Puppet Class: cis_security_hardening::rules::hfs

Defined in:
manifests/rules/hfs.pp

Summary

Ensure mounting of hfs filesystems is disabled

Overview

The hfs filesystem type is a hierarchical filesystem that allows you to mount Mac OS filesystems.

Rationale: Removing support for unneeded filesystem types reduces the local attack surface of the system. If this filesystem type is not needed, disable it.

Examples:

class { 'cis_security_hardening::rules::hfs':
    enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule



20
21
22
23
24
25
26
27
28
 
# File 'manifests/rules/hfs.pp', line 20

class cis_security_hardening::rules::hfs (
  Boolean $enforce = false,
) {
  if $enforce {
    kmod::install { 'hfs':
      command => '/bin/true',
    }
  }
}