Puppet Class: psick::hardening::services

Defined in:
manifests/hardening/services.pp

Overview

Generic class to remove unnecessary services

Examples:

Disable rpcbind service

psick::hardening::services::services_to_remove:
  - rpcbind

Parameters:

  • services_to_remove (Array)

    List of services to disable

  • services_default (Array)

    Default list, OS dependent, of services to disable

  • remove_default_services (Boolean) (defaults to: true)

    If to remove the services_default



11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'manifests/hardening/services.pp', line 11

class psick::hardening::services (
  Array $services_to_remove,
  Array $services_default,
  Boolean $remove_default_services = true,
) {

  $services = $remove_default_services ? {
    true  => $services_to_remove + $services_default,
    false => $services_to_remove,
  }

  $services.each |$pkg| {
    service { $pkg:
      ensure => stopped,
      enable => false,
    }
  }

}