Auditing a package

In this example, we'll extend our openssh module to audit the version installed. We'll then downgrade the package so that the version changes. Afterwards, we can verify whether the audit worked as expected.

Tip

In a production environment, it would make sense to audit at least the sshd binary along with the package. It's quite possible for the attacker to change the binary without even touching the package. Auditing the package is more useful to find system administrators upgrading packages to unauthorized versions by accident.

Modifying the module to audit

First, make sure the Vagrant machine is running. If you need to restart your Vagrant machine, see the first exercise to get it running.

Once it is running, go ahead and SSH it ...

Get Learning Puppet Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.