Module: Puppet::Util::SecurityBaseline

Included in:

Node::Facts::SecurityBaseline

Defined in:

lib/puppet/util/security_baseline.rb

Overview

Utility functions used by the report processor and the facts indirector.

Instance Method Summary

• #get_trusted_info(node) ⇒ Object
• #pe_console ⇒ Object
• #security_baseline_fact_server ⇒ Object
• #security_baseline_fact_server_port ⇒ Object
• #security_baseline_fact_timeout ⇒ Object
• #send_facts(request, time) ⇒ Object
• #settings ⇒ Object

Instance Method Details

#get_trusted_info(node) ⇒ Object

# File 'lib/puppet/util/security_baseline.rb', line 38

def get_trusted_info(node)
  trusted = Puppet.lookup(:trusted_information) do
    Puppet::Context::TrustedInformation.local(node)
  end
  trusted.to_h
end

#pe_console ⇒ Object

# File 'lib/puppet/util/security_baseline.rb', line 22

def pe_console
  settings['pe_console'] || Puppet[:certname]
end

#security_baseline_fact_server ⇒ Object

# File 'lib/puppet/util/security_baseline.rb', line 26

def security_baseline_fact_server
  settings[:host]
end

#security_baseline_fact_server_port ⇒ Object

# File 'lib/puppet/util/security_baseline.rb', line 30

def security_baseline_fact_server_port
  settings[:port]
end

#security_baseline_fact_timeout ⇒ Object

# File 'lib/puppet/util/security_baseline.rb', line 34

def security_baseline_fact_timeout
  settings[:timeout]
end

#send_facts(request, time) ⇒ Object

# File 'lib/puppet/util/security_baseline.rb', line 45

def send_facts(request, time)
  # Copied from the puppetdb fact indirector.  Explicitly strips
  # out the packages custom fact '_puppet_inventory_1'
  facts = request.instance.dup
  facts.values = facts.values.dup

  return unless facts.values.key?('security_baseline_summary')

  facts.values[:trusted] = get_trusted_info(request.node)

  # Puppet.info "Facts of security_baseline: #{facts.values[:trusted].to_json} |"

  facts.values.delete('_puppet_inventory_1')
  facts.values = facts.values.dup

  data = {}
  data['time_utc'] = time
  data['key'] = request.key
  data['environment'] = request.options[:environment] || request.environment.to_s
  data['tags'] = ['security_baseline', 'compliance']
  data['certname'] = facts.name
  arr = facts.name.split('.')
  data['hostname'] = if arr.empty? || arr.nil?
                       request.node
                     else
                       arr[0]
                     end
  data.merge!(facts.values['security_baseline_summary'])
  data.delete('_@timestamp')
  server = security_baseline_fact_server
  port = security_baseline_fact_server_port
  timeout = security_baseline_fact_timeout

  Puppet.info "sending security_baseline facts to Logstash at #{server}:#{port} for #{request.key}"

  Timeout.timeout(timeout) do
    json = data.to_json
    ls = TCPSocket.new server, port
    ls.puts json
    ls.close
  end

  Puppet.info "finished sending security_baseline facts to Logstash at #{server}:#{port} for #{request.key}"
end

#settings ⇒ Object

# File 'lib/puppet/util/security_baseline.rb', line 16

def settings
  return @settings if @settings
  @settings_file = Puppet[:confdir] + '/security_baseline.yaml'
  @settings = YAML.load_file(@settings_file)
end