Puppet Class: cis_security_hardening::rules::logrotate_configuration

Defined in:
manifests/rules/logrotate_configuration.pp

Summary

Ensure logrotate assigns appropriate permissions

Overview

Log files contain logged information from many services on the system, or on log hosts others as well.

Rationale: It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected.

Examples:

class { 'cis_security_hardening::rules::logrotate_configuration':
    enforce => true,
    permission => '640'
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule

  • permission (String) (defaults to: '640')

    The file permission to use



23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'manifests/rules/logrotate_configuration.pp', line 23

class cis_security_hardening::rules::logrotate_configuration (
  Boolean $enforce    = false,
  String $permission  = '640',
) {
  if
  cis_security_hardening::hash_key($facts, 'cis_security_hardening') and
  cis_security_hardening::hash_key($facts['cis_security_hardening'], 'logrotate_conf') {
    $facts['cis_security_hardening']['logrotate_conf'].each |$file, $data| {
      $match   = "${data['action']} ${data['mode']} ${data['user']} ${data['group']}"
      $replace = "${data['action']} ${permission} ${data['user']} ${data['group']}"

      file_line { "change ${file}":
        ensure => present,
        path   => $file,
        line   => $replace,
        match  => $match,
      }
    }
  }
}