Puppet Class: cis_security_hardening::services

Defined in:
manifests/services.pp

Summary

Services

Overview

Several exec resources needed from multiple classes.

Examples:

include cis_security_hardening::services


8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
# File 'manifests/services.pp', line 8

class cis_security_hardening::services {
  $sshd_reload_command = if fact('os.release.major') <= '6' and fact('os.family') == 'redhat' {
    'service sshd reload'
  } else {
    'systemctl reload sshd'
  }

  exec { 'reload-sshd':
    command     => $sshd_reload_command,
    path        => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
    refreshonly => true,
  }

  exec { 'reload-rsyslog':
    command     => 'pkill -HUP rsyslog',
    path        => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
    refreshonly => true,
  }

  exec { 'reload-rsyslogd':
    command     => 'pkill -HUP rsyslogd',
    path        => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
    refreshonly => true,
  }

  exec { 'reload-syslog-ng':
    command     => 'pkill -HUP syslog-ng',
    path        => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
    refreshonly => true,
  }

  exec { 'authselect-apply-changes':
    command     => 'authselect apply-changes',
    path        => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
    refreshonly => true,
  }

  exec { 'systemd-daemon-reload':
    command     => 'systemctl daemon-reload',
    path        => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
    refreshonly => true,
  }

  exec { 'save iptables rules':
    command     => 'service iptables save',
    path        => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
    unless      => 'test -z "$(grep -e AlmaLinux -e Rocky /etc/redhat-release 2>/dev/null)"',
    refreshonly => true,
  }

  exec { 'authconfig-apply-changes':
    command     => 'authconfig --updateall',
    path        => ['/sbin','/usr/sbin'],
    refreshonly => true,
  }

  exec { 'grub2-mkconfig':
    command     => 'grub2-mkconfig -o /boot/grub2/grub.cfg',
    path        => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
    refreshonly => true,
  }

  exec { 'reload-sysctl-system':
    command     => 'sysctl --system',
    path        => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
    refreshonly => true,
  }
}