O'Reilly logo

Learning Puppet Security by Jason Slagle

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Auditing a package

In this example, we'll extend our openssh module to audit the version installed. We'll then downgrade the package so that the version changes. Afterwards, we can verify whether the audit worked as expected.

Tip

In a production environment, it would make sense to audit at least the sshd binary along with the package. It's quite possible for the attacker to change the binary without even touching the package. Auditing the package is more useful to find system administrators upgrading packages to unauthorized versions by accident.

Modifying the module to audit

First, make sure the Vagrant machine is running. If you need to restart your Vagrant machine, see the first exercise to get it running.

Once it is running, go ahead and SSH it ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required