Configure rules that rely on site-specific information
Some Center for Internet Security (CIS) rules require information that is specific to a customer site. You can use Bolt tasks to configure these rules.
By using Puppet Enterprise (PE), you can run Bolt tasks and plans to audit or configure specific parts of a node. To run Bolt tasks, open the PE console and select the Tasks menu. Then, select cem_linux.
You can also run Bolt tasks from the command line:
- Install Puppet Development Kit (PDK) and Bolt.
- In the root of the CEM directory, run
the
pdk bundle exec rake 'spec_prep'
command. This command downloads the required dependencies as RSpec fixtures, and then creates a symbolic link from the module directory to the fixtures directory. - Run the tasks on one or more hosts. For example:
You must add thebolt task run comply_enforcement_module::audit_unowned_files_and_directories -t $nodefqdn --modulepath spec/fixtures/modules
--modulepath spec/fixtures/modules
option to Bolt commands. Otherwise, Bolt is not able to find the tasks and plans.