Clean up the system after an upgrade to SCE v2.0.0

After you upgrade CEM for Linux to SCE for Linux v2.0.0 or later, clean up your system to remove extraneous artifacts and help prevent operational issues. This cleanup is necessary because system artifacts such as files, directories, and groups managed by CEM use a cem prefix, while system artifacts managed by SCE use an sce prefix. Due to the Puppet method for managing resources, these system artifacts are not renamed during the upgrade process but are created anew.

Starting with SCE v2.0.0, you can use a Puppet Bolt task (sce_linux::delete_files) to delete files. For more information, see the Results section in Upgrade the module.

To delete other system artifacts, you can use the puppetlabs/exec module, which provides tasks for running shell commands via Bolt. For more information, see exec on Puppet Forge.

The following list documents the system artifacts to delete, separated by headings into categories. Because of differences in CEM configurations and the way that benchmarks are enforced on different operating systems, some of the listed artifacts might not be present on your system.


  • /opt/puppetlabs/cem/ – Directory that should be recursively deleted


  • All legacy audit files in the /var/log/audit directory

    • RegExp for matching these files: ^[0-9]+-cem_.*$

  • /etc/cron.hourly/cem_aide

  • /etc/cron.daily/cem_aide

  • /etc/cron.weekly/cem_aide

  • /etc/cron.monthly/cem_aide

  • All legacy modprobe configuration files in the /etc/modprobe.d directory

    • RegExp for matching these files: ^cem_.*\.conf$

  • /etc/rsyslog.d/cem_cron.conf


  • cem_sugroup