ensure set

Overview

defined type mssql_secured::ensure_set

With this defined type, you can select a subset of the CIS controls to ensure_set to your database. Currently the sets BASIC, AUDIT_ONLY and ALL are predefined.

You can also define your own sets. See here on how to define your own levels.

Here is an example on how to use this:

mssql_secured::ensure_set {'DB1:
  product_version => 'mssql2019',
  doc_version     => 'V1.2.0',
  set             => 'BASIC'
}

Attributes

Attribute Name Short Description
benchmark  
doc_version The version of the CIS benchmark you want to apply to your database.
product_version The database version of the CIS benchmark you want to apply.
set With this parameter, you can specify the set of CIS controls you want to apply to your database.
title The database to apply the set of controls to to.

title

The database to apply the set of controls to to.

mssql_secured::apply need an database to apply the controls to. Here is a simple example:

mssql_secured::apply {'MSSQLSERVER':}

In this example, the string DB is the database to apply the controls to..

Back to overview of ensure_set

product_version

The database version of the CIS benchmark you want to apply. Although not very logical, you can apply an older (or newer) database version to your database.

If you also don’t specify a product_version, Puppet will detect the version of Microsoft SQL Server running and use this to determine the product_version. There is, however, one issue with the detection. On an initial run Puppet canot determine what the Microsoft SQL Server version is. In that case, the mssql_secured defined type will skip applying the CIS benchmark and wait until (hopefully) the next run the version of Microsoft SQL Server for specified database is available.

Type: Optional[String[1]]

Default:mssql_secured::default_product_version($title)

Back to overview of ensure_set

doc_version

The version of the CIS benchmark you want to apply to your database. When you don’t specify the doc_version, puppet automatically uses the latest version for your current product_version. Type: Optional[String[1]]

Default:mssql_secured::default_doc_version($product_version, 'cis')

Back to overview of ensure_set

set

With this parameter, you can specify the set of CIS controls you want to apply to your database.

Currently, we have the following sets predefined:

  • ALL
  • BASIC
  • AUDIT_ONLY

Check here for a description of the predefined sets. Type: String[1]

Default:'BASIC'

Back to overview of ensure_set

benchmark

The type of security baseline. Type: Easy_type::Baseline_type

Default:'cis'

Back to overview of ensure_set