From 79cb523d01c0c05b4bbe3379f488da9f2a555463 Mon Sep 17 00:00:00 2001 From: Abir Majumdar Date: Fri, 14 Sep 2018 11:31:28 -0700 Subject: [PATCH 01/10] Create windows_base_hipaa.pp --- site/role/manifests/windows_base_hipaa.pp | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 site/role/manifests/windows_base_hipaa.pp diff --git a/site/role/manifests/windows_base_hipaa.pp b/site/role/manifests/windows_base_hipaa.pp new file mode 100644 index 0000000..9400139 --- /dev/null +++ b/site/role/manifests/windows_base_hipaa.pp @@ -0,0 +1,4 @@ +# @summary This role installs a baseline of packages on Windows machines according to HIPAA guidelines +class role::windows_base_hipaa { + include profile::baseline_hipaa +} From ec63bc0430601d2dd3c6d35ad9bd48a19c63dca5 Mon Sep 17 00:00:00 2001 From: Abir Majumdar Date: Fri, 14 Sep 2018 12:05:53 -0700 Subject: [PATCH 02/10] Update Puppetfile --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index 41f6eab..766f4b2 100644 --- a/Puppetfile +++ b/Puppetfile @@ -34,7 +34,7 @@ mod 'puppetlabs-bolt_shim', '0.1.1' mod 'puppetlabs-reboot', '2.0.0' mod 'puppet-iis', '2.0.2' -mod 'puppet-windows_firewall', '1.0.3' +mod 'puppet-windows_firewall', '2.0.1' mod 'puppet-windowsfeature', '2.0.0' mod 'puppet-hiera', '2.1.2' mod 'puppet-archive', '3.2.0' From d993c90a0d81a87135e1961116fb28d88ee1d59d Mon Sep 17 00:00:00 2001 From: Abir Majumdar Date: Fri, 14 Sep 2018 12:09:30 -0700 Subject: [PATCH 03/10] Update windows.pp --- site/profile/manifests/sample_website/windows.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/profile/manifests/sample_website/windows.pp b/site/profile/manifests/sample_website/windows.pp index bd59c3c..7ae19d5 100644 --- a/site/profile/manifests/sample_website/windows.pp +++ b/site/profile/manifests/sample_website/windows.pp @@ -27,7 +27,7 @@ class profile::sample_website::windows ( windows_firewall::exception { 'IIS': ensure => present, direction => 'in', - action => 'Allow', + action => 'allow', enabled => 'yes', protocol => 'TCP', local_port => $webserver_port, From 2fb2018d64a9f703e30233f6fab991bbaf3b69cd Mon Sep 17 00:00:00 2001 From: Abir Majumdar Date: Fri, 14 Sep 2018 14:53:02 -0700 Subject: [PATCH 04/10] Update windows_baseline.pp --- site/profile/manifests/windows_baseline.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/profile/manifests/windows_baseline.pp b/site/profile/manifests/windows_baseline.pp index df40ddb..19db2df 100644 --- a/site/profile/manifests/windows_baseline.pp +++ b/site/profile/manifests/windows_baseline.pp @@ -16,7 +16,7 @@ class profile::windows_baseline { windows_firewall::exception { 'TSErule': ensure => present, direction => 'in', - action => 'Allow', + action => 'allow', enabled => 'yes', protocol => 'TCP', local_port => '8080', From 97da4055a48d09fe2801afc1be8295e3a290ce13 Mon Sep 17 00:00:00 2001 From: Abir Majumdar Date: Fri, 14 Sep 2018 15:07:36 -0700 Subject: [PATCH 05/10] Update windows_baseline.pp --- site/profile/manifests/windows_baseline.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site/profile/manifests/windows_baseline.pp b/site/profile/manifests/windows_baseline.pp index 19db2df..be7bbdb 100644 --- a/site/profile/manifests/windows_baseline.pp +++ b/site/profile/manifests/windows_baseline.pp @@ -17,9 +17,9 @@ class profile::windows_baseline { ensure => present, direction => 'in', action => 'allow', - enabled => 'yes', + enabled => true, protocol => 'TCP', - local_port => '8080', + local_port => 8080, display_name => 'TSE PUPPET DEMO', description => 'Inbound rule example for demo purposes', } From f218f21ac39f54842e7215a53c36b84bee9b3554 Mon Sep 17 00:00:00 2001 From: Abir Majumdar Date: Fri, 14 Sep 2018 15:22:22 -0700 Subject: [PATCH 06/10] Update windows.pp --- site/profile/manifests/sample_website/windows.