Advanced configuration example
Building on the basic configuration example, the advanced configuration example customizes the Advanced Intrusion Detection Environment (AIDE) configuration file in Hiera.
- Add the following code to the node's Hiera
file:
# control-repo/data/nodes/<node name>.yaml cem_linux::benchmark: 'cis' cem_linux::config: profile: 'server' level: '1' only: - 'ensure_aide_is_installed' - 'ensure_filesystem_integrity_is_regularly_checked' control_configs: ensure_aide_is_installed: conf_rules: - 'PERMS = p+u+g+acl+xattrs' - 'CONTENT_EX = sha256+ftype+p+u+g+n+acl+xattrs' conf_checks: - '/root/\..* PERMS' - '/root/ CONTENT_EX'
- Classify the node with the
cem_linux
class. - Run Puppet.
- Run the Puppet Bolt task that is specified in the
debug
log.
The AIDE configuration file now reflects the changes in Hiera.