Hello,
Published puppet-module-cve[1] to act as a framework for adding facts
for specific CVE's that tell you if you are vulnerable to them.
Inspiration came after ShellShock where I saw people had written modules
with corresponding facts exclusively for that exploit. Our community
needs a simple module that is easily extended to test for multiple CVE's
instead of managing a bunch of separate modules that each check for one
exploit.
Each CVE has its own flat fact, such as 'cve_2014_6271'.
$ facter -p cve_2014_6271
not_vulnerable
There is a structured fact, 'cve', that returns a list of all tested
CVE's, all vulnerable CVE's, and all CVE's to which you are not vulnerable.
$ facter -p --yaml cve
---
cve:
vulnerable:
- cve_666
tested:
- cve_777
- cve_2014_6271
- cve_666
not_vulnerable:
- cve_777
- cve_2014_6271
By default the module is quiet, though you can enable the ability to use
notify{} to alert you to which CVE's you are vulnerable.
Looking forward to your help in adding facts to check for more exploits.
[1] - https://github.com/ghoneycutt/puppet-module-cve
Best regards,
-g
--
Garrett Honeycutt
@learnpuppet
Puppet Training with LearnPuppet.com
Mobile: +1.206.414.8658
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/543853CE.3080001%40garretthoneycutt.com.
For more options, visit https://groups.google.com/d/optout.
