Puppet Class: toughen::filesystem

Defined in:
manifests/filesystem.pp

Overview

Class: toughen::filesystem

Parameters

  • ‘tmp_options`

The options to be provided to the /tmp mountpoint

  • ‘tmp_mode`

The numerical mode to be set on /tmp

  • ‘ramdisk_options`

The options to be provided to the /dev/shm mountpoint

Parameters:

  • tmp_options (Any) (defaults to: 'nodev,nosuid,noexec')
  • tmp_mode (Any) (defaults to: '1777')
  • ramdisk_options (Any) (defaults to: 'nodev,nosuid,noexec') 


15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'manifests/filesystem.pp', line 15

class toughen::filesystem (
  $tmp_options = 'nodev,nosuid,noexec',
  $tmp_mode = '1777',
  $ramdisk_options = 'nodev,nosuid,noexec'
){

  validate_re($tmp_options, '^[a-z,]+$')
  validate_re($tmp_mode, '\d+')
  validate_re($ramdisk_options, '^[a-z,]+$')

  file {'/etc/fstab':
    owner => root,
    group => root,
    mode  => '0600',
  }

  mount {'/tmp':
    options => $tmp_options,
  }

  mount {'/dev/shm':
    options => $ramdisk_options,
  }

  mount { ['/var', '/var/log', '/var/log/audit', '/home', '/opt']:
    options => 'nodev',
  }

  mount {'/var/tmp':
    ensure  => 'mounted',
    device  => '/tmp',
    fstype  => 'none',
    options => 'bind',
  }

  file {'/tmp':
    ensure => directory,
    owner  => root,
    group  => root,
    mode   => $tmp_mode,
  }

}