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/profile/manifests/sample_website/windows.pp b/site/profile/manifests/sample_website/windows.pp index 7ae19d5..2d86b6e 100644 --- a/site/profile/manifests/sample_website/windows.pp +++ b/site/profile/manifests/sample_website/windows.pp @@ -28,7 +28,7 @@ class profile::sample_website::windows ( ensure => present, direction => 'in', action => 'allow', - enabled => 'yes', + enabled => true, protocol => 'TCP', local_port => $webserver_port, display_name => 'HTTP Inbound', From 753585482d192b563404b83d60579339bca486f0 Mon Sep 17 00:00:00 2001 From: Abir Majumdar Date: Tue, 18 Sep 2018 00:58:27 -0400 Subject: [PATCH 07/10] Update linux.pp --- site/profile/manifests/sample_website/linux.pp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/site/profile/manifests/sample_website/linux.pp b/site/profile/manifests/sample_website/linux.pp index df98b97..69a9937 100644 --- a/site/profile/manifests/sample_website/linux.pp +++ b/site/profile/manifests/sample_website/linux.pp @@ -11,6 +11,11 @@ class profile::sample_website::linux ( port => $webserver_port, docroot => $doc_root, require => File[$doc_root], + options => ['-Indexes'], + error_documents => [ + { 'error_code' => '404', 'document' => '/404.html' }, + { 'error_code' => '403', 'document' => '/403.html' } + ] } firewalld_port { 'Open port for web': From b5dce888106f1e42864993f2ade31085753f31cc Mon Sep 17 00:00:00 2001 From: Abir Majumdar Date: Tue, 18 Sep 2018 01:00:35 -0400 Subject: [PATCH 08/10] Fixing formatting issue --- site/profile/manifests/sample_website/linux.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/site/profile/manifests/sample_website/linux.pp b/site/profile/manifests/sample_website/linux.pp index 69a9937..b609b34 100644 --- a/site/profile/manifests/sample_website/linux.pp +++ b/site/profile/manifests/sample_website/linux.pp @@ -8,9 +8,9 @@ class profile::sample_website::linux ( # configure apache apache::vhost { $::fqdn: - port => $webserver_port, - docroot => $doc_root, - require => File[$doc_root], + port => $webserver_port, + docroot => $doc_root, + require => File[$doc_root], options => ['-Indexes'], error_documents => [ { 'error_code' => '404', 'document' => '/404.html' }, From ab9b0c25f9e2912186f76e179d8973db27a286ec Mon Sep 17 00:00:00 2001 From: Abir Majumdar Date: Tue, 18 Sep 2018 01:04:11 -0400 Subject: [PATCH 09/10] Fixing formatting again --- site/profile/manifests/sample_website/linux.pp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/site/profile/manifests/sample_website/linux.pp b/site/profile/manifests/sample_website/linux.pp index b609b34..5dbd90c 100644 --- a/site/profile/manifests/sample_website/linux.pp +++ b/site/profile/manifests/sample_website/linux.pp @@ -8,11 +8,11 @@ class profile::sample_website::linux ( # configure apache apache::vhost { $::fqdn: - port => $webserver_port, - docroot => $doc_root, - require => File[$doc_root], - options => ['-Indexes'], - error_documents => [ + port => $webserver_port, + docroot => $doc_root, + require => File[$doc_root], + options => ['-Indexes'], + error_documents => [ { 'error_code' => '404', 'document' => '/404.html' }, { 'error_code' => '403', 'document' => '/403.html' } ] From ce4a8ef91761027c0de77b012033818a03813cef Mon Sep 17 00:00:00 2001 From: Abir Majumdar Date: Tue, 18 Sep 2018 01:05:20 -0400 Subject: [PATCH 10/10] Update linux.pp --- site/profile/manifests/sample_website/linux.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/profile/manifests/sample_website/linux.pp b/site/profile/manifests/sample_website/linux.pp index 5dbd90c..68d7de1 100644 --- a/site/profile/manifests/sample_website/linux.pp +++ b/site/profile/manifests/sample_website/linux.pp @@ -15,7 +15,7 @@ class profile::sample_website::linux ( error_documents => [ { 'error_code' => '404', 'document' => '/404.html' }, { 'error_code' => '403', 'document' => '/403.html' } - ] + ] } firewalld_port { 'Open port for web':