Giter VIP home page Giter VIP logo

Comments (11)

crayfishx avatar crayfishx commented on May 22, 2024 1

FYI - as @raphink said, it is still being maintained - a new release covering Puppet 6 testing should be out soon too

from puppet-os-hardening.

timstoop avatar timstoop commented on May 22, 2024

Are you using Puppet Enterprise? If so, do you have the pe_environment parameter set to true?

from puppet-os-hardening.

juju4 avatar juju4 commented on May 22, 2024

For now, I'm just using community puppet. I might encounter enterprise later on.
Travis testing is kitchen/free puppet based

from puppet-os-hardening.

mcgege avatar mcgege commented on May 22, 2024

Put the user which is declared in two places into the parameter ignore_users, like this:

class { 'os_hardening':
  ignore_users => ['www-data'],
}

from puppet-os-hardening.

juju4 avatar juju4 commented on May 22, 2024

Thanks @mcgege!
exactly that and to be fair, there is a similar option manage_user in https://forge.puppet.com/puppetlabs/apache

from puppet-os-hardening.

raphink avatar raphink commented on May 22, 2024

A better way to fix this would be to use https://forge.puppet.com/crayfishx/purge instead of managing users manually:

purge { 'user':
  manage_property => 'shell',
  state           => $nologin_path,
  if              => ['uid', '<=', $maxid],
}

This allows to merge behavior with other modules managing their own users.

from puppet-os-hardening.

mcgege avatar mcgege commented on May 22, 2024

@raphink I agree ... but is this solution / module still maintained?

from puppet-os-hardening.

raphink avatar raphink commented on May 22, 2024

@mcgege as far as I know yes. I've contributed to it recently and @crayfishx was reactive on it.

from puppet-os-hardening.

mcgege avatar mcgege commented on May 22, 2024

Again: good idea ... I'll open a issue to implement this (either I find some time or someone else picks this up)

from puppet-os-hardening.

mfuhrmann avatar mfuhrmann commented on May 22, 2024

Just for documentation: The last ~2 years no reaction can be found on https://github.com/crayfishx/puppet-purge/

from puppet-os-hardening.

mfuhrmann avatar mfuhrmann commented on May 22, 2024

Put the user which is declared in two places into the parameter ignore_users, like this:

class { 'os_hardening':
  ignore_users => ['www-data'],
}

@mcgege But ignoring existing users is not hardening them, right? ;-) What the idea here: The existing users have to be hardened in the existing configuration code?

from puppet-os-hardening.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.