packages-allowlist

Reports on and optionally removes software installed by the platforms default package module (e.g. yum, apt_get) that is not in an explicit allow list.

Maintainer

Nick Anderson

Module stats

Total Downloads: 18
Updated: Apr 4, 2023

Installation version

Version
Released on Apr 4, 2023

Tags

Installation

                    
cfbs add packages-allowlist
Description
Dependencies
Comments

This module reports on and optionally removes software installed by the platforms default package module (e.g. yum, apt_get) that is not in an explicit allow list.

Notes:

  • This module never installs software.
  • Warnings are emitted from policy if there are packages that are installed that are not in the allowed package list.

    warning: Should remove package 'dbus', but only warning promised
    

Inventory

Packages installed not in allow list

https://raw.github.com/nickanderson/cfengine-packages-allowlist/master/packages-allowlist-inventory.png

Configuration

Variables

packages_allowlist:state.enforcement

String variable that enables enforcement when it's value is enabled. Default: disabled

Notes:

  • cfbs prompts for this input.
  {
    "variables": {
      "packages_allowlist:state.enforcement": {
        "value": "enabled"
      }
    }
  }
Example configuration enabling via Augments

packages_allowlist:state.allowed

List of packages that are allowed to be installed.

Notes:

  • cfbs prompts for this input.
  • If enforcement is enabled and this list is not defined or not greater than 0 no action is taken. Messages to this effect are emitted when run with inform mode.
  {
    "variables": {
      "packages_allowlist:state.allowed": {
        "value": [
          "emacs",
          "cfengine-nova",
          "cfengine3"
        ]
      }
    }
  }
Example configuration enabling via Augments

Dependencies

This module has no dependencies

comments powered by Disqus