customizations

Overview

Because scanning all of your files is a very resource-intensive and time-consuming task, you might want to customize this scanning to your needs.

time between scans

By default, Puppet® scans your system once every 24 hours. If you would like to change this time, you can add this to your hieradata:

vulnerability::setup::ttl_hours:          48

This will change the frequency to once every 48 hours. The longer you make this interval, the less up-to-date your list of vulnerabilities is, and the fewer resources and times it takes. See here for more details.

Directories to scan

By default Puppet® will scan all of your files. This is probably a bit too much. You can control the directories that are scanned by adding them to your hiera data like this:

vulnerability::setup::directories:
- /bin
- /usr/bin
- /sbin
- /myapp

See here for more details.

Files and directories to exclude

By default Puppet® will scan all of the files and subdirectories you have specified in the previous step. You might, however want to exclude specific files and/or directories. You can control this by adding this to your hiera data:

vulnerability::setup::excludes:
- ./software_kits
- ./user_files/**/*.tar

See here for more details.