Puppet Class: security_baseline::rules::common::sec_dns

Defined in:

manifests/rules/common/sec_dns.pp

Summary

Ensure DNS Server is not enabled (Scored)

Overview

The Domain Name System (DNS) is a hierarchical naming system that maps names to IP addresses for computers, services and other resources connected to a network.

Rationale: Unless a system is specifically designated to act as a DNS server, it is recommended that the service be disabled to reduce the potential attack surface.

Examples:

class security_baseline::rules::common::sec_dns {
    enforce => true,
    message => 'Test',
    log_level => 'info'
}

Parameters:

• enforce (Boolean) (defaults to: true) —

  Enforce the rule or just test and log

• message (String) (defaults to: '') —

  Message to print into the log

• log_level (String) (defaults to: '') —

  The log_level for the above message

# File 'manifests/rules/common/sec_dns.pp', line 28

class security_baseline::rules::common::sec_dns (
  Boolean $enforce = true,
  String $message = '',
  String $log_level = ''
) {
  if($enforce) {

    ensure_resource('service', ['named'], {
      ensure => 'stopped',
      enable => false
    })

  } else {

    if($facts['security_baseline']['services_enabled']['srv_named'] == 'enabled') {
      echo { 'dns':
        message  => $message,
        loglevel => $log_level,
        withpath => false,
      }
    }
  }
}