Puppet Class: cis_security_hardening::rules::mcstrans

Defined in:
manifests/rules/mcstrans.pp

Summary

Ensure the MCS Translation Service (mcstrans) is not installed

Overview

The mcstransd daemon provides category label information to client processes requesting information. The label translations are defined in /etc/selinux/targeted/setrans.conf

Rationale: Since this service is not used very often, remove it to reduce the amount of potentially vulnerable code running on the system.

Examples:

class cis_security_hardening::rules::mcstrans {
    enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule



20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'manifests/rules/mcstrans.pp', line 20

class cis_security_hardening::rules::mcstrans (
  Boolean $enforce = false,
) {
  if $enforce {
    $ensure = $facts['os']['family'].downcase() ? {
      'suse'  => 'absent',
      default => 'purged',
    }
    ensure_packages(['mcstrans'], {
        ensure => $ensure,
    })
  }
}