Puppet Class: secure_windows::stig::v73303

Defined in:
manifests/stig/v73303.pp

Overview

This class manages V-73303 FTP servers must be configured to prevent anonymous logons.

Parameters:

  • enforced (Boolean) (defaults to: false)
  • ftp_sites (Array[String]) (defaults to: []) 


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'manifests/stig/v73303.pp', line 3

class secure_windows::stig::v73303 (
  Boolean $enforced = false,
  Array[String] $ftp_sites = [],
) {

  if $enforced {
    # The fact windows_role returns a comma separated list of role IDs
    # The role ID for FTP Server is 184. We are checking if 184 is in the list
    #   so that these resources only apply to FTP Servers
    if ($facts['windows_role'] and
        $facts['windows_role'] =~ /(^184|,184,|,184$)/) {
      $ftp_sites.each |String $site| {
        # NOTE: - This command does not have a corresponding 'get' command. I would have to parse an XML file.
        #         For now, I will leave it to run this command every time since it is idempotent.
        #       - Really should make this idempotent so it doesn't show an intentional change every 30 min
        #       - This gets applied to each site in the list supplied
        exec { "Set FTP anynymousAuthentication to Disabled on ${site}":
          command => "${facts['system32']}\\inetsrv\\AppCmd.exe set config -section:system.applicationHost/sites /[name='${site}'].ftpServer.security.authentication.anonymousAuthentication.enabled:\"False\" /commit:apphost", # lint:ignore:140chars
        }
      }
    }
  }

}