Puppet Class: psick::hardening::securetty

Defined in:
manifests/hardening/securetty.pp

Overview

Class: os_hardening::securetty

Configures securetty.

Parameters:

  • root_ttys (Array) (defaults to: ['console','tty1','tty2','tty3','tty4','tty5','tty6'])

    An array of ttys from which is allowed root access

  • securetty_template (String) (defaults to: 'psick/hardening/securetty/securetty.erb')

    The erb template path, as used in template(), to use to manage the content of /etc/securetty

  • manage (Boolean) (defaults to: $psick::manage)
  • noop_manage (Boolean) (defaults to: $psick::noop_manage)
  • noop_value (Boolean) (defaults to: $psick::noop_value) 


9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'manifests/hardening/securetty.pp', line 9

class psick::hardening::securetty (
  Array $root_ttys           = ['console','tty1','tty2','tty3','tty4','tty5','tty6'],
  String $securetty_template = 'psick/hardening/securetty/securetty.erb',
  Boolean $manage            = $psick::manage,
  Boolean $noop_manage       = $psick::noop_manage,
  Boolean $noop_value        = $psick::noop_value,
) {
  if $manage {
    if $noop_manage {
      noop($noop_value)
    }
    $ttys = join( $root_ttys, "\n")
    file { '/etc/securetty':
      ensure  => file,
      content => template( $securetty_template ),
      owner   => root,
      group   => root,
      mode    => '0400',
    }
  }
}