Puppet Class: cis_security_hardening::rules::issue_perms

Defined in:
manifests/rules/issue_perms.pp

Summary

Ensure permissions on /etc/issue are configured

Overview

The contents of the /etc/issue file are displayed to users prior to login for local terminals.

Rationale: If the /etc/issue file does not have the correct ownership it could be modified by unauthorized users with incorrect or misleading information.

Examples:

class { 'cis_security_hardening::rules::issue_perms':
    enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule

  • content (Optional[String]) (defaults to: undef)

    The content to write into the file

  • file (Optional[String]) (defaults to: undef)

    The file to be used as content. Give a Puppet file resource.



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'manifests/rules/issue_perms.pp', line 25

class cis_security_hardening::rules::issue_perms (
  Boolean $enforce           = false,
  Optional[String] $content  = undef,
  Optional[String] $file     = undef,
) {
  if $enforce {
    $issue_link = fact('cis_security_hardening.etc_issue_link')

    if $file == undef {
      $data = $content ? {
        undef => {
          ensure  => present,
          owner   => 'root',
          group   => 'root',
          mode    => '0644',
        },
        default => {
          ensure  => present,
          content => $content,
          owner   => 'root',
          group   => 'root',
          mode    => '0644',
        },
      }
    } else {
      $data = {
        ensure  => present,
        source  => $file,
        owner   => 'root',
        group   => 'root',
        mode    => '0644',
      }
    }

    unless  $facts['os']['name'] == 'SLES' and $facts['os']['release']['major'] == '12' and $issue_link {
      ensure_resource('file', '/etc/issue', $data)
    }
  }
}