Puppet Class: almalinux_hardening::optional::log_permissions

Defined in:
manifests/optional/log_permissions.pp

Summary

Ensure permissions on all logfiles are configured

Overview

Puppet Module to perform AlmaLinux 8 OS Hardening with CIS benchmark. Copyright © 2022 Jonas Hügli

Examples:

include almalinux_hardening::optional::log_permissions


17
18
19
20
21
22
23
24
25
 
# File 'manifests/optional/log_permissions.pp', line 17

class almalinux_hardening::optional::log_permissions {
  if $almalinux_hardening::enable_optional_log_permissions {
    exec { 'log_permissions':
      path    => '/usr/bin:/bin:/usr/sbin',
      command => 'find /var/log -type f -exec chmod g-wx,o-rwx "{}" + -o -type d -exec chmod g- w,o-rwx "{}" +',
      unless  => 'find /var/log -type f -perm /037 -ls -o -type d -perm /026 | wc -l | grep -q -E "^0$"',
    }
  }
}