Skip to content

hpcprofessional/puppet-dirtycow

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits

examples

examples

 
 

lib/facter

lib/facter

 
 

manifests

manifests

 
 

spec

spec

 
 

.fixtures.yml

.fixtures.yml

 
 

.gitignore

.gitignore

 
 

.pmtignore

.pmtignore

 
 

.rspec

.rspec

 
 

.rubocop.yml

.rubocop.yml

 
 

.travis.yml

.travis.yml

 
 

.yardopts

.yardopts

 
 

CHANGELOG

CHANGELOG

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

CONTRIBUTORS

CONTRIBUTORS

 
 

Gemfile

Gemfile

 
 

Guardfile

Guardfile

 
 

LICENSE

LICENSE

 
 

README.markdown

README.markdown

 
 

Rakefile

Rakefile

 
 

metadata.json

metadata.json

 
 

Repository files navigation

Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with dirtycow
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module

Overview

This module is to help the system administrator identify machines that are currently susceptible to CVE-2016-5195, commonly known as "Dirty COW".

For more information on this security threat, view the Vulnerability Summary for CVE-2016-5195.

Module Description

This module creates a new fact named cve_2016_5195, that can be used to determine if the system is vulnerable.

The administrator can determine how this information is handled during a catalog compilation.

Setup

What dirtycow affects

  • Creates a new ruby-based fact named cve_2016_5195.

Beginning with dirtycow

Install the module:

puppet module install hpcprofessional/dirtycow

Usage

After the module is installed, its reporting is activated simply by including the class.

include dirtycow

Alternatively, parameters can be passed to the class by using the resource syntax:

class { 'dirtycow':
  notify_behavior => 'fail',
}

Reference

Classes

dirtycow

This class makes use of the cve_2016_5195 fact to notify the administrator. The default behavior is simply to create a notification on the run. However, if desired, the adminsitrator can set this class to fail the catalog compilation.

This is a parameterized class. The available parameters are shown here:

Parameter Type Values Default
notify_behavior Enum notify or fail notify

Facts

cve_2016_5195

This fact will have one of two several values based on the system:

Value Meaning
vulnerable The system is vulnerable and should be patched.
not vulnerable The system is not vulnerable.
unknown The state could not be determined. See below.

The final value, unknown, is returned when the fact could not determine whether or not the system is affected. Generally, this is caused by the fact being run on an unsupported operating system.

While this fact is automatically used by the dirtycow class, intrepid administrators can find additional uses for it (e.g., using it to upgrade the kernel on all affected machines via MCollective).

Limitations

Development

See the Contribution Guidelines to find out how you can help.

About

A puppet module to identify/remediate the Linux dirty COW kernel issue

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages