{"id":26700393,"url":"https://github.com/floek/puppet-lint-security-plugins","last_synced_at":"2025-04-13T08:42:27.657Z","repository":{"id":35566004,"uuid":"39838020","full_name":"floek/puppet-lint-security-plugins","owner":"floek","description":"Identify security issues in your Puppet code.","archived":false,"fork":false,"pushed_at":"2017-08-24T06:24:24.000Z","size":30,"stargazers_count":19,"open_issues_count":1,"forks_count":11,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-20T14:09:47.880Z","etag":null,"topics":["devops","lint","puppet","puppet-lint"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/floek.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-07-28T14:15:18.000Z","updated_at":"2023-01-10T03:16:15.000Z","dependencies_parsed_at":"2022-09-16T13:11:06.091Z","dependency_job_id":null,"html_url":"https://github.com/floek/puppet-lint-security-plugins","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/floek%2Fpuppet-lint-security-plugins","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/floek%2Fpuppet-lint-security-plugins/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/floek%2Fpuppet-lint-security-plugins/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/floek%2Fpuppet-lint-security-plugins/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/floek","download_url":"https://codeload.github.com/floek/puppet-lint-security-plugins/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248687393,"owners_count":21145690,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devops","lint","puppet","puppet-lint"],"created_at":"2025-03-27T00:20:01.045Z","updated_at":"2025-04-13T08:42:27.637Z","avatar_url":"https://github.com/floek.png","language":"Ruby","readme":"# Puppet-lint-security-plugins\n\nThe goal of this project is to identify security issues in your Puppet code. Some basic checks\nare implemented, please feel free to contribute.\n\n## Installation\n\n    gem install puppet-lint-security-plugins\n\n[![Gem Version](https://badge.fury.io/rb/puppet-lint-security-plugins@2x.png)](https://badge.fury.io/rb/puppet-lint-security-plugins)\n\n## Testing your manifests\n\nJust use `puppet-lint`. After installation security checks are enabled by default.\n\n## Implemented tests\n\nAt the moment, the following tests have been implemented:\n\n### Puppet Resource Types\n\n * Must not use `eval` in inline\\_templates\n * Must not use setuid bit in `file` resources when owner equals `root`\n * Must not use setgid bit in `file` resources when group equals `root`\n * Must not use mode `777` in `file` resources\n * Should not pin packages to specific version\n * Must not store plaintext passwords in the manifest\n * Must not use password variables in exec\n * Must not use class or defined\\_type parameters in `exec`\n * Should not use `tidy`with `age` and/or `size` parameter\n * Should not use `tidy` with `match` equals to `*`\n * Should not use `tidy` with `recurse` enabled\n * Must not create non root user with id 0\n * Should not disable services (example: mysql, puppetmaster)\n\n### puppetlabs-apache module\n\n * Should not use bad ciphers\n * Should enable ssl on any vhost\n\n### puppetlabs-apt module\n\n * Must use an GPG key in repository definition\n\n### puppetlabs-firewall module\n\n * Must not use firewall allow rules with source and destination equals `any`\n * Should not use firewall deny rules with source and destination equals `any` (possible deny of service)\n * Must use ips or subnets in source or destination (no dns)\n * Should not block puppetmaster port\n\n### saz/ssh module\n\n * Must not enable `PermitRootLogin`\n\n### saz/sudo module\n\n * Must not define sudo to anyone with root permissions\n\n## Reporting bugs or incorrect results\n\nIf you find a bug in puppet-lint or its results, please create an issue in the\n[repo issues tracker](https://github.com/floek/puppet-lint-security-plugins/issues/).\n\n## Please contribute\n\nMany other usefull checks may be out there, so feel free to fork and add your own.\n\n## License\n\nThe MIT License (MIT)\n\nCopyright (c) 2015 Florian Freund\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffloek%2Fpuppet-lint-security-plugins","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffloek%2Fpuppet-lint-security-plugins","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffloek%2Fpuppet-lint-security-plugins/lists"}