_is_disabled.pp +++ b/manifests/rules/ensure_automatic_mounting_of_removable_media_is_disabled.pp @@ -9,13 +9,16 @@ automount-open=false | SYSTEMAUDITRULES + file { '/etc/dconf/db/local.d/': + ensure => directory, + }-> file { '/etc/dconf/db/local.d/00-media-automount': ensure => file, content => $system_audit_rules, } ~> exec { 'reload mount options': refreshonly => true, - command => 'dconf update', + command => 'dconf update && true', path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin'], } } diff --git a/manifests/rules/ensure_cryptographic_mechanisms_are_used_to_protect_the_integrity_of_audit_tools.pp b/manifests/rules/ensure_cryptographic_mechanisms_are_used_to_protect_the_integrity_of_audit_tools.pp index 89193f93..fffb3576 100644 --- a/manifests/rules/ensure_cryptographic_mechanisms_are_used_to_protect_the_integrity_of_audit_tools.pp +++ b/manifests/rules/ensure_cryptographic_mechanisms_are_used_to_protect_the_integrity_of_audit_tools.pp @@ -13,8 +13,18 @@ /sbin/augenrules p+i+n+u+g+s+b+acl+xattrs+sha512 | SYSTEMAUDITRULES - file { '/etc/aide/aide.conf.d/00-cryptographic-mechanisms.conf': - ensure => file, - content => $system_audit_rules, + if find_file('/etc/aide') { + + file { '/etc/aide/aide.conf.d': + ensure => directory, + recurse => false, + owner => 'root', + group => 'root', + } + + file { '/etc/aide/aide.conf.d/00-cryptographic-mechanisms.conf': + ensure => file, + content => $system_audit_rules, + } } } diff --git a/manifests/rules/ensure_default_user_shell_timeout_is_900_seconds_or_less.pp b/manifests/rules/ensure_default_user_shell_timeout_is_900_seconds_or_less.pp new file mode 100644 index 00000000..5b0b2a55 --- /dev/null +++ b/manifests/rules/ensure_default_user_shell_timeout_is_900_seconds_or_less.pp @@ -0,0 +1,10 @@ +# @api private +# +# @summary Ensure default user shell timeout is 900 seconds or less +# +class secure_linux_cis::rules::ensure_default_user_shell_timeout_is_900_seconds_or_less { + exec { "Ensure default user shell timeout is 900 seconds or less": + command => "/usr/share/cis_scripts/ensure_default_user_shell_timeout_is_900_seconds_or_less.sh", + logoutput => true, + } +} diff --git a/manifests/rules/ensure_default_user_umask_is_027_or_more_restrictive.pp b/manifests/rules/ensure_default_user_umask_is_027_or_more_restrictive.pp new file mode 100644 index 00000000..7e48ef45 --- /dev/null +++ b/manifests/rules/ensure_default_user_umask_is_027_or_more_restrictive.pp @@ -0,0 +1,10 @@ +# @api private +# +# @summary Ensure default user umask is 027 or more restrictive +# +class secure_linux_cis::rules::ensure_default_user_umask_is_027_or_more_restrictive { + exec { "Ensure default user umask is 027 or more restrictive": + command => "/usr/share/cis_scripts/ensure_default_user_umask_is_027_or_more_restrictive.sh", + logoutput => true, + } +} diff --git a/manifests/rules/ensure_dnsmasq_is_not_installed.pp b/manifests/rules/ensure_dnsmasq_is_not_installed.pp new file mode 100644 index 00000000..c8d547ba --- /dev/null +++ b/manifests/rules/ensure_dnsmasq_is_not_installed.pp @@ -0,0 +1,9 @@ +# @api private +# +# @summary Ensure dnsmasq is not installed +# +class secure_linux_cis::rules::ensure_dnsmasq_is_not_installed { + package { 'dnsmasq': + ensure => absent, + } +} diff --git a/manifests/rules/ensure_host_based_firewall_loopback_traffic_is_configured.pp b/manifests/rules/ensure_host_based_firewall_loopback_traffic_is_configured.pp new file mode 100644 index 00000000..de9e23d7 --- /dev/null +++ b/manifests/rules/ensure_host_based_firewall_loopback_traffic_is_configured.pp @@ -0,0 +1,10 @@ +# @api private +# +# @summary Ensure host based firewall loopback traffic is configured +# +class secure_linux_cis::rules::ensure_host_based_firewall_loopback_traffic_is_configured { + exec { "Ensure host based firewall loopback traffic is configured": + command => "/usr/share/cis_scripts/ensure_host_based_firewall_loopback_traffic_is_configured.sh", + logoutput => true, + } +} diff --git a/manifests/rules/ensure_local_interactive_user_home_directories_are_mode_750_or_more_restrictive.pp b/manifests/rules/ensure_local_interactive_user_home_directories_are_mode_750_or_more_restrictive.pp new file mode 100644 index 00000000..983f78b8 --- /dev/null +++ b/manifests/rules/ensure_local_interactive_user_home_directories_are_mode_750_or_more_restrictive.pp @@ -0,0 +1,10 @@ +# @api private +# +# @summary Ensure local interactive user home directories are mode 750 or more restrictive +# +class secure_linux_cis::rules::ensure_local_interactive_user_home_directories_are_mode_750_or_more_restrictive { + exec { "Ensure local interactive user home directories are mode 750 or more restrictive": + command => "/usr/share/cis_scripts/ensure_local_interactive_user_home_directories_are_mode_750_or_more_restrictive.sh", + logoutput => true, + } +} diff --git a/manifests/rules/ensure_no_legacy_entries_exist_in_etc_group.pp b/manifests/rules/ensure_no_legacy_entries_exist_in_etc_group.pp index e187dbeb..3cdfe850 100644 --- a/manifests/rules/ensure_no_legacy_entries_exist_in_etc_group.pp +++ b/manifests/rules/ensure_no_legacy_entries_exist_in_etc_group.pp @@ -9,7 +9,7 @@ if $facts[ 'plus_group' ] { notify { 'pg': message => 'Not in compliance with CIS (Scored). You have "+" entries in /etc/group. Check the plus_group fact for details',#lint:ignore:140chars - schedule => 'harden_schedule', + #schedule => 'harden_schedule', loglevel => 'warning', } } diff --git a/manifests/rules/ensure_no_legacy_entries_exist_in_etc_shadow.pp b/manifests/rules/ensure_no_legacy_entries_exist_in_etc_shadow.pp index d03a1319..adc3386c 100644 --- a/manifests/rules/ensure_no_legacy_entries_exist_in_etc_shadow.pp +++ b/manifests/rules/ensure_no_legacy_entries_exist_in_etc_shadow.pp @@ -8,7 +8,7 @@ if $facts[ 'plus_shadow' ] { notify { 'ps': message => 'Not in compliance with CIS (Scored). You have "+" entries in /etc/shadow. Check the plus_shadow fact for details', #lint:ignore:140chars - schedule => 'harden_schedule', + #schedule => 'harden_schedule', loglevel => 'warning', } } diff --git a/manifests/rules/ensure_password_hashing_algorithm_is_sha_512_or_yescrypt.pp b/manifests/rules/ensure_password_hashing_algorithm_is_sha_512_or_yescrypt.pp new file mode 100644 index 00000000..6698796b --- /dev/null +++ b/manifests/rules/ensure_password_hashing_algorithm_is_sha_512_or_yescrypt.pp @@ -0,0 +1,26 @@ +# @api private +# +# @summary Ensure password hashing algorithm is SHA-512 or yescrypt +# +class secure_linux_cis::rules::ensure_password_hashing_algorithm_is_sha_512_or_yescrypt ( + String $crypt_style_login_defs = 'SHA512', + String $encrypt_method_libuser_conf = 'sha512', + +) { + file_line { 'Ensure ENCRYPT_METHOD set properly': + path => '/etc/login.defs', + match => '^\s*ENCRYPT_METHOD\s+', + line => "ENCRYPT_METHOD $crypt_style_login_defs", + } + file_line { 'ensure crypt_style is set to sha512 in /etc/libuser.conf': + ensure => present, + path => '/etc/libuser.conf', + match => '^\s*crypt_style\s*=', + line => "crypt_style = $encrypt_method_libuser_conf", + multiple => true, + } + exec { "Ensure password hashing algorithm is SHA-512 or yescrypt": + command => "/usr/share/cis_scripts/ensure_password_hashing_algorithm_is_sha_512_or_yescrypt.sh", + logoutput => true, + } +} diff --git a/manifests/rules/ensure_permissions_on_etc_cron_weekly_are_configured.pp b/manifests/rules/ensure_permissions_on_etc_cron_weekly_are_configured.pp index d941ec34..e93b7e1a 100644 --- a/manifests/rules/ensure_permissions_on_etc_cron_weekly_are_configured.pp +++ b/manifests/rules/ensure_permissions_on_etc_cron_weekly_are_configured.pp @@ -5,7 +5,7 @@ class secure_linux_cis::rules::ensure_permissions_on_etc_cron_weekly_are_configured { file { '/etc/cron.weekly': ensure => directory, - schedule => 'harden_schedule', + #schedule => 'harden_schedule', group => 'root', owner => 'root', mode => 'og-rwx', diff --git a/manifests/rules/ensure_permissions_on_etc_gshadow__are_configured.pp b/manifests/rules/ensure_permissions_on_etc_gshadow__are_configured.pp index e55dca7a..a22ec069 100644 --- a/manifests/rules/ensure_permissions_on_etc_gshadow__are_configured.pp +++ b/manifests/rules/ensure_permissions_on_etc_gshadow__are_configured.pp @@ -15,7 +15,7 @@ 'RedHat': { file { '/etc/gshadow-': ensure => file, - schedule => 'harden_schedule', + #schedule => 'harden_schedule', owner => 'root', group => 'root', mode => '0000', @@ -24,7 +24,7 @@ 'Debian': { file { '/etc/gshadow-': ensure => file, - schedule => 'harden_schedule', + #schedule => 'harden_schedule', owner => 'root', group => 'shadow', mode => '0640', diff --git a/manifests/rules/ensure_re_authentication_for_privilege_escalation_is_not_disabled_globally.pp b/manifests/rules/ensure_re_authentication_for_privilege_escalation_is_not_disabled_globally.pp index 12e0f900..f57301d9 100644 --- a/manifests/rules/ensure_re_authentication_for_privilege_escalation_is_not_disabled_globally.pp +++ b/manifests/rules/ensure_re_authentication_for_privilege_escalation_is_not_disabled_globally.pp @@ -1,7 +1,12 @@ # @api private # -# @summary Ensure re-authentication for privilege escalation is not disabled globally +# @summary Ensure re-authentication for privilege escalation is not disabled globally # class secure_linux_cis::rules::ensure_re_authentication_for_privilege_escalation_is_not_disabled_globally { - # TODO + exec { 'Ensure re-authentication for privilege escalation is not disabled globally': + command => "/usr/bin/grep -rl '^[^#].*\\!authenticate' /etc/sudoers /etc/sudoers.d/ | xargs sed -ri '/^#/! s/(\\s+)\\!authenticate/\\1authenticate/g'", + onlyif => "/usr/bin/grep -rq '^[^#].*\\!authenticate' /etc/sudoers /etc/sudoers.d/", + logoutput => true, + } + } diff --git a/manifests/rules/ensure_root_is_the_only_uid_0_account.pp b/manifests/rules/ensure_root_is_the_only_uid_0_account.pp new file mode 100644 index 00000000..4ace7df9 --- /dev/null +++ b/manifests/rules/ensure_root_is_the_only_uid_0_account.pp @@ -0,0 +1,10 @@ +# @api private +# +# @summary Ensure root is the only UID 0 account +# +class secure_linux_cis::rules::ensure_root_is_the_only_uid_0_account { + exec { "Ensure root is the only UID 0 account": + command => "/usr/bin/sed -i '/^[^:]\\+:x:0:/{/^root:/!d}' /etc/passwd", + logoutput => true, + } +} diff --git a/manifests/rules/ensure_root_password_is_set.pp b/manifests/rules/ensure_root_password_is_set.pp new file mode 100644 index 00000000..43ac71be --- /dev/null +++ b/manifests/rules/ensure_root_password_is_set.pp @@ -0,0 +1,12 @@ +# @api