Run tasks and plans

You can run tasks and plans to obtain a wide variety of information about your system. In some cases, the information that you obtain can be used to help you manually configure controls.

The following tasks and plans are supported by the SCE for Linux module.

Task or plan	Additional information
Tasks listed in the Reference section on Puppet Forge	If you are a Puppet Enterprise (PE) user, you can run tasks from the console. See Running tasks in PE. If you are an open source Puppet user, you can run tasks by using Puppet Bolt. See Running tasks. For an example of running tasks to help you manually configure controls, see Configure rules that rely on site-specific information.
The linux_users_and_groups plan	You can run this plan to enforce user-specific and group-specific security settings on all applicable users and groups in a system. If you are a PE user, you can run plans from the console. See Running plans in PE. If you are an open source Puppet user, you can run plans by using Bolt. See Running plans.
The run_audit plan	You can run this plan to initiate a series of auditing tasks. For details, see Auditing and querying issues identified during scans.

SCE for Linux does not automatically enforce all controls in CIS Benchmarks because system environments differ, and automatic enforcement of some controls might lead to operational issues. For a full list of all controls in a CIS Benchmark, see the Center for Internet Security website.

Before you manually configure a control, review the control number to determine the section that the control belongs to. For example, if the control number is 6.2.1, the control belongs to section 6.2. Then, review the following table to verify whether that section uses tasks or plans.

Operating system	Control section
AlmaLinux 8	6.2
AlmaLinux 9	7.2
Oracle Linux 7	6.2
Oracle Linux 8	6.2
Oracle Linux 9	7.2
Red Hat Enterprise Linux (RHEL) 7	6.2
RHEL 8	6.2
RHEL 9	7.2
Rocky Linux 8	6.2
Rocky Linux 9	7.2
Ubuntu Linux 20.04	6.2
Ubuntu Linux 22.04	7.2