How does puppet check plugin version?

asked 2018-02-13 02:41:49 -0600

JParedis gravatar image

One (or more?) Linux machines sends on regular basis (multiple per day) 7.5MB files to several IP's in the 151.101.0.0/16 range. This belongs to FASTLY. The files are encrypted (SSL/TLSv1.2).

I have been told that the reason behind is it puppet, which checks this way if he's running the latest version of specific monitoring plugin(s).

As CISO, I have trouble believing this. The size of the files, the destination, the frequency, the lack of finding anything on puppet's info indicating such process, ...

Would appreciate if anybody with good puppet (plugin) knowledge can provide me information if version checks are done this way.

Thx in advance.

edit retag flag offensive close merge delete

Comments

we can't answer you unless we know more about which modules you are using... however, I DO know that the staging module make some assumptions about tar files, and if you don't follow the convention directly, it will redownload and 'stage' the file every single puppet run, and then compare ...

DarylW gravatar imageDarylW ( 2018-02-13 10:50:27 -0600 )edit

.. the file it staged to the file/directory that it is intended to be extracted to, and in those cases it will simply no-op the extraction because the file matches.

DarylW gravatar imageDarylW ( 2018-02-13 10:51:12 -0600 )edit

rereading what you are doing, I realize that you did mention about things going out to fastly... I do not have any direct experience with that, but if some of those machines use a fastly agent (regardless of puppet), it probably is configured to phone home with data

DarylW gravatar imageDarylW ( 2018-02-13 10:53:13 -0600 )edit

If you have additional information about the specific plugin that they have mentioned, we could potentially shed some light on it

DarylW gravatar imageDarylW ( 2018-02-13 10:54:43 -0600 )edit