Puppet Class: security_baseline::rules::redhat::sec_setroubleshoot

Defined in:
manifests/rules/redhat/sec_setroubleshoot.pp

Summary

Ensure SETroubleshoot is not installed (Scored)

Overview

The SETroubleshoot service notifies desktop users of SELinux denials through a user- friendly interface. The service provides important information around configuration errors, unauthorized intrusions, and other potential errors.

Rationale: The SETroubleshoot service is an unnecessary daemon to have running on a server, especially if X Windows is disabled.

Examples:

class security_baseline::rules::redhat::sec_setroubleshoot {
    enforce => true,
    message => 'Test',
    log_level => 'info'
}

Parameters:

  • enforce (Boolean) (defaults to: true)

    Enforce the rule or just test and log

  • message (String) (defaults to: '')

    Message to print into the log

  • log_level (String) (defaults to: '')

    The log_level for the above message



28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'manifests/rules/redhat/sec_setroubleshoot.pp', line 28

class security_baseline::rules::redhat::sec_setroubleshoot (
  Boolean $enforce = true,
  String $message = '',
  String $log_level = ''
) {
  if($enforce) {
    ensure_packages(['setroubleshoot'], {
      ensure => 'purged',
    })
  } else {
    if($facts['security_baseline']['packages_installed']['setroubleshoot']) {
      echo { 'setroubleshoot':
        message  => $message,
        loglevel => $log_level,
        withpath => false,
      }
    }
  }
}