Puppet Class: lsys::tools::system

Defined in:
manifests/tools/system.pp

Summary

Manage system/administration tools

Overview

Manage system/administration tools

Examples:

include lsys::tools::system

Parameters:

  • enable_hardening (Boolean) (defaults to: false)
  • sudo_ensure (Bsys::PackageVersion) (defaults to: false)
  • file_ensure (Bsys::PackageVersion) (defaults to: false)
  • which_ensure (Bsys::PackageVersion) (defaults to: false)
  • quota_ensure (Bsys::PackageVersion) (defaults to: false)
  • util_linux_ensure (Bsys::PackageVersion) (defaults to: true)
  • quota_owner (String) (defaults to: 'root')
  • quota_group (String) (defaults to: 'root') 


7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
# File 'manifests/tools/system.pp', line 7

class lsys::tools::system (
  Boolean $enable_hardening = false,
  Bsys::PackageVersion $sudo_ensure = false,
  Bsys::PackageVersion $file_ensure = false,
  Bsys::PackageVersion $which_ensure = false,
  Bsys::PackageVersion $quota_ensure = false,
  Bsys::PackageVersion $util_linux_ensure = true,
  String $quota_owner = 'root',
  String $quota_group = 'root',
) {
  # Allows restricted root access for specified users
  bsys::tools::package { 'sudo': ensure => $sudo_ensure }

  # A utility for determining file types
  bsys::tools::package { 'file': ensure => $file_ensure }

  # The which command shows the full pathname of a specified program
  bsys::tools::package { 'which': ensure => $which_ensure }

  # System administration tools for monitoring users' disk usage
  bsys::tools::package { 'quota': ensure => $quota_ensure }

  # The util-linux package contains a large variety of low-level system utilities
  bsys::tools::package { 'util-linux': ensure => $util_linux_ensure }

  if $enable_hardening {
    file {
      default: mode => 'o=';

      # which
      '/usr/bin/which': ;
    }

    file {
      default:
        mode  => 'o=',
        owner => $quota_owner,
        group => $quota_group,
        ;
      # quota
      '/usr/bin/quota': ;
      '/usr/bin/quotasync': ;
      '/usr/sbin/convertquota': ;
      '/usr/sbin/edquota': ;
      '/usr/sbin/quot': ;
      '/usr/sbin/quotacheck': ;
      '/usr/sbin/quotaoff': ;
      '/usr/sbin/quotaon': ;
      '/usr/sbin/quotastats': ;
      '/usr/sbin/repquota': ;
      '/usr/sbin/rpc.rquotad': ;
      '/usr/sbin/setquota': ;
      '/usr/sbin/xqmstats': ;

      # quota-warnquota
      '/usr/sbin/warnquota': ;
    }
  }
}