private +# +# @summary Ensure root password is set +# +class secure_linux_cis::rules::ensure_root_password_is_set { + if $facts['root_password_empty'] { + notify { 'root_pass_emp': + message => 'Not in compliance with CIS (Scored). Root passwort is empty (check fact root_password_empty is set)', + loglevel => 'warning', + } + } +} diff --git a/manifests/rules/ensure_root_path_integrity.pp b/manifests/rules/ensure_root_path_integrity.pp index 77e02d35..7861dcf7 100644 --- a/manifests/rules/ensure_root_path_integrity.pp +++ b/manifests/rules/ensure_root_path_integrity.pp @@ -6,10 +6,16 @@ $root_path_dirs = split($facts['root_path'], /:/) $root_path_dirs.each | Stdlib::Absolutepath $path | { + exec { "check $path recursively": + path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin'], + command => "mkdir -p ${path}", + creates => $path, + } file { $path: ensure => directory, owner => 'root', mode => 'go-w', + recurse => true, } } } diff --git a/manifests/rules/ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client.pp b/manifests/rules/ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client.pp index dc65d86c..81646340 100644 --- a/manifests/rules/ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client.pp +++ b/manifests/rules/ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client.pp @@ -4,28 +4,32 @@ # class secure_linux_cis::rules::ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client { $facts['rsyslog_configuration_files'].each | String $path | { - file { "Remove ModLoad on ${path}": + file_line { "Remove ModLoad on ${path}": ensure => absent, path => $path, match => '^\s*$ModLoad\s+imtcp', + match_for_absence => true, } - file { "Remove InputTCPServerRun on ${path}": + file_line { "Remove InputTCPServerRun on ${path}": ensure => absent, path => $path, match => '^\s*$InputTCPServerRun', + match_for_absence => true, } - file { "Remove module imtcp load on ${path}": + file_line { "Remove module imtcp load on ${path}": ensure => absent, path => $path, match => '^\s*module(load="imtcp")', + match_for_absence => true, } - file { "Remove input imtcp on ${path}": + file_line { "Remove input imtcp on ${path}": ensure => absent, path => $path, match => '^\s*input(\s+type="imtcp"\s+port="514"\s+)', + match_for_absence => true, } } } diff --git a/manifests/rules/ensure_separate_partition_exists_for_dev_shm.pp b/manifests/rules/ensure_separate_partition_exists_for_dev_shm.pp new file mode 100644 index 00000000..d2ce879b --- /dev/null +++ b/manifests/rules/ensure_separate_partition_exists_for_dev_shm.pp @@ -0,0 +1,12 @@ +# @api private +# +# @summary Ensure separate partition exists for /home +# +class secure_linux_cis::rules::ensure_separate_partition_exists_for_dev_shm { + unless $facts['mountpoints']['/dev/shm'] { + notify { 'mdevshm': + message => 'Not in compliance with CIS 3 (Scored). There is not a seperate partition for /dev/shm', + loglevel => 'warning', + } + } +} diff --git a/manifests/rules/ensure_ssh_maxauthtries_is_set_to_4_or_less.pp b/manifests/rules/ensure_ssh_maxauthtries_is_set_to_4_or_less.pp new file mode 100644 index 00000000..fc24698d --- /dev/null +++ b/manifests/rules/ensure_ssh_maxauthtries_is_set_to_4_or_less.pp @@ -0,0 +1,25 @@ +# @api private +# +# @summary Ensure SSH MaxAuthTries is set to 4 or less +# +class secure_linux_cis::rules::ensure_ssh_maxauthtries_is_set_to_4_or_less { + include secure_linux_cis::sshd_service + + file_line { 'ensure ssh maxauthtries is set to 4 or less': + ensure => present, + path => '/etc/ssh/sshd_config', + line => 'MaxAuthTries 4', + match => '^MaxAuthTries\\s+([5-9]|[1-9][0-9]+)', + multiple => true, + notify => Class['secure_linux_cis::sshd_service'], + } + + file_line { 'ensure ssh maxauthtries is set to 4 or less on per-user basis': + ensure => present, + path => '/etc/ssh/sshd_config', + line => ' MaxAuthTries 4', + match => '^[\\s]+MaxAuthTries\\s+([5-9]|[1-9][0-9]+)', + multiple => true, + notify => Class['secure_linux_cis::sshd_service'], + } +} diff --git a/manifests/rules/ensure_ssh_maxsessions_is_set_to_10_or_less.pp b/manifests/rules/ensure_ssh_maxsessions_is_set_to_10_or_less.pp new file mode 100644 index 00000000..762f6fe0 --- /dev/null +++ b/manifests/rules/ensure_ssh_maxsessions_is_set_to_10_or_less.pp @@ -0,0 +1,25 @@ +# @api private +# +# @summary Ensure SSH MaxSessions is set to 10 or less +# +class secure_linux_cis::rules::ensure_ssh_maxsessions_is_set_to_10_or_less { + include secure_linux_cis::sshd_service + + file_line { 'ensure ssh maxsessions is set to 10 or less': + ensure => present, + path => '/etc/ssh/sshd_config', + line => 'MaxSessions 10', + match => '^MaxSessions\\s+(1[1-9]|[2-9][0-9]|[1-9][0-9][0-9]+)', + multiple => true, + notify => Class['secure_linux_cis::sshd_service'], + } + + file_line { 'ensure ssh maxsessions is set to 10 or less on per-user basis': + ensure => present, + path => '/etc/ssh/sshd_config', + line => ' MaxSessions 10', + match => '^[\\s]+MaxSessions\\s+(1[1-9]|[2-9][0-9]|[1-9][0-9][0-9]+)', + multiple => true, + notify => Class['secure_linux_cis::sshd_service'], + } +} diff --git a/manifests/rules/ensure_ssh_x11_forwarding_is_disabled.pp b/manifests/rules/ensure_ssh_x11_forwarding_is_disabled.pp new file mode 100644 index 00000000..77652f9d --- /dev/null +++ b/manifests/rules/ensure_ssh_x11_forwarding_is_disabled.pp @@ -0,0 +1,25 @@ +# @api private +# +# @summary Ensure SSH X11 forwarding is disabled +# +class secure_linux_cis::rules::ensure_ssh_x11_forwarding_is_disabled { + include secure_linux_cis::sshd_service + + file_line { 'ensure ssh x11 forwarding is disabled': + ensure => present, + path => '/etc/ssh/sshd_config', + line => 'X11Forwarding no', + match => '^X11Forwarding', + multiple => true, + notify => Class['secure_linux_cis::sshd_service'], + } + + file_line { 'ensure ssh x11 forwarding is disabled on per-user basis': + ensure => present, + path => '/etc/ssh/sshd_config', + line => ' X11Forwarding no', + match => '^[\\s]+X11Forwarding', + multiple => true, + notify => Class['secure_linux_cis::sshd_service'], + } +} diff --git a/manifests/rules/ensure_sudo_authentication_timeout_is_configured_correctly.pp b/manifests/rules/ensure_sudo_authentication_timeout_is_configured_correctly.pp index 2eea3fe2..1b6b90dd 100644 --- a/manifests/rules/ensure_sudo_authentication_timeout_is_configured_correctly.pp +++ b/manifests/rules/ensure_sudo_authentication_timeout_is_configured_correctly.pp @@ -1,7 +1,12 @@ # @api private # -# @summary Ensure sudo authentication timeout is configured correctly +# @summary Ensure sudo authentication timeout is configured correctly # class secure_linux_cis::rules::ensure_sudo_authentication_timeout_is_configured_correctly { - # TODO + exec { 'Ensure sudo authentication timeout is configured correctly': + command => "/usr/bin/grep -rl '^[^#].*NOPASSWD:' /etc/sudoers /etc/sudoers.d/ | xargs sed -ri '/^#/! s/(\\s+)NOPASSWD:/\\1PASSWD:/g'", + onlyif => "/usr/bin/grep -rq '^[^#].