Puppet Class: psick::hardening::generic

Defined in:
manifests/hardening/generic.pp

Overview

Generic class to remove unnecessary services and packages

Parameters:

  • packages_to_remove (Array) (defaults to: [])
  • services_to_remove (Array) (defaults to: [])
  • remove_default_packages (Boolean) (defaults to: false)
  • remove_default_services (Boolean) (defaults to: false) 


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'manifests/hardening/generic.pp', line 3

class psick::hardening::generic (
  Array $packages_to_remove        = [],
  Array $services_to_remove        = [],
  Boolean $remove_default_packages = false,
  Boolean $remove_default_services = false,
) {

  $packages_default = []
  $services_default = $::osfamily ? {
    'RedHat'  => $::operatingsystemmajrelease ? {
      '5'      => [ ],
      '6'      => [ ],
      '7'      => [ ],
      default => [ ],
    },
    'Debian' => $::operatingsystemmajrelease ? {
      '6'      => [ ],
      '7'      => [ ],
      '8'      => [ ],
      '12.04'  => [ ],
      '14.04'  => [ ],
      '16.04'  => [ ],
      default => [ ],
    },
    default  => [ ],
  }

  $packages = $remove_default_packages ? {
    true  => $packages_to_remove + $packages_default,
    false => $packages_to_remove,
  }
  $services = $remove_default_services ? {
    true  => $services_to_remove + $services_default,
    false => $services_to_remove,
  }

  if $packages != [] {
    package { $packages:
      ensure => absent,
    }
  }
  $services.each |$svc| {
    service { $svc:
      ensure => stopped,
      enable => false,
    }
  }

}