Puppet Class: cis_security_hardening::rules::bind

Defined in:
manifests/rules/bind.pp

Summary

Ensure DNS Server is not installed

Overview

The Domain Name System (DNS) is a hierarchical naming system that maps names to IP addresses for computers, services and other resources connected to a network.

Rationale: Unless a system is specifically designated to act as a DNS server, it is recommended that the package be removed to reduce the potential attack surface.

Examples:

class { 'cis_security_hardening::rules::bind':
    enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'manifests/rules/bind.pp', line 20

class cis_security_hardening::rules::bind (
  Boolean $enforce = false,
) {
  if $enforce {
    case $facts['os']['family'].downcase() {
      'suse': {
        $pkgs = ['bind']
        $ensure = 'absent'
      }
      default: {
        if $facts['os']['name'].downcase() == 'ubuntu' {
          $pkgs = ['bind9']
        } else {
          $pkgs = ['bind']
        }
        $ensure = 'purged'
      }
    }

    ensure_packages($pkgs, {
        ensure => $ensure,
    })
  }
}