Puppet Class: cis_security_hardening::rules::home_grpquota

Defined in:
manifests/rules/home_grpquota.pp

Summary

Ensure grpquota option set on /home partition

Overview

The grpquota mount option allows for the filesystem to have disk quotas configured. Rationale: To ensure the availability of disk space on /home, it is important to limit the impact a single user or group can cause for other users (or the wider system) by accidentally filling up the partition. Quotas can also be applied to inodes for filesystems where inode exhaustion is a concern.

Examples:

class { 'cis_security_hardening::rules::home_grpquota':
  enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce t5he rule.



19
20
21
22
23
24
25
26
27
28
 
# File 'manifests/rules/home_grpquota.pp', line 19

class cis_security_hardening::rules::home_grpquota (
  Boolean $enforce = false,
) {
  if ($enforce) and cis_security_hardening::hash_key($facts['mountpoints'], '/home') {
    cis_security_hardening::set_mount_options { '/home-grpquota':
      mountpoint   => '/home',
      mountoptions => 'grpquota',
    }
  }
}