Sicura Enterprise Edition
  1. Introduction
  2. Licensing
  3. Installing Sicura Enterprise
  4. Server install from RPM
  5. Server install from ISO
  6. Upgrade Sicura Enterprise
  7. Server Installation via Control Repo
  8. Enable SIMP Compliance Engine
  9. Configure SIMP Compliance Engine
  10. Included Compliance Profiles
  11. Console install via Puppet
  12. Agent Install via Puppet
  13. Coverage - CIS, Windows
  14. Coverage - CIS, Linux
  15. Coverage - CMMC, Windows
  16. Coverage - CMMC, Linux
  17. Coverage - DISA, Windows
  18. Coverage - DISA, Linux
  19. Coverage - NIST 800-171 r2, Windows
  20. Linux DISA Module Usage
  21. Windows CIS module usage
  22. Linux CIS Module Usage
  23. Linux SSG Module Usage

Agent Install via Puppet

Setup

Setup Requirements

This module assumes that you already have a Sicura Console running and ready to register new hosts. You will need to have a DNS entry resolving to the IP address of the Console.

Beginning with sicura_agent

To install and configure Sicura Agents on systems, include the sicura_agent class in the classlist. You may need to set values for the following parameters to match your environment’s configuration:

sicura_agent::collector_https - Defaults to true. Set to false if the Console does not have an SSL certificate.
sicura_agent::collector_port - Defaults to 6468. Set to the appropriate port the Console is listening on.
sicura_agent::collector - Defaults to 'sicura-console-collector'.  Set to the DNS name or IP address of the Console.
sicura_agent::bolt_ensure - Defaults to 'installed'.  Set to a specific version if required.  Meaningless if Bolt is already installed
sicura_agent::bolt_package_source - Defaults to 'nil'.  Set to the full path to the Bolt package if the system cannot find it through package management
sicura_agent::puppet_agent_ensure - Defaults to 'installed'.  Set to a specific version if required.  Meaningless if the Puppet Agent is already installed
sicura_agent::puppet_agent_package_source - Defaults to 'nil'.  Set to the full path to the Puppet Agent package if the system cannot find it through package management
sicura_agent::license_key - Defaults to 'nil'.  Set to the contents of your Sicura License file.  This is only necessary if you need the system to install Bolt and the Puppet Agent from the Sicura package repositories.  Setting this parameter will also automatically configure the system to use Sicura package repositories.
sicura_agent::dependency_repo - Defaults to 'nil', which will use existing package repositories to install dependencies.  Set to 'sicura' to install and use Sicura public package repositories.  Set to 'puppet' to install and use Puppet's public package repositories.

Usage

The following are several examples of hieradata for different sicura-agent configurations.

Scenario 1

classes:
  - sicura_agent

sicura_agent::collector: 'sicura-test.mydomain.local'
sicura_agent::collector_port: 443
sicura_agent::bolt_package_source: '\\files.mydomain.local\testRPMs\puppet-bolt-latest.x86_64.rpm'
sicura_agent::puppet_agent_source: '\\files.mydomain.local\testRPMs\puppet-agent-latest.x86_64.rpm'

Scenario 2

classes:
  - sicura_agent

sicura_agent::dependency_repo: 'puppet'
sicura_agent::log_to_file: true
sicura_agent::log_dest: '/var/log/sicura'