Overview

defined type db2_secured::ensure_set

With this defined type, you can select a subset of the CIS controls to ensure_set to your database. Currently only the set ALL is predefined. Making it functionaly equivalent with apply_cis.

You can also define your own sets. See here on how to define your own levels.

Here is an example on how to use this:

db2_secured::ensure_set {'db2inst1/DB1':
  product_version => 'db10',
  doc_version     => 'V1.1.0',
  set             => 'ALL'
}

Attributes

Attribute Name Short Description
doc_version The version of the CIS benchmark you want to apply to your database.
product_version The database version of the CIS benchmark you want to apply.
set With this parameter, you can specify the set of CIS controls you want to apply to your database.
title The database identifier to apply the control to.

title

The database identifier to apply the control to.

All controls need an database identifier to apply the control to. Here is a simple example:

db2_secured::controls::control_name { 'db2inst1/MYDB':}

In this example, the string dbinst1 is the instance, the string MYDB is the database to apply the control to.

Back to overview of ensure_set

product_version

The database version of the CIS benchmark you want to apply. Although not very logical, you can apply an older (or newer) database version to your database.

If you also don’t specify a product_version, Puppet will detect the version of DB2 running and use this to determine the product_version. There is, however, one issue with the detection. On an initial run Puppet canot determine what the DB2 version is. In that case, the db2_secured defined type will skip applying the CIS benchmark and wait until (hopefully) the next run the version of DB2 for specified sid is available.

Type: Optional[String[1]]

Default:db2_secured::default_product_version($title)

Back to overview of ensure_set

doc_version

The version of the CIS benchmark you want to apply to your database. When you don’t specify the doc_version, puppet automatically uses the latest version for your current product_version. Type: Optional[String[1]]

Default:db2_secured::default_doc_version($product_version, $benchmark)

Back to overview of ensure_set

set

With this parameter, you can specify the set of CIS controls you want to apply to your database.

Currently, we have the following sets predefined:

  • ALL
  • BASIC
  • AUDIT_ONLY

Check here for a description of the predefined sets. Type: String[1]

Default:'BASIC'

Back to overview of ensure_set