Puppet Class: cis_security_hardening::rules::httpd

Defined in:
manifests/rules/httpd.pp

Summary

Ensure HTTP server is not enabled

Overview

HTTP or web servers provide the ability to host web site content.

Rationale: Unless there is a need to run the system as a web server, it is recommended that the service be disabled to reduce the potential attack surface.

Examples:

class { 'cis_security_hardening::rules::httpd':
    enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'manifests/rules/httpd.pp', line 19

class cis_security_hardening::rules::httpd (
  Boolean $enforce = false,
) {
  if $enforce {
    case $facts['operatingsystem'].downcase() {
      'ubuntu', 'debian': {
        ensure_packages(['apache2'], {
            ensure => purged,
        })
      }
      'sles': {
        ensure_packages(['httpd'], {
            ensure => absent,
        })
      }
      default: {
        ensure_resource('service', ['httpd'], {
            ensure => 'stopped',
            enable => false
        })
      }
    }
  }
}