Puppet Function: linux_secured::sysctl_value

Defined in:
lib/puppet/functions/linux_secured/sysctl_value.rb
Function type:
Ruby 4.x API

Summary

Return the script to validate if a specified sysctl value is set correct

Overview

linux_secured::sysctl_value(String[1] $parameter, String[1] $value)String[1]

See the file “LICENSE” for the full license governing this code.

Parameters:

  • parameter (String[1])
  • value (String[1])

Returns:

  • (String[1]) 


8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/puppet/functions/linux_secured/sysctl_value.rb', line 8

Puppet::Functions.create_function('linux_secured::sysctl_value') do
  dispatch :sysctl_value do
    param 'String[1]', :parameter
    param 'String[1]', :value
    return_type 'String[1]'
  end

  def sysctl_value(parameter, value)
    <<~EOD
    #!/usr/bin/env bash

    {
      krp="" pafile="" fafile=""
      kpname="#{parameter}" 
      kpvalue="#{value}"
      searchloc="/run/sysctl.d/*.conf /etc/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf"
      krp="$(sysctl "$kpname" | awk -F= '{print $2}' | xargs)"
      pafile="$(grep -Psl -- "^\\h*$kpname\\h*=\\h*$kpvalue\\b\\h*(#.*)?$" $searchloc)"
      fafile="$(grep -s -- "^\s*$kpname" $searchloc | grep -Pv -- "\\h*=\\h*$kpvalue\\b\\h*" | awk -F: '{print $1}')"
      if [ "$krp" = "$kpvalue" ] && [ -n "$pafile" ] && [ -z "$fafile" ]; then
          echo -e "\\nPASS:\\n\\"$kpname\\" is set to \\"$kpvalue\\" in the running configuration and in \\"$pafile\\""
      else
          echo -e "\\nFAIL: "
          [ "$krp" != "$kpvalue" ] && echo -e "\\"$kpname\\" is set to \\"$krp\\" in the running configuration\\n"
          [ -n "$fafile" ] && echo -e "\\n\\"$kpname\\" is set incorrectly in \\"$fafile\\""
          [ -z "$pafile" ] && echo -e "\\n\\"$kpname = $kpvalue\\" is not set in a kernel parameter configuration file\\n"
      fi
    }

    EOD
  end
end