Home

Awesome

License CII Best Practices Puppet Forge Puppet Forge Downloads Build Status

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they can be submitted to our JIRA.

Please read our Contribution Guide.

Table of Contents

<!-- vim-markdown-toc GFM --> <!-- vim-markdown-toc -->

Description

This module provides an interface to the installation and management of ClamAV.

See REFERENCE.md for API documentation.

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they can be submitted to our JIRA.

Please read our Contribution Guide

This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:

NOTE:

Using clamav

This module can be used to add or remove clamav from a system.

To manage ClamAV with this module:

include clamav

By default this module will install ClamAV and set up a cron to do a scan.

To remove ClamAV from the system set the following via Hiera:

---
clamav::enable: false

Enabling updates

Generally, your updates will be provided by an upstream package repository, such as EPEL. However, there are two optional methods for enabling DAT file updates.

freshclam

To enable the freshclam update system, set the following via Hiera:

---
clamav::enable_freshclam: true

NOTE: No additional configuration of freshclam is currently supported. To update the configuration file, you will need to create your own File resource.

rsync

You may choose to enable rsync downloads of the DAT files from a SIMP rsync server. The module defaults are already set to support this configuration.

Client side

Add the following to Hiera to enable rsync downloads:

---
clamav::enable_data_rsync: true
Server side

To add DAT files to the server, you should place them in /var/simp/environments/<environment>/rsync/Global/clamav and ensure that the permissions are set to 409:409.

Limitations

SIMP Puppet modules are generally intended for use on Red Hat Enterprise Linux and compatible distributions, such as CentOS. Please see the metadata.json file for the most up-to-date list of supported operating systems, Puppet versions, and module dependencies.

Development

Please see the SIMP Contribution Guidelines.

Acceptance tests

This module includes Beaker acceptance tests using the SIMP Beaker Helpers. By default the tests use Vagrant with VirtualBox as a back-end; Vagrant and VirtualBox must both be installed to run these tests without modification. To execute the tests run the following:

bundle install
bundle exec rake beaker:suites

Please refer to the SIMP Beaker Helpers documentation for more information.

Some environment variables may be useful:

BEAKER_debug=true
BEAKER_provision=no
BEAKER_destroy=no
BEAKER_use_fixtures_dir_for_modules=yes