Puppet Class: cis_security_hardening::rules::home_usrquota

Defined in:
manifests/rules/home_usrquota.pp

Summary

Ensure usrquota option set on /home partition

Overview

The usrquota mount option allows for the filesystem to have disk quotas configured.

Rationale: To ensure the availability of disk space on /home, it is important to limit the impact a single user or group can cause for other users (or the wider system) by accidentally filling up the partition. Quotas can also be applied to inodes for filesystems where inode exhaustion is a concern.

Examples:

class { 'cis_security_hardening::rules::home_usrquota':
  enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule.



20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'manifests/rules/home_usrquota.pp', line 20

class cis_security_hardening::rules::home_usrquota (
  Boolean $enforce = false,
) {
  if ($enforce) and cis_security_hardening::hash_key($facts['mountpoints'], '/home') {
    cis_security_hardening::set_mount_options { '/home-usrquota':
      mountpoint   => '/home',
      mountoptions => 'usrquota',
    }
    cis_security_hardening::set_mount_options { '/home-usrquota-quota':
      mountpoint   => '/home',
      mountoptions => 'quota',
    }
  }
}