Table of Contents
This puppet module contains custom facts required to determine security compliance on several Linux distributions. These base facts have been abstracted to this module so they can be shared across OS-specific modules.
Some of these custom facts take a long time to execute. It is recommended to update to version 7 or later of the puppet-agent to take advantage of native fact caching. The module provides a way to customize the 'ttls' for some of these "expensive" facts by managing entries in '/etc/puppetlabs/facter/facter.conf'.
The Security Facts module is required for the proper execution of the RHEL 7 and RHEL 8 Puppet modules. It must be installed along with these modules in order for them to function properly.
Adding the module to an environment is enough to begin collecting facts, but assigning the module to nodes will greatly improve performance. On facter version 4 or later, assigning the module to nodes will enable native fact caching with some "expensive" facts. The time to live for the fact cache can be controlled using module parameters for the respective facts. Under facter 3 and earlier, a confine statement in these "expensive" facts blocks facter execution entirely and instead, cron tasks are scheduled than run locally staged scripts to produce external fact files.
Assigning the module to nodes should be adequate in most cases. See the reference for details on the custom facts and default caching values.
Operating system specific compliance modules can be written to leverage these facts and avoid duplication of facts across different releases and versions. See the reference for the list of facts available from this module.
With the exceptions of
groups, all facts from the module are named
with the prefix
secfacts_ to avoid conflict with custom facts that may be delivered with
other modules. The following facts are included by the module:
This module is written for use with the Red Hat OS family but should work across most recent Linux distributions.
secfacts: Provide custom facts for use by compliance modules
Provide custom facts for use by compliance modules
- Note On facter 4 and higher, fact caching is managed with the "ttls" entry in "facter.conf". Older Puppet agents resort to cron jobs to update external fact files.
The following parameters are available in the
The directory where facter scripts will be created when using cron. (/opt/puppetlabs/facter/scripts)
The cache time to live for managed facts. See module hiera for su
A hash of cron resource schedule parameters. Only used with facter 3