1. Introduction
2. Licensing
3. Installing Sicura Enterprise
4. Server install from RPM
5. Server install from ISO
6. Upgrade Sicura Enterprise
7. Server Installation via Control Repo
8. Enable SIMP Compliance Engine
9. Configure SIMP Compliance Engine
10. Included Compliance Profiles
11. Console install via Puppet
12. Agent Install via Puppet
13. Coverage - CIS, Windows
14. Coverage - CIS, Linux
15. Coverage - CMMC, Windows
16. Coverage - CMMC, Linux
17. Coverage - DISA, Windows
18. Coverage - DISA, Linux
19. Coverage - NIST 800-171 r2, Windows
20. Linux DISA Module Usage
21. Windows CIS module usage
22. Linux CIS Module Usage
23. Linux SSG Module Usage

Agent Install via Puppet

Setup

Setup Requirements

This module assumes that you already have a Sicura Console running and ready to register new hosts. You will need to have a DNS entry resolving to the IP address of the Console.

Beginning with sicura_agent

To install and configure Sicura Agents on systems, include the sicura_agent class in the classlist. You may need to set values for the following parameters to match your environment’s configuration:

sicura_agent::collector_https - Defaults to true. Set to false if the Console does not have an SSL certificate.
sicura_agent::collector_port - Defaults to 6468. Set to the appropriate port the Console is listening on.
sicura_agent::collector - Defaults to 'sicura-console-collector'.  Set to the DNS name or IP address of the Console.
sicura_agent::bolt_ensure - Defaults to 'installed'.  Set to a specific version if required.  Meaningless if Bolt is already installed
sicura_agent::bolt_package_source - Defaults to 'nil'.  Set to the full path to the Bolt package if the system cannot find it through package management
sicura_agent::puppet_agent_ensure - Defaults to 'installed'.  Set to a specific version if required.  Meaningless if the Puppet Agent is already installed
sicura_agent::puppet_agent_package_source - Defaults to 'nil'.  Set to the full path to the Puppet Agent package if the system cannot find it through package management
sicura_agent::license_key - Defaults to 'nil'.  Set to the contents of your Sicura License file.  This is only necessary if you need the system to install Bolt and the Puppet Agent from the Sicura package repositories.  Setting this parameter will also automatically configure the system to use Sicura package repositories.
sicura_agent::dependency_repo - Defaults to 'nil', which will use existing package repositories to install dependencies.  Set to 'sicura' to install and use Sicura public package repositories.  Set to 'puppet' to install and use Puppet's public package repositories.

Usage

The following are several examples of hieradata for different sicura-agent configurations.

Scenario 1

• You do not have a method of resolving sicura-console-collector to the Console, or you have multiple Consoles installed and want to register a node to ‘sicura-test.mydomain.local’.
• Your Console is listening on 443, using HTTPS.
• You have the dependency packages copied to ‘\\files.mydomain.local\testRPMs\’

classes:
  - sicura_agent

sicura_agent::collector: 'sicura-test.mydomain.local'
sicura_agent::collector_port: 443
sicura_agent::bolt_package_source: '\\files.mydomain.local\testRPMs\puppet-bolt-latest.x86_64.rpm'
sicura_agent::puppet_agent_source: '\\files.mydomain.local\testRPMs\puppet-agent-latest.x86_64.rpm'

Scenario 2

• You have a DNS entry resolving sicura-console-collector to the Console.
• Your console is listening on 6468, using HTTPS
• You want to get the latest Puppet Bolt and Agent from Puppet’s public repositories
• You want to enable logging and save logs to /var/log/sicura/

classes:
  - sicura_agent

sicura_agent::dependency_repo: 'puppet'
sicura_agent::log_to_file: true
sicura_agent::log_dest: '/var/log/sicura'