Forge Home


This puppet module configures foreman_scap_client.


10,765 latest version

5.0 quality score

Version information

  • 0.4.0 (latest)
  • 0.3.23
  • 0.3.22
  • 0.3.21
  • 0.3.20
  • 0.3.19
  • 0.3.18
  • 0.3.16
  • 0.3.15
  • 0.3.14
  • 0.3.13
  • 0.3.12 (deleted)
  • 0.3.11
  • 0.3.10
  • 0.3.9
released Mar 2nd 2020
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x
  • Puppet >= 5.5.8 < 7.0.0
  • , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'theforeman-foreman_scap_client', '0.4.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add theforeman-foreman_scap_client
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install theforeman-foreman_scap_client --version 0.4.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



theforeman/foreman_scap_client — version 0.4.0 Mar 2nd 2020

Foreman SCAP client Puppet Module

Foreman SCAP client Puppet Module configures foreman_scap_client to run scans and upload results to foreman proxy.


This puppet module will automatically install foreman_scap_client (if not installed) and will configure /etc/foreman_scap_client/config.yaml with parameters which are needed for the operation of foreman_scap_client.


  • 'server': configures the proxy server
  • 'port': configures the proxy server's port
  • 'ca_file': path to file of certification authority that issued client's certificate
  • 'host_certificate': path to host certificate, may be puppet agent certificate or katello certificate
  • 'host_private_key': path to host private key, may be puppet agent private key or katello private key
  • 'policies': Array of policies that should be configured
  • 'foreman_repo_rel': add / manage foreman-plugins yum repo and set to release version. Eg '1.14'
  • 'foreman_repo_key': RPM Key source file for foreman-plugins repo. Note: Currently, packages are not signed. Unless set to an alternative file source, URL will be used.
  • 'foreman_repo_src': Alternative baseurl for The Foreman plugins repository
  • 'foreman_repo_gpg_chk': Enable / disable GPG checks. Directly passed to Yumrepo resource
  • 'install_options': Additional options for client package installation
  • 'cron_template': Path to cron template
  • 'cron_splay': Upper limit for splay time when sending reports to proxy
  • 'fetch_remote_resources': Whether client should fetch referenced resources that are remote
  • 'http_proxy_server': HTTP proxy server
  • 'http_proxy_port': HTTP proxy port

For detailed info on the parameters see documentation on manifests/init.pp & manifests/params.pp

Sample Usage

The following example ensures that every week an SCAP audit is executed and the results are sent to proxy at The example will automatically attempt to install foreman_scap_client on the system. If you do not wish to use your tailoring file with policy, just pass empty string to "tailoring_path".

class { foreman_scap_client:
  server           => '',
  port             => '8443',
  foreman_repo_rel => '1.14',
  foreman_repo_key => '/net/share/foreman-gpg-rpm-key',
  policies         => [{
    "id"                      => 1,
    "hour"                    => "12",
    "minute"                  => "1",
    "month"                   => "*",
    "monthday"                => "*",
    "weekday"                 => "1",
    "profile_id"              => '',
    "content_path"            => '/usr/share/xml/scap/ssg/fedora/ssg-fedora-ds.xml',
    "download_path"           => '/compliance/policies/1/content',
    "tailoring_path"          => '/var/lib/openacap/ssg-fedora-ds-tailored.xml',
    "tailoring_download_path" => "/compliance/policies/1/tailoring"

Usage with foreman_openscap

When using this module together with foreman_openscap, no further configuration should be necessary as values are by Foreman's ENC. However, verify the values for server, port and policies after importing the class; the policies should be <%= @host.policies_enc %>

Releasing on puppet forge

We use project blacksmith to do the release. All you need to do is configuring theforeman credentials in ~/.puppetforge.yml and then call release task from upstream repo like this

bundle exec rake strings:generate:reference
bundle exec rake module:release