Puppet Class: cis_security_hardening::rules::setroubleshoot

Defined in:

manifests/rules/setroubleshoot.pp

Summary

Ensure SETroubleshoot is not installed

Overview

The SETroubleshoot service notifies desktop users of SELinux denials through a user- friendly interface. The service provides important information around configuration errors, unauthorized intrusions, and other potential errors.

Rationale: The SETroubleshoot service is an unnecessary daemon to have running on a server, especially if X Windows is disabled.

Examples:

class { 'cis_security_hardening::rules::setroubleshoot':
    enforce => true,
}

Parameters:

• enforce (Boolean) (defaults to: false) —

  Enforce the rule

# File 'manifests/rules/setroubleshoot.pp', line 20

class cis_security_hardening::rules::setroubleshoot (
  Boolean $enforce = false,
) {
  if $enforce {
    $ensure = $facts['os']['family'].downcase() ? {
      'suse'  => 'absent',
      default => 'purged',
    }
    ensure_packages(['setroubleshoot'], {
        ensure => $ensure,
    })
  }
}