{"id":26414104,"url":"https://github.com/shearn89/puppet-toughen","last_synced_at":"2025-03-17T23:57:52.601Z","repository":{"id":57668165,"uuid":"61279333","full_name":"shearn89/puppet-toughen","owner":"shearn89","description":"Hardening for Linux Servers","archived":false,"fork":false,"pushed_at":"2018-12-30T22:14:34.000Z","size":573,"stargazers_count":5,"open_issues_count":1,"forks_count":3,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-04-24T21:20:32.104Z","etag":null,"topics":["centos","cis","puppet","redhat","stig"],"latest_commit_sha":null,"homepage":"","language":"Puppet","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shearn89.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-06-16T09:19:17.000Z","updated_at":"2019-08-06T08:38:05.000Z","dependencies_parsed_at":"2022-09-07T15:50:30.962Z","dependency_job_id":null,"html_url":"https://github.com/shearn89/puppet-toughen","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shearn89%2Fpuppet-toughen","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shearn89%2Fpuppet-toughen/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shearn89%2Fpuppet-toughen/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shearn89%2Fpuppet-toughen/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shearn89","download_url":"https://codeload.github.com/shearn89/puppet-toughen/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244056404,"owners_count":20390719,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["centos","cis","puppet","redhat","stig"],"created_at":"2025-03-17T23:57:51.946Z","updated_at":"2025-03-17T23:57:52.585Z","avatar_url":"https://github.com/shearn89.png","language":"Puppet","funding_links":[],"categories":[],"sub_categories":[],"readme":"# toughen\n\n[![Build Status](https://travis-ci.org/shearn89/puppet-toughen.svg?branch=develop)](https://travis-ci.org/shearn89/puppet-toughen) [![Test Coverage](https://codeclimate.com/github/shearn89/puppet-toughen/badges/coverage.svg)](https://codeclimate.com/github/shearn89/puppet-toughen/coverage)\n\n#### Table of Contents\n\n1. [Description](#description)\n1. [Setup - The basics of getting started with toughen](#setup)\n    * [What toughen affects](#what-toughen-affects)\n    * [Beginning with toughen](#beginning-with-toughen)\n1. [Usage - A quick how-to](#usage)\n1. [Reference - Parameters, classes, types, etc.](#reference)\n1. [Limitations - OS compatibility, etc.](#limitations)\n1. [Development - Guide for contributing to the module](#development)\n\n## Description\n\nThis is a puppet module that applies various hardening controls as detailed in \nthe documents referenced in `guides.txt`.\n\nThe aim of me writing my own module is to lay out the controls in a manner that\nI feel is readable and easy to understand, whilst also providing flexibility to\nthe user so that they can add exceptions where necessary.\n\nFirst priority for development will be CentOS 7, followed by RHEL7. Then the \nversion 6 of both those, followed by Ubuntu and Debian. Other Linux OS's will\nfollow in good time.\n\n## Setup\n\n### What toughen affects \n\nA range from everything to nothing - it's server hardening. If you're unaware\nwhat that involves I **strongly recommend** you read the guides.\n\n### Beginning with toughen\n\nAt it's most basic, simply `include toughen`. However, this will apply the \ndefaults with no consideration for any specific requirments. Good as a starting\npoint if you're building from scratch, not so good if you're hardening an \nexisting server. For that you'll want to apply specific sections of the module.\n\n## Usage\n\nFor more fine-grained usage, wrap sections into a `profile`:\n\n    class profile::security {\n        include toughen::aide\n        include toughen::auditing\n        include toughen::banners\n        include toughen::boot\n        include toughen::cron\n        include toughen::filesystem\n        ## Skip firewall, managed elsewhere.\n        # include toughen::firewall\n        include toughen::init\n        include toughen::legacy_services\n        include toughen::mandatory_access\n        include toughen::network\n        include toughen::pam\n        include toughen::perms_owners\n        include toughen::process\n        include toughen::rsyslog\n        include toughen::services\n        include toughen::shadow\n        include toughen::ssh\n        include toughen::sudo\n        ## Skip updates, managed elsewhere\n        include toughen::updates\n        include toughen::user_env\n    }\n\nYou can also pass in parameters directly:\n\n    class profile::security {\n\n        class { 'toughen::ssh':\n            $port =\u003e 2222,\n            $allow_users =\u003e ['shearna', 'vagrant'],\n        }\n\n    }\n\nAnd many other things. The full list of parameters is long and distinguished...\n\n## Reference\n\nTODO\n\nHere, include a complete list of your module's classes, types, providers,\nfacts, along with the parameters for each. Users refer to this section (thus\nthe name \"Reference\") to find specific details; most users don't read it per\nse.\n\n## Limitations\n\nSo far, supported only on Puppet 3.8 and CentOS/RedHat 7.\n\nStill to come:\n\n* CentOS/RedHat 6\n* Ubuntu 16.04.x LTS\n* Amazon Linux?\n\nAlso:\n\n* Scan results with well-known compliance scanners (Nessus, Nexpose)\n\nAt some point it would be nice to use some of the iterators in Puppet 4, given\nRedHat doesn't use Puppet 4 yet, it's a ways off.\n\n## Development\n\nPlease feel free to contribute via GitHub with a pull request. If you're \nadding classes, please add unit tests (take a look in `spec/classes/` for \nexamples). You can get set up with:\n\n    $\u003e bundle install\n    $\u003e bundle exec rake\n\n...which will lint, validate, and run the spec tests. Please ensure these tests\nstill pass when you have made changes!\n\nYou can also view the compliance score against the STIG 'RHEL7 upstream' \nprofile. On CentOS 7:\n\n    $\u003e sudo yum install -y openscap-scanner scap-security-guide\n    $\u003e sudo oscap xccdf eval \\\n        --profile xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream \\\n        --results report.xml \\\n        --report  report.html \\\n        /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml\n\n...and then open up report.html in a browser. Note that this module aims for\ncompliance with CIS standards, not STIG, so there is some discrepancy.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshearn89%2Fpuppet-toughen","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshearn89%2Fpuppet-toughen","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshearn89%2Fpuppet-toughen/lists"}