In this chapter, we looked at the available change tracking methodologies in Puppet. We started by exploring the audit meta-parameter. We looked at how it can be used to manage file and package change tracking.

After this, we looked at some of the limitations of the audit subsystem. It serves a purpose, but has some issues and doesn't quite fit into the Puppet paradigm since it doesn't model state.

Finally, we looked at how we can replicate the workflow using other tools Puppet provides us. By creating our own baseline and using noop, we can duplicate the functionality audit provides, and even pull the system back to the baseline as desired.

In the next chapter, we'll explore how to use these change tracking tools and more to make the compliance ...