Puppet Class: toughen::process
- Defined in:
- manifests/process.pp
Overview
Class: toughen::process
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 |
# File 'manifests/process.pp', line 3
class toughen::process {
limits::fragment {
'*/hard/core':
value => 0;
}
if $::osfamily == 'redhat' {
if $::operatingsystemmajrelease == 6 {
sysctl { 'kernel.exec-shield': value => '1' }
}
}
sysctl { 'net.ipv4.icmp_ignore_bogus_error_responses':
value => '1'
}
sysctl { 'kernel.randomize_va_space':
value => '2'
}
sysctl { 'net.ipv4.conf.all.send_redirects':
value => '0'
}
sysctl { 'net.ipv4.conf.default.send_redirects':
value => '0'
}
sysctl { 'net.ipv4.conf.all.accept_source_route':
value => '0'
}
sysctl { 'net.ipv4.conf.all.accept_redirects':
value => '0'
}
sysctl { 'net.ipv4.conf.all.secure_redirects':
value => '0'
}
sysctl { 'net.ipv4.conf.all.log_martians':
value => '1'
}
sysctl { 'fs.suid_dumpable':
value => '0'
}
sysctl { 'net.ipv4.conf.default.accept_redirects':
value => '0'
}
sysctl { 'net.ipv4.conf.default.secure_redirects':
value => '0'
}
sysctl { 'net.ipv4.icmp_echo_ignore_broadcasts':
value => '1'
}
sysctl { 'net.ipv4.conf.all.rp_filter':
value => '1'
}
sysctl { 'net.ipv4.tcp_max_syn_backlog':
value => '4096'
}
}
|