Configure rules that rely on site-specific information
Some Center for Internet Security (CIS) rules require information that is specific to a customer site. You can use Puppet Bolt tasks to configure these rules. For more information about Puppet Bolt, see Welcome to Puppet Bolt.
By using Puppet Enterprise (PE), you can run Puppet Bolt tasks and plans to audit or configure specific parts of a node. To run Puppet Bolt tasks, open the PE console and select the Tasks menu. Then, select cem_linux.
You can also use open source Puppet to run Puppet Bolt tasks and plans. If you are using open source
Puppet, run Puppet Bolt
tasks from the command line:
- Install Puppet Development Kit (PDK) and Bolt.
- In the root of the CEM directory, run
the
pdk bundle exec rake 'spec_prep'command. This command downloads the required dependencies as RSpec fixtures, and then creates a symbolic link from the module directory to the fixtures directory. - Run the tasks on one or more hosts. For example:
You must add thebolt task run comply_enforcement_module::audit_unowned_files_and_directories -t $nodefqdn --modulepath spec/fixtures/modules--modulepath spec/fixtures/modulesoption to Puppet Bolt commands. Otherwise, Puppet Bolt is not able to find the tasks and plans.