Puppet Class: almalinux_hardening::optional::home_permissions

Defined in:
manifests/optional/home_permissions.pp

Summary

Ensure users' home directories permissions are 750 or more restrictive

Overview

Puppet Module to perform AlmaLinux 8 OS Hardening with CIS benchmark. Copyright © 2022 Jonas Hügli

Examples:

include almalinux_hardening::optional::home_permissions


24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'manifests/optional/home_permissions.pp', line 24

class almalinux_hardening::optional::home_permissions {
  if $almalinux_hardening::enable_optional_home_permissions {
    $definitive_home_users = difference($facts['home_users'],$almalinux_hardening::ignore_home_users)
    $definitive_home_users.each | $home | {
      file { $home:
        ensure       => directory,
        links        => follow,
        mode         => '0750',
        recurse      => true,
        recurselimit => 5,
      }
    }

    exec { 'home_permissions_ownership':
      path    => '/usr/bin:/bin:/usr/sbin',
      command => 'egrep -v \"^\\+\" /etc/passwd | awk -F: \'($6!="/" && $3>=1000) {system("chown -R "$3":"$4" "$6)}\'',
      onlyif  => 'egrep -v \"^\\+\" /etc/passwd | awk -F: \'($6!="/" && $3>=1000) {system("if [[ $(stat -L -c \"%U\" "$6") == "$1" ]]; then echo 0; else echo 1; fi")}\' | grep -P ^1$',
    }
  }
}