Puppet Class: security_baseline::rules::sles::sec_crond

Defined in:
manifests/rules/sles/sec_crond.pp

Summary

Ensure cron daemon is enabled (Scored)

Overview

The cron daemon is used to execute batch jobs on the system.

Rationale: While there may not be user jobs that need to be run on the system, the system does have maintenance jobs that may include security monitoring that have to run, and cron is used to execute them.

Examples:

class security_baseline::rules::sles::sec_crond {
    enforce => true,
    message => 'Test',
    log_level => 'info'
}

Parameters:

  • enforce (Boolean) (defaults to: true)

    Enforce the rule or just test and log

  • message (String) (defaults to: '')

    Message to print into the log

  • log_level (String) (defaults to: '')

    The log_level for the above message



27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'manifests/rules/sles/sec_crond.pp', line 27

class security_baseline::rules::sles::sec_crond (
  Boolean $enforce  = true,
  String $message   = '',
  String $log_level = ''
) {
  if($enforce) {
    ensure_resource('service', ['cron'], {
      ensure => 'running',
      enable => true
    })

  } else {

    if($facts['security_baseline']['services_enabled']['srv_crond'] != 'enabled') {
      echo { 'crond':
        message  => $message,
        loglevel => $log_level,
        withpath => false,
      }
    }
  }
}