Puppet Class: psick::hardening::services

Defined in:
manifests/hardening/services.pp

Overview

Generic class to remove unnecessary services

Examples:

Disable rpcbind service

psick::hardening::services::services_to_remove:
  - rpcbind

Parameters:

  • services_to_remove (Array)

    List of services to disable

  • services_default (Array)

    Default list, OS dependent, of services to disable

  • remove_default_services (Boolean) (defaults to: true)

    If to remove the services_default

  • manage (Boolean) (defaults to: $psick::manage)
  • noop_manage (Boolean) (defaults to: $psick::noop_manage)
  • noop_value (Boolean) (defaults to: $psick::noop_value) 


11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'manifests/hardening/services.pp', line 11

class psick::hardening::services (
  Array $services_to_remove,
  Array $services_default,
  Boolean $remove_default_services = true,
  Boolean $manage                  = $psick::manage,
  Boolean $noop_manage             = $psick::noop_manage,
  Boolean $noop_value              = $psick::noop_value,
) {
  if $manage {
    if $noop_manage {
      noop($noop_value)
    }

    $services = $remove_default_services ? {
      true  => $services_to_remove + $services_default,
      false => $services_to_remove,
    }

    $services.each |$pkg| {
      service { $pkg:
        ensure => stopped,
        enable => false,
      }
    }
  }
}