Configure rules that rely on site-specific information
Some Center for Internet Security (CIS) rules require information that is specific to a customer site. You can use Puppet Bolt tasks to configure these rules. For more information about Puppet Bolt, see Welcome to Puppet Bolt.
By using Puppet Enterprise (PE), you can run Puppet Bolt tasks and plans to audit or configure specific parts of a node. To run Puppet Bolt tasks, open the PE console and select the Tasks menu. Then, select cem_linux.
- Install Puppet Development Kit (PDK) and Bolt.
- In the root of the CEM directory, run
pdk bundle exec rake 'spec_prep'command. This command downloads the required dependencies as RSpec fixtures, and then creates a symbolic link from the module directory to the fixtures directory.
- Run the tasks on one or more hosts. For example:
You must add the
bolt task run comply_enforcement_module::audit_unowned_files_and_directories -t $nodefqdn --modulepath spec/fixtures/modules
--modulepath spec/fixtures/modulesoption to Puppet Bolt commands. Otherwise, Puppet Bolt is not able to find the tasks and plans.