Puppet Class: cis_security_hardening::rules::crond_service

Defined in:
manifests/rules/crond_service.pp

Summary

Ensure cron daemon is enabled and running

Overview

The cron daemon is used to execute batch jobs on the system.

Rationale: While there may not be user jobs that need to be run on the system, the system does have maintenance jobs that may include security monitoring that have to run. If another method for scheduling tasks is not being used, cron is used to execute them, and needs to be enabled and running.

Examples:

class { 'cis_security_hardening::rules::crond_service':
    enforce => true,
    uninstall_cron => false
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule

  • uninstall_cron (Boolean) (defaults to: false)

    uninstall cron from the system



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'manifests/rules/crond_service.pp', line 25

class cis_security_hardening::rules::crond_service (
  Boolean $enforce        = false,
  Boolean $uninstall_cron = false,
) {
  if $enforce {
    if $facts['os']['family'].downcase() == 'suse' {
      $ensure = 'absent'
    } else {
      $ensure = 'purged'
    }

    if $uninstall_cron {
      ensure_packages(['cronie'], {
          ensure => $ensure,
      })
    } else {
      $srv = $facts['os']['family'].downcase() ? {
        'debian' => 'cron',
        'suse'   => 'cron',
        default  => 'crond',
      }

      ensure_resource('service', $srv, {
          ensure => running,
          enable => true,
      })
    }
  }
}