Puppet Class: psick::hardening::network

Defined in:
manifests/hardening/network.pp

Overview

Generic class to manage network hardening.

Parameters:

  • modprobe_template (String) (defaults to: '')

    Path of the template (as used by template()) to manage ‘/etc/modprobe.d/hardening.conf (Only on RHEL)

  • netconfig_template (String) (defaults to: '')

    Path of the template (as used by template()) to manage ‘/etc/netconfig (Only on RHEL)

  • blacklist_template (String) (defaults to: '')

    Path of the template (as used by template()) to manage ‘/etc/modprobe.d/blacklist-nouveau.conf (Only on RHEL)

  • services_template (String) (defaults to: '')

    Path of the template (as used by template()) to manage ‘/etc/services (Only on RHEL)

  • remove_ftp_user

    Remove or leave the local ftp user

  • manage (Boolean) (defaults to: $psick::manage)
  • noop_manage (Boolean) (defaults to: $psick::noop_manage)
  • noop_value (Boolean) (defaults to: $psick::noop_value) 


13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'manifests/hardening/network.pp', line 13

class psick::hardening::network (
  String $modprobe_template  = '', # lint:ignore:params_empty_string_assignment
  String $netconfig_template = '', # lint:ignore:params_empty_string_assignment
  String $blacklist_template = '', # lint:ignore:params_empty_string_assignment
  String $services_template  = '', # lint:ignore:params_empty_string_assignment
  Boolean $manage            = $psick::manage,
  Boolean $noop_manage       = $psick::noop_manage,
  Boolean $noop_value        = $psick::noop_value,
) {
  if $manage {
    if $noop_manage {
      noop($noop_value)
    }

    if $facts['os']['family'] == 'RedHat' {
      if $modprobe_template != '' {
        file { '/etc/modprobe.d/hardening.conf':
          ensure  => file,
          content => template($modprobe_template),
        }
      }
      if $blacklist_template != '' {
        file { '/etc/modprobe.d/blacklist-nouveau.conf':
          ensure  => file,
          content => template($blacklist_template),
        }
      }
      if $netconfig_template != '' {
        file { '/etc/netconfig':
          ensure  => file,
          content => template($netconfig_template),
        }
      }
    }

    if $services_template != '' {
      file { '/etc/services':
        ensure  => file,
        content => template($services_template),
      }
    }
  }
}