Puppet Class: lsys::hardening::root_access

Defined in:
manifests/hardening/root_access.pp

Summary

CONTROLLING ROOT ACCESS

Overview

CONTROLLING ROOT ACCESS access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-controlling_root_access

Examples:

include lsys::hardening::root_access

Parameters:

  • protecting_symbolic_links (Boolean) (defaults to: true)
  • manage_password (Boolean) (defaults to: false)
  • password_hash (Optional[String]) (defaults to: undef) 


13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'manifests/hardening/root_access.pp', line 13

class lsys::hardening::root_access (
  Boolean $protecting_symbolic_links = true,
  Boolean $manage_password = false,
  Optional[String] $password_hash = undef,
) {
  # 4.2.6. Protecting Hard and Symbolic Links
  if $protecting_symbolic_links {
    if  $facts['os']['name'] in ['RedHat', 'CentOS'] and
    $facts['os']['release']['major'] in ['7', '8'] {
      sysctl { 'fs.protected_symlinks':
        value => '0',
      }
    }
  }

  # openssl passwd -6
  if $manage_password and $password_hash {
    user { 'root':
      password => $password_hash,
    }
  }
}