bolt_compliance

Table of Contents

1. Description
2. Setup - The basics of getting started with bolt_compliance
   • What bolt_compliance affects
   • Setup requirements
   • Beginning with bolt_compliance
3. Usage - Configuration options and additional functionality
4. Limitations - OS compatibility, etc.

Description

An example module showing how to implement CIS compliance testing tasks and plans which can send the output to Splunk.

Setup

Install the bolt_compliance module

puppet module install puppetlabs-stdlib
mkdir ~/modules
cd ~/modules
git clone https://github.com/timidri/bolt_compliance.git
cd bolt_compliance

Install python requirements

pip install -r requirements.txt

Configure Splunk

To use bolt_compliance, you need to create a Splunk HTTP Event Collector token in a Splunk Enterprise instance available to you. See Splunk HEC Service for guidance.

Then, create a configuration file inventory.yaml:

cp inventory-default.yaml inventory.yaml

and configure the Splunk HEC endpoint and token there.

Usage

To run a compliance plan, make sure you have some CentOS or Red Hat 7 nodes configured in the inventory.yaml. Then, you can run the plan as follows:

bolt plan run bolt_compliance::run --params '{"controls": ["1_1_2", "5_1_1"]}' -n all

to perform both available control checks on all the configured nodes.

To run a plan using the benchmark yaml specification in rhel7-cis-1.yaml, do:

bolt plan run bolt_compliance::run_yaml --params '{"benchmarks": ["rhel7-cis-1"]}' -n all

Limitations

The examples are for PoC / educational purposes only and only work on RHEL7 target nodes.