Puppet Class: openscap

Defined in:
manifests/init.pp

Overview

This class installs SCAP content and the associated tools. It is mostly based on the scap-security-guide open source project with several customizations for SIMP.

Parameters:

  • enable_schedule (Boolean) (defaults to: false)

    Run an OpenSCAP scan on a schedule, using ‘openscap::schedule`

  • scap_ensure (String) (defaults to: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' }))

    Package ensure value for the ‘openscap-utils` package

  • ssg_ensure (String) (defaults to: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' }))

    Package ensure value for the ‘scap-security-guide` package

Author:



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'manifests/init.pp', line 16

class openscap (
  Boolean $enable_schedule = false,
  String $scap_ensure = simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' }),
  String $ssg_ensure  = simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' }),
) {

  simplib::assert_metadata($module_name)

  if $enable_schedule {
    include 'openscap::schedule'
    Class['openscap'] -> Class['openscap::schedule']
  }

  package { 'openscap-utils':
    ensure => $scap_ensure
  }
  package { 'scap-security-guide':
    ensure => $ssg_ensure
  }
}