Overview

Guard the system for vulnerabilities.

When you include this class into your catalog, Puppet starts to guard your system. Meaning it will check on every Puppet run’s if the number of found vulnerabilities is lower than the maximum number you have specified.

When Puppet detects that more vulnerabilities are found on your system than you specified, Puppet will fail.

You will need to monitor the status of Puppet runs on the Puppet server and take appropriate actions.

Sometimes you know about a set of vulnerabilities, and you don’t want Puppet to report on this. If this is the case, add the vulnerability ID to the allow_list. Puppet will then allow this specific CVE on your system without reporting and/or failing on it.

Attributes

Attribute Name Short Description
allow_list The list of vulnerability id’s you want to allow on your system.
critical The number of critical vulnerabilities you allow on your system before Puppet throws an error.
high The number of high vulnerabilities you allow on your system before Puppet throws an error.
low The number of low vulnerabilities you allow on your system before Puppet throws an error.
medium The number of low vulnerabilities you allow on your system before Puppet throws an error.
negligible The number of negligible vulnerabilities you allow on your system before Puppet throws an error.
unknown The number of unkown vulnerabilities you allow on your system before Puppet throws an error.

allow_list

The list of vulnerability id’s you want to allow on your system.

When a found vulnerability is on your allow list, it will not count in the number of identified vulnerabilities on the system.

Type: Array[String[1]]

Back to overview of guard

critical

The number of critical vulnerabilities you allow on your system before Puppet throws an error.

The default is 0. Type: Optional[Integer]

Back to overview of guard

high

The number of high vulnerabilities you allow on your system before Puppet throws an error.

The default is Undef. Meaning Puppet doesn’t guard this. Type: Optional[Integer]

Back to overview of guard

low

The number of low vulnerabilities you allow on your system before Puppet throws an error.

The default is Undef. Meaning Puppet doesn’t guard this. Type: Optional[Integer]

Back to overview of guard

medium

The number of low vulnerabilities you allow on your system before Puppet throws an error.

The default is Undef. Meaning Puppet doesn’t guard this. Type: Optional[Integer]

Back to overview of guard

negligible

The number of negligible vulnerabilities you allow on your system before Puppet throws an error.

The default is Undef. Meaning Puppet doesn’t guard this. Type: Optional[Integer]

Back to overview of guard

unknown

The number of unkown vulnerabilities you allow on your system before Puppet throws an error.

The default is Undef. Meaning Puppet doesn’t guard this. Type: Optional[Integer]

Back to overview of guard