Puppet Class: cis_security_hardening::rules::apparmor

Defined in:
manifests/rules/apparmor.pp

Summary

Ensure AppArmor is installed

Overview

AppArmor provides Mandatory Access Controls.

Rationale: Without a Mandatory Access Control system installed only the default Discretionary Access Control system will be available.

Examples:

class { 'cis_security_hardening::rules::apparmor':
    enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'manifests/rules/apparmor.pp', line 19

class cis_security_hardening::rules::apparmor (
  Boolean $enforce = false,
) {
  if $enforce {
    case $facts['os']['family'].downcase() {
      'debian': {
        ensure_packages(['apparmor-utils', 'apparmor'], {
            ensure => present,
        })
      }
      'suse': {
        exec { 'install apparmor':
          command => 'zypper install -t pattern apparmor',
          path    => ['/usr/bin', '/bin'],
          unless  => 'rpm -q apparmor-docs apparmor-parser apparmor-profiles apparmor-utils libapparmor1',
        }
      }
      default: {
        # Nothing to do yet
      }
    }
  }
}