yum.conf supplied by this module overwrites other changes users have made

[ghost]

The class for making sure that gpgcheck=1 in yum.conf has a hard-coded file that is used as the source. Any other changes that have been made to that configuration file will be overwritten. Instead of using a source file, it would be better to use augeas to just update that one configuration parameter that is required. The class in question is cis::linuxcontrols::c0003

Also, the current implementation sets the ownership and permissions of yum.conf. While that's a good idea, that isn't in the CIS benchmarks and probably shouldn't be included in the Puppet CIS module.

I'll submit a pull request that uses Augeas to update this setting.

[nibalizer]

Hi @ghost. I see you've deleted your account. Hrm. I agree that things not in the cis benchmark are best left out of the cis benchmark. I have very little experience with augeas. I worry that an augeas rule like that would conflict with and yum repos enabled with the yumrepo type. I would hate to see puppet fighting with itself.

Does anyone else have any input on this?

[arildjensen]

I've toyed with the idea of making a grub module for handling this (and all grub settings). Last I checked no one had done so at PuppetForge.