Puppet Class: psick::hardening

Defined in:
manifests/hardening.pp

Overview

This class manages the general hardening of a system. It just provides, as params, the names of the classes to include in order to manage specific hardening activities.

psick::hardening::pam_class: '::psick::hardening::pam'
psick::hardening::packages_class: '::psick::hardening::packages'
psick::hardening::services_class: '::psick::hardening::services'
psick::hardening::tcpwrappers_class: '::psick::hardening::tcpwrappers'
psick::hardening::suid_class: '::psick::hardening::suid_sgid'
psick::hardening::users_class: '::psick::hardening::users_sgid'
psick::hardening::securetty_class: '::psick::hardening::securetty'
psick::hardening::network_class: '::psick::hardening::network'

Examples:

Define all the available hardening classes. Set a class name to an

empty string to avoid to include it

Parameters:

  • manage (Boolean) (defaults to: true)

    If to actually manage any resource. Set to false to disable any effect of the hardening psick.

  • pam_class (String) (defaults to: '')

    Name of the class to include to manage PAM

  • packages_class (String) (defaults to: '')

    Name of the class where are defined packages to remove

  • services_class (String) (defaults to: '')

    Name of the class to include re defined services to stop

  • securetty_class (String) (defaults to: '')

    Name of the class where /etc/securetty is managed

  • tcpwrappers_class (String) (defaults to: '')

    Name of the class to include to manage TCP wrappers

  • suid_class (String) (defaults to: '')

    Name of the class to include to remove SUID but from execs

  • users_class (String) (defaults to: '')

    Name of the class to manage users

  • network_class (String) (defaults to: '')

    Name of the class where some network hardening is done



27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'manifests/hardening.pp', line 27

class psick::hardening (

  Boolean $manage         = true,

  String $pam_class         = '',
  String $packages_class    = '',
  String $services_class    = '',
  String $tcpwrappers_class = '',
  String $suid_class        = '',
  String $users_class       = '',
  String $securetty_class   = '',
  String $network_class     = '',

) {

  if $pam_class != '' and $manage {
    contain $pam_class
  }

  if $packages_class != '' and $manage {
    contain $packages_class
  }

  if $services_class != '' and $manage {
    contain $services_class
  }

  if $tcpwrappers_class != '' and $manage {
    contain $tcpwrappers_class
  }

  if $suid_class != '' and $manage {
    contain $suid_class
  }

  if $users_class != '' and $manage {
    contain $users_class
  }

  if $securetty_class != '' and $manage {
    contain $securetty_class
  }

  if $network_class != '' and $manage {
    contain $network_class
  }

}