Puppet Class: cis_security_hardening::rules::samba

Defined in:
manifests/rules/samba.pp

Summary

Ensure Samba is not installed

Overview

The Samba daemon allows system administrators to configure their Linux systems to share file systems and directories with Windows desktops. Samba will advertise the file systems and directories via the Small Message Block (SMB) protocol. Windows desktop users will be able to mount these directories and file systems as letter drives on their systems.

Rationale: If there is no need to mount directories and file systems to Windows systems, then this service can be disabled to reduce the potential attack surface.

Examples:

class cis_security_hardening::rules::samba {
    enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'manifests/rules/samba.pp', line 22

class cis_security_hardening::rules::samba (
  Boolean $enforce = false,
) {
  if $enforce {
    if  $facts['os']['name'].downcase() == 'ubuntu' or
    $facts['os']['name'].downcase() == 'sles' {
      $ensure = $facts['os']['family'].downcase() ? {
        'suse'  => 'absent',
        default => 'purged',
      }

      ensure_packages(['samba'], {
          ensure => $ensure,
      })
    } else {
      ensure_resource('service', ['smb'], {
          ensure => 'stopped',
          enable => false
      })
    }
  }
}