Ask Your Question

Puppet for hardening hosts

asked 2013-02-05 13:34:26 -0500

davecoronel gravatar image

updated 2013-02-05 22:09:24 -0500

Hi. We are a Linux place and we recently purchased a new Solaris server. I was in the process of writing a shell script to do our hardening steps but I figured this would be a good time to implement Puppet in our environment.

So I want to use Puppet to do my Solaris hardening instead of running a post-install script. Is there something out there that I can base myself on to start this? This will be my first use of Puppet.

Also, I went through the Learning Puppet lessons with the learning VM. Now I want to start ... (more)

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted

answered 2013-02-06 08:05:30 -0500

This link may provide some good information:

RHEL 5 Puppet Module from NIST / USGCB

It is a sample definition catalog for hardening Red Hat Enterprise Linux 5. While Red Hat is not identical to Solaris, this bundle should give you some ideas. I started from this bundle to harden systems for a federal customer (non-DoD). I used some, but not all, of the concepts and rewrote several.

Approaching the answer from another direction: Does your work environment have a documented hardening guideline ? Mine does. I was able to walk down the document and account for everything in some module of ... (more)

edit flag offensive delete link more


Thank you! This is exactly what I was looking for. A good base to start with the make my custom modules. Thank you!

davecoronel gravatar imagedavecoronel ( 2013-02-06 13:51:59 -0500 )edit

answered 2013-02-05 13:44:42 -0500

llowder gravatar image

updated 2013-02-05 23:21:37 -0500

Use the Forge where possible.

I would also closely read the following articles, to help you lay out and plan your modules in the least painful and easiest to maintain ways:

I don't know if there are other guides specifically for using puppet to harden a server, but that is basically just a specific state, and state management is what puppet is really good at, so this should just be a matter of finding/tweaking/building the correct modules for the software packages ... (more)

edit flag offensive delete link more


Thanks. I read the module fundamentals. I just updated my question. Can you take a look?

davecoronel gravatar imagedavecoronel ( 2013-02-05 22:10:01 -0500 )edit

I gave the update a read, and expanded my answer. There are other ways (such as one manifest per file, but my answer reflects how I would do it based ...(more)

llowder gravatar imagellowder ( 2013-02-05 23:22:41 -0500 )edit

answered 2014-09-23 06:23:53 -0500

Look also at and other same author modules

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2013-02-05 13:34:26 -0500

Seen: 1,848 times

Last updated: Feb 06 '13