Puppet Class: ima::appraise::fixmode

Defined in:
manifests/appraise/fixmode.pp

Overview

set the ima appraise mode to fix

Parameters:

  • relabel_file (StdLib::AbsolutePath)
  • relabel (Boolean) 


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'manifests/appraise/fixmode.pp', line 3

class ima::appraise::fixmode(
  StdLib::AbsolutePath $relabel_file,
  Boolean              $relabel
){
  assert_private()

  kernel_parameter { 'ima_appraise':
    value    => 'fix',
    bootmode => 'normal',
    notify   => Reboot_notify['ima_appraise_fix_reboot']
  }

  if $relabel {
    file { $relabel_file:
      ensure  => 'file',
      owner   => 'root',
      mode    => '0600',
      content => 'relabel'
    }
  }
  else {
    file { $relabel_file:
      ensure => 'absent'
    }
  }

  reboot_notify { 'ima_appraise_fix_reboot':
    subscribe => [
      Kernel_parameter['ima_appraise'],
    ]
  }
}