Module <site>
In: /tmp/puppet/manifests/nodes/nodes.pp
/tmp/puppet/manifests/settings.pp
/tmp/puppet/manifests/site.pp

README The purpose of these Puppet manifests and kickstart file is to assist system administrators deploying the DoD Baseline for Red Hat Enterprise Linux 5. The security configuration content that is applied by these Puppet manifests was signed off as a DoD Baseline by DoD CIO Wennergren in April 2010.

Puppet is only one method that is available for automating the configuration and management of systems, and the existence of this resource does not constitute an endorsement of it. Information on Puppet is available at puppetlabs.com. Even if Puppet is not the management software used in your operational environment, these files should demonstrate how to apply security-relevant settings from the baseline. These files should also demonstrate and reinforce the idea that whenever many systems should be operating with similar settings, their configuration and management should be automated by software designed for that purpose.

See the file INSTRUCTIONS for information on how to perform an installation of Red Hat Enterprise Linux 5 and configure it to be compliant with the baseline.

Nodes

Node ::/.*puppet.*/
Node ::default
Node ::workstation

Global Variables

dns_server = "dns.$domain"
ntpd_servers = ["ntp.$domain"]
syslog_servers = ["255.255.255.0", "127.0.0.1"]
syslog_client_options = "-m 0"
syslog_server_options = "-m 0 -r -s $domain"

[Validate]