Puppet Class: security_baseline::rules::common::sec_smb

Defined in:
manifests/rules/common/sec_smb.pp

Summary

Ensure DHCP Server is not enabled (Scored)

Overview

The Samba daemon allows system administrators to configure their Linux systems to share file systems and directories with Windows desktops. Samba will advertise the file systems and directories via the Small Message Block (SMB) protocol. Windows desktop users will be able to mount these directories and file systems as letter drives on their systems.

Rationale: If there is no need to mount directories and file systems to Windows systems, then this service can be disabled to reduce the potential attack surface.

Examples:

class security_baseline::rules::common::sec_smb {
    enforce => true,
    message => 'Test',
    log_level => 'info'
}

Parameters:

  • enforce (Boolean) (defaults to: true)

    Enforce the rule or just test and log

  • message (String) (defaults to: '')

    Message to print into the log

  • log_level (String) (defaults to: '')

    The log_level for the above message



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'manifests/rules/common/sec_smb.pp', line 30

class security_baseline::rules::common::sec_smb (
  Boolean $enforce = true,
  String $message = '',
  String $log_level = ''
) {
  if($enforce) {

    ensure_resource('service', ['smb'], {
      ensure => 'stopped',
      enable => false
    })

  } else {

    if($facts['security_baseline']['services_enabled']['srv_smb'] == 'enabled') {
      echo { 'smb':
        message  => $message,
        loglevel => $log_level,
        withpath => false,
      }
    }
  }
}