How to use Puppet for CIS database compliance

How to use Puppet for CIS database compliance Database administrators have a lot on their plate. In addition to ensuring that the data in their systems is accurate and accessible, they also need to ensure that their systems are compliant with various security standards. This blog post will show you how Puppet can help you automate database compliance tasks. We’ll discuss some of the CIS database compliance benchmarks and how Puppet can help you meet them. Stay tuned for more tips on automating your database compliance tasks!

What is Puppet and what it can do

Puppet is software that enables users to automate the configurations of their systems. It is useful for configuration management of servers, workstations, and network devices. With Puppet, users can define the desired state of their systems, and the software will make changes to achieve that state. For example, if a user wants to ensure that all files in a certain directory are owned by a specific user, they can create a Puppet configuration that will change the ownership of any files that do not match the desired state. Puppet can also be used to install and manage software packages, create and manage user accounts, and much more. As a result, it is a powerful tool for system administrators and DevOps professionals. But surely also for security professionals looking to automate the security of their systems.

How Puppet can be used for CIS database compliance

Database compliance is a huge challenge, but Puppet and the security modules from Enterprise Modules can simplify this task. Enterprise Modules has Puppet modules to ensure CIS compliance for IBM DB2, Oracle, Postgres and Microsoft SQL Server.These modules can automatically check and remediate your databases against CIS database benchmarks. These security modules enforce security settings at the individual node level, so you can be sure that your systems are always compliant. In addition, these modules allow you to log all changes to a central location for auditing purposes. As a result, Puppet can help you meet your database compliance needs quickly and easily.

The benefits of using Puppet for CIS database compliance

There are many benefits to using Puppet for CIS database compliance. In addition to simplifying the compliance process, Puppet can also help you save time and money. Automating the compliance process can free up your staff to focus on other tasks. And by centralizing the management of your security settings on your Puppet server, you save time and money. Many security tools just report when something is off. Puppet, on the other hand, instantly fixes the issues found.

A case study of how Puppet was used to achieve CIS database compliance

One of our customers used the ora_secured module to guard CIS compliance on their fleet of Oracle databases. They already implemented Puppet, but needed additional safeguards for CIS compliance. Using the ora_secured module and adding one line of Puppet code to their existing Puppet code base was enough.

But some of the controls mandated by CIS were so strict that they caused the application to fail. So they used the extensive customizations of the ora_secured module to skip certain controls and add some organization-specific values to some of the controls.

The logging at the Puppet server is helpful to show an auditor, for example, that your database was compliant during operations. Any changes done to the database by Puppet are logged. And Puppet shows you what security control caused the change.

The customer was able to achieve and maintain compliance with little effort quickly. The fact that they could easily customize the security modules to fit their specific needs was a big plus. As a result, they were able to save time and money while ensuring the security of their systems.


Puppet can help you meet your database compliance needs quickly and easily. And with the ability to customize the security modules to fit your specific needs, you can be sure that your systems are always compliant. You can manage CIS compliance with Puppet for:

So why not give Puppet and the security modules a try? You may be surprised at how much it can simplify your compliance process.

If you are interested in using Puppet for CIS database compliance, please contact us or by phone: +31 (0)30-601 6000. We would be happy to help you get started.

About us

Enterprise Modules is the leading developer of enterprise-ready puppet modules for Oracle databases,Oracle WebLogic, and IBM MQ or DB2 software. Our puppet modules help sysadmins and DBAs to automate the installation, configuration, and management of their databases and application server systems. These modules allow them to make managed, consistent, repeatable, and fast changes to their infrastructure and automatically enforce the consistency. We are a proud member of the Conclusion family.

Conclusion is thé multidisciplinary service provider in the field of Business Transformation and IT Services. Our tagline? Business Done Differently. Our 1250 specialists and professionals live up to that every day by truly combining our IT knowledge with business and domain know-how. With dedication, creativity, and flexibility, we take responsibility for the social and mission-critical business processes and systems of our customers and enable organizations to digitally transform their business model. Our primary focus is on the Dutch market and more specifically on the domains of Public Transport, Healthcare, Finance, and Industry. Conclusion. Business Done Differently


For more information, please visit our website: or contact us at