Comments (11)
FYI - as @raphink said, it is still being maintained - a new release covering Puppet 6 testing should be out soon too
from puppet-os-hardening.
Are you using Puppet Enterprise? If so, do you have the pe_environment
parameter set to true
?
from puppet-os-hardening.
For now, I'm just using community puppet. I might encounter enterprise later on.
Travis testing is kitchen/free puppet based
from puppet-os-hardening.
Put the user which is declared in two places into the parameter ignore_users
, like this:
class { 'os_hardening':
ignore_users => ['www-data'],
}
from puppet-os-hardening.
Thanks @mcgege!
exactly that and to be fair, there is a similar option manage_user in https://forge.puppet.com/puppetlabs/apache
from puppet-os-hardening.
A better way to fix this would be to use https://forge.puppet.com/crayfishx/purge instead of managing users manually:
purge { 'user':
manage_property => 'shell',
state => $nologin_path,
if => ['uid', '<=', $maxid],
}
This allows to merge behavior with other modules managing their own users.
from puppet-os-hardening.
@raphink I agree ... but is this solution / module still maintained?
from puppet-os-hardening.
@mcgege as far as I know yes. I've contributed to it recently and @crayfishx was reactive on it.
from puppet-os-hardening.
Again: good idea ... I'll open a issue to implement this (either I find some time or someone else picks this up)
from puppet-os-hardening.
Just for documentation: The last ~2 years no reaction can be found on https://github.com/crayfishx/puppet-purge/
from puppet-os-hardening.
Put the user which is declared in two places into the parameter
ignore_users
, like this:class { 'os_hardening': ignore_users => ['www-data'], }
@mcgege But ignoring existing users is not hardening them, right? ;-) What the idea here: The existing users have to be hardened in the existing configuration code?
from puppet-os-hardening.
Related Issues (20)
- Default $arp_restricted=true breaks Calico overlay network HOT 7
- Fix Travis tests HOT 1
- Add support for Puppet 7 HOT 1
- Duplicate declaration HOT 1
- Dead links result in an error HOT 1
- tcp Timestamp comment is wrong, value can also be improved in some cases. HOT 1
- enable_log_martians to false are logged HOT 6
- New warning - max_files - exceeds the default soft limit 1000 HOT 1
- Backwards incompatible breaking change in PR279 HOT 4
- Changelog generator broken
- Add the ability to override /etc/shadow permissions
- existing users do not change there "chage" values if they are already existing
- ignore_max_files_warnings does not work HOT 1
- Remove accidental paste in pam_passwdqc.erb
- Dependency Dashboard
- enable_core_dump parameter is boolean, should allow at least 3 values
- sysctl changes are not permanent HOT 1
- modern version of stdlib HOT 2
- Puppet 8x compatibility HOT 6
- os_hardening 2.4.0: system_umask confusion: String or Integer?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-os-hardening.