Puppet Class: cis_security_hardening::rules::group_perms

Defined in:
manifests/rules/group_perms.pp

Summary

Ensure permissions on /etc/group are configured

Overview

The /etc/group file contains a list of all the valid groups defined in the system. The command below allows read/write access for root and read access for everyone else.

Rationale: The /etc/group file needs to be protected from unauthorized changes by non-privileged users, but needs to be readable as this information is used with many non-privileged programs.

Examples:

class { 'cis_security_hardening::rules::group_perms':
    enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule



20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'manifests/rules/group_perms.pp', line 20

class cis_security_hardening::rules::group_perms (
  Boolean $enforce = false,
) {
  if $enforce {
    file { '/etc/group':
      ensure => file,
      owner  => 'root',
      group  => 'root',
      mode   => '0644',
    }
  }
}