I am a puppet newbie, doing a test case with PE, working on some basic RHEL STIG compliance.
I wrote a small script that checks the values of `rpm -Va | grep '^.M'` and resolves them with `rpm --setugids` and `rpm --setperms`
The script works fine, except one of the items that comes up is `/etc/puppetlabs/mcollective/server.cfg` and in turn the set commands are run against puppet-agent (In the case of my testing VM this is specifically puppet-agent-1.10.5-1.el7.x86_64)
Puppet then changes this value back from it's default value of **0644**, to **0660**.
Why does it do this? If 0660 is more correct, shouldn't the rpm match this?
I am probably going down the rabbit hole with this one, but I thought it would be simple enough to change the file resources mode within the manifest. I found the resource call at `/opt/puppetlabs/server/data/enterprise/modules/puppet_enterprise/manifests/mcollective/server.pp`
Though despite changing the mode on `file { "${puppet_enterprise::params::mco_etc}/server.cfg` it had no effect when run on the node.
Is there some other place(s) that I need to alter the mode? Is doing so going to cause any adverse affects? Is there a better way?
Thanks in advanced.
↧