Forge Home
Premium module

cem_linux

Compliance Enforcement Module for Linux

2,816 downloads

22 latest version

Version information

  • 1.4.2 (latest)
  • 1.4.1
  • 1.4.0
  • 1.3.2
  • 1.3.1
  • 1.3.0
  • 1.2.0
  • 1.1.4
  • 1.1.3
  • 1.1.2
  • 1.1.1
  • 1.1.0
  • 1.0.0
released Nov 8th 2022
This version is compatible with:
  • Puppet Enterprise 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.23.0 < 8.0.0
  • ,
Tasks:
  • audit_authselect
  • audit_boot
  • audit_check_ipv6
  • audit_client_dns
  • audit_duplicate_gid
  • audit_duplicate_group_names
  • audit_duplicate_uid
  • and 38 more. See all tasks

Documentation

puppetlabs/cem_linux — version 1.4.2 Nov 8th 2022

What are tasks?

Modules can contain tasks that take action outside of a desired state managed by Puppet. It’s perfect for troubleshooting or deploying one-off changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment.

Tasks in this module release

audit_authselect

Audit authselect profile for RHEL8 and CentOS8

audit_boot

Audit if the system is configured to boot to the command line or to the graphical user interface.

audit_check_ipv6

Audit IPV6 for RHEL8

audit_client_dns

Audit DNS servers configured in /etc/resolv.conf

audit_duplicate_gid

Finds and returns duplicate GIDs in /etc/group

audit_duplicate_group_names

Finds and returns duplicate group names in /etc/group.

audit_duplicate_uid

Finds duplicate UIDs in /etc/passwd and returns the UID and all users that use it

audit_duplicate_user_names

Finds and returns duplicate user names in /etc/passwd.

audit_etcpasswd_groups

Finds groups that exist in /etc/passwd but do not exist in /etc/group

audit_firewalld_config

Returns the results of firewall-cmd --list-all

audit_pkcs11_eventmgr

This task will report on whether the screen is locked or not when using smart card.

audit_pw_change_date

Returns the last password change date for all users

audit_selinux_user_roles

Returns the output of 'semanage user -l' on the target system

audit_sgid_executables

A short description of this task

audit_shadow_group

Finds and returns any users in the shadow group

audit_sshd_installation

Verify if sshd is installed

audit_sshd_status

Report sshd status

audit_sudo_authentication_timeout

Return the sudo authentication timeout in minutes

audit_sudo_nopasswd

Return instances of NOPASSWD: in sudo configuration files.

audit_sudo_re_authentication

Returns a list of any ungrouped sudo configuration entries that contain !authenticate.

audit_suid_executables

Returns a list of SUID executable files

audit_system_device_files

Audit system device files are correctly labeled

audit_system_file_permissions

This task audits system file permissions against their defaults

audit_system_files_and_commands

Audits system files and commands to ensure the cryptographic hashes match the vendor's published values.

audit_unconfined_services

Returns a list of all unconfined services

audit_ungrouped_files_and_directories

Returns a list of any unowned files and directories

audit_unowned_files_and_directories

Returns a list of any unowned files and directories

audit_world_writable_directories

Returns a list of any world-writable directories not owned by a service account

audit_world_writable_directories_gid

Audit world writable directories based on GID