Auditing a package

In this example, we'll extend our openssh module to audit the version installed. We'll then downgrade the package so that the version changes. Afterwards, we can verify whether the audit worked as expected.


In a production environment, it would make sense to audit at least the sshd binary along with the package. It's quite possible for the attacker to change the binary without even touching the package. Auditing the package is more useful to find system administrators upgrading packages to unauthorized versions by accident.

Modifying the module to audit

First, make sure the Vagrant machine is running. If you need to restart your Vagrant machine, see the first exercise to get it running.

Once it is running, go ahead and SSH it ...

Get Learning Puppet Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.