Puppet Class: toughen::boot

Defined in:
manifests/boot.pp

Overview

Class: toughen::boot

Parameters

  • ‘umask`

The custom umask option. Defaults to 027.

Parameters:

  • umask (Any) (defaults to: '027') 


9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
# File 'manifests/boot.pp', line 9

class toughen::boot (
  $umask = '027'
){

  validate_re($umask, '\d+')

  case $::osfamily {
    'redhat': {
      # Grub file permissions
      case $::operatingsystemmajrelease {
        '6': {
          file {'/etc/grub.conf':
            owner => root,
            group => root,
            mode  => '0600',
          }
        }
        '7': {
          file {'/boot/grub2/grub.cfg':
            owner => root,
            group => root,
            mode  => '0600',
          }
        }
        default: {
          fail("OS majversion ${::operatingsystemmajrelease} not supported.")
        }
      }

      # sysconfig settings
      augeas { 'sysconfig-prompt':
        context => '/files/etc/sysconfig/init',
        changes => 'set PROMPT no',
      }

      augeas { 'sysconfig-singleuser':
        context => '/files/etc/sysconfig/init',
        changes => 'set single /sbin/sulogin',
      }

      augeas { 'sysconfig-umask':
        context => '/files/etc/sysconfig/init',
        changes => "set UMASK ${umask}",
      }
    }
    default: {
      fail("OS Family ${::osfamily} not supported.")
    }
  }
}