*NOPASSWD:' /etc/sudoers /etc/sudoers.d/", + logoutput => true, + } + } diff --git a/manifests/rules/ensure_system_wide_crypto_policy_is_not_over_ridden.pp b/manifests/rules/ensure_system_wide_crypto_policy_is_not_over_ridden.pp index 1fac75c1..9c9c5b90 100644 --- a/manifests/rules/ensure_system_wide_crypto_policy_is_not_over_ridden.pp +++ b/manifests/rules/ensure_system_wide_crypto_policy_is_not_over_ridden.pp @@ -3,7 +3,7 @@ # @summary Ensure system-wide crypto policy is not over-ridden # class secure_linux_cis::rules::ensure_system_wide_crypto_policy_is_not_over_ridden { - unless $facts['crypto_policy_sshd'] { - warning('System-wide Crypto policy for sshd over-ridden.') + if $facts['crypto_policy_sshd'] { + alert('System-wide Crypto policy for sshd over-ridden. This is not CIS compliant (Scored)') } } diff --git a/manifests/rules/ensure_the_audit_log_directory_is_0750_or_more_restrictive.pp b/manifests/rules/ensure_the_audit_log_directory_is_0750_or_more_restrictive.pp new file mode 100644 index 00000000..0f7192df --- /dev/null +++ b/manifests/rules/ensure_the_audit_log_directory_is_0750_or_more_restrictive.pp @@ -0,0 +1,11 @@ +# @api private +# +# @summary Ensure the audit log directory is 0750 or more restrictive +# +class secure_linux_cis::rules::ensure_the_audit_log_directory_is_0750_or_more_restrictive { + exec { 'Ensure the audit log directory is 0750 or more restrictive': + command => 'chmod g-w,o-rwx "$(dirname $( awk -F"=" \'/^\s*log_file\s*=\s*/ {print $2}\' /etc/audit/auditd.conf))"', + unless => 'test -z `stat -Lc "%n %a" "$(dirname $( awk -F"=" \'/^\s*log_file\s*=\s*/ {print $2}\' /etc/audit/auditd.conf))" | grep -Pv -- \'^\h*\H+\h+([0,5,7][0,5]0)\'`', + path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin'], + } +} diff --git a/manifests/rules/ensure_users_must_provide_password_for_escalation.pp b/manifests/rules/ensure_users_must_provide_password_for_escalation.pp index 6bb48fda..072d3939 100644 --- a/manifests/rules/ensure_users_must_provide_password_for_escalation.pp +++ b/manifests/rules/ensure_users_must_provide_password_for_escalation.pp @@ -3,5 +3,10 @@ # @summary Ensure users must provide password for escalation # class secure_linux_cis::rules::ensure_users_must_provide_password_for_escalation { - # TODO + exec { 'Ensure users must provide password for escalation': + command => "/usr/bin/grep -rl '^[^#].*NOPASSWD:' /etc/sudoers /etc/sudoers.d/ | xargs sed -ri '/^#/! s/(\\s+)NOPASSWD:/\\1PASSWD:/g'", + onlyif => "/usr/bin/grep -rq '^[^#].*NOPASSWD:' /etc/sudoers /etc/sudoers.d/", + logoutput => true, + } + } diff --git a/manifests/rules/ensure_xdmcp_is_not_enabled.pp b/manifests/rules/ensure_xdmcp_is_not_enabled.pp index 944a5575..20767acd 100644 --- a/manifests/rules/ensure_xdmcp_is_not_enabled.pp +++ b/manifests/rules/ensure_xdmcp_is_not_enabled.pp @@ -3,6 +3,10 @@ # @summary Ensure XDMCP is not enabled # class secure_linux_cis::rules::ensure_xdmcp_is_not_enabled { + + file { '/etc/gdm': + ensure => directory, + }-> file { '/etc/gdm/custom.conf': ensure => file, } diff --git a/manifests/rules/ensure_xorg_x11_server_common_is_not_installed.pp b/manifests/rules/ensure_xorg_x11_server_common_is_not_installed.pp new file mode 100644 index 00000000..7abde664 --- /dev/null +++ b/manifests/rules/ensure_xorg_x11_server_common_is_not_installed.pp @@ -0,0 +1,10 @@ +# @api private +# +# @summary Ensure xorg-x11-server-common is not installed +# +class secure_linux_cis::rules::ensure_xorg_x11_server_common_is_not_installed { + package { 'xorg-x11-server-common': + ensure => absent, + } +} +