Table of Contents

• Description
  • This is a SIMP module
• Setup
• Usage
  • Configuring custom rules
• > to prevent users from modifying them!
  • Using puppet
  • Using hiera
  • Configuring custom profiles
  • Using puppet
  • Globally With hiera
• Reference
• Limitations
• Development

Description

dconf is a Puppet module that installs and manages dconf and associated system settings.

This is a SIMP module

This module is a component of the System Integrity Management Platform a compliance-management framework built on Puppet.

If you find any issues, they may be submitted to our bug tracker.

This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:

• When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.
• If used independently, all SIMP-managed security subsystems are disabled by default and must be explicitly opted into by administrators. See simp_options for more detail.

Setup

To use the module with, just include the class:

include 'dconf'

Usage

Configuring custom rules

You can configure custom dconf settings using the dconf::settings defined type.

---

Any settings that are configured using this code will automatically be locked

to prevent users from modifying them!

Using puppet

dconf::settings { 'automount_lockdowns':
  settings_hash => {
    'org/gnome/desktop/media-handling' => {
      'automount'      => { 'value' => false, 'lock' => false } # allow users to change this one
      'automount-open' => { 'value' => false }
    }
  }
}

Using hiera

---
dconf::user_settings:
  settings_hash:
    org/gnome/desktop/media-handling:
      automount:
        value: false
        lock: false # allow users to change this one
      automount-open:
        value: false

Configuring custom profiles

You can set up a custom dconf profile as follows:

Using puppet

dconf::profile { 'my_profile':
  entries => {
    'user' => {
      'type' => 'user',
      'order' => 1
    },
    'system' => {
      'type' => 'system',
      'order' => 10
    }
  }

Globally With hiera

---
dconf::user_profile:
  my_user:
    type: user
    order: 0
  my_system:
    type: system
    order: 10

Reference

See the API documentation or run puppet strings for full details.

Limitations

SIMP Puppet modules are generally intended for use on Red Hat Enterprise Linux and compatible distributions, such as CentOS.

Please see the metadata.json file for the most up-to-date list of supported operating systems, Puppet versions, and module dependencies.

Development

Please read our Contribution Guide