Skip to content

simp/pupmod-simp-clamav

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

81 Commits
.github/workflows
.github/workflows
 
 
SIMP/compliance_profiles
SIMP/compliance_profiles
 
 
files
files
 
 
manifests
manifests
 
 
spec
spec
 
 
templates
templates
 
 
.fixtures.yml
.fixtures.yml
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.pdkignore
.pdkignore
 
 
.puppet-lint.rc
.puppet-lint.rc
 
 
.rspec
.rspec
 
 
CHANGELOG
CHANGELOG
 
 
Gemfile
Gemfile
 
 
Guardfile
Guardfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
REFERENCE.md
REFERENCE.md
 
 
Rakefile
Rakefile
 
 
metadata.json
metadata.json
 
 

Repository files navigation

License CII Best Practices Puppet Forge Puppet Forge Downloads Build Status

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they can be submitted to our JIRA.

Please read our Contribution Guide.

Table of Contents

Description

This module provides an interface to the installation and management of ClamAV.

See REFERENCE.md for API documentation.

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they can be submitted to our JIRA.

Please read our Contribution Guide

This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:

  • When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.

  • If used independently, all SIMP-managed security subsystems are disabled by default and must be explicitly opted into by administrators. Please review the simp-simp_options module for details. These catalysts are used by SIMP to allow users to override default behavior of classes that are included by default.

NOTE:

  • SIMP's clamav class was removed from the default class list in all SIMP scenarios in SIMP 6.5. Users of SIMP 6.5 or later must manually add clamav to the class list or include it via a manifest.

  • Because of the SIMP 6.5 clamav change, SIMP's simp_options::clamav catalyst has been deprecated and will be removed in a future release. In the interim, the catalyst is still used as a wrapper for this module for backwards compatibility. Therefore, you must have simp_options::clamav undefined or set to true for this module to do anything.

  • Setting the SIMP catalyst, simp_options::clamav, to false does not uninstall ClamAV, it simply prevents this module from doing anything. See the Using clamav section below for how to remove ClamAV from the system.

Using clamav

This module can be used to add or remove clamav from a system.

To manage ClamAV with this module:

include clamav

By default this module will install ClamAV and set up a cron to do a scan.

To remove ClamAV from the system set the following via Hiera:

---
clamav::enable: false

Enabling updates

Generally, your updates will be provided by an upstream package repository, such as EPEL. However, there are two optional methods for enabling DAT file updates.

freshclam

To enable the freshclam update system, set the following via Hiera:

---
clamav::enable_freshclam: true

NOTE: No additional configuration of freshclam is currently supported. To update the configuration file, you will need to create your own File resource.

rsync

You may choose to enable rsync downloads of the DAT files from a SIMP rsync server. The module defaults are already set to support this configuration.

Client side

Add the following to Hiera to enable rsync downloads:

---
clamav::enable_data_rsync: true
Server side

To add DAT files to the server, you should place them in /var/simp/environments/<environment>/rsync/Global/clamav and ensure that the permissions are set to 409:409.

Limitations

SIMP Puppet modules are generally intended for use on Red Hat Enterprise Linux and compatible distributions, such as CentOS. Please see the metadata.json file for the most up-to-date list of supported operating systems, Puppet versions, and module dependencies.

Development

Please see the SIMP Contribution Guidelines.

Acceptance tests

This module includes Beaker acceptance tests using the SIMP Beaker Helpers. By default the tests use Vagrant with VirtualBox as a back-end; Vagrant and VirtualBox must both be installed to run these tests without modification. To execute the tests run the following:

bundle install
bundle exec rake beaker:suites

Please refer to the SIMP Beaker Helpers documentation for more information.

Some environment variables may be useful:

BEAKER_debug=true
BEAKER_provision=no
BEAKER_destroy=no
BEAKER_use_fixtures_dir_for_modules=yes
  • BEAKER_debug: show the commands being run on the STU and their output.
  • BEAKER_destroy=no: prevent the machine destruction after the tests finish so you can inspect the state.
  • BEAKER_provision=no: prevent the machine from being recreated. This can save a lot of time while you're writing the tests.
  • BEAKER_use_fixtures_dir_for_modules=yes: cause all module dependencies to be loaded from the spec/fixtures/modules directory, based on the contents of .fixtures.yml. The contents of this directory are usually populated by bundle exec rake spec_prep. This can be used to run acceptance tests to run on isolated networks.

About

The SIMP clamav Puppet Module

Topics

puppet simp

Resources

Readme

License

View license
Activity
Custom properties

Stars

2 stars

Watchers

16 watching

Forks

17 forks
Report repository

Releases 14

Release of 6.9.0 Latest
May 16, 2024
+ 13 releases

Packages

No packages published

Contributors 11

Languages