Puppet Class: meltdown::windows
- Defined in:
- manifests/windows.pp
Overview
Class: meltdown::windows Ensures registry settings and OS patches are in place to mitigate against Spectre & Meltdown vulnerabilities
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
# File 'manifests/windows.pp', line 4
class meltdown::windows {
# resources
# These registry values are benign, won't do anything on systems that are not yet patched. So always install them.
registry_value { 'SpeculativeExecutionProtection_FeatureSettingsOverride':
ensure => present,
path => 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\FeatureSettingsOverride',
type => dword,
data => 72,
}
registry_value { 'SpeculativeExecutionProtection_FeatureSettingsOverrideMask':
ensure => present,
path => 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\FeatureSettingsOverrideMask',
type => dword,
data => 3,
}
registry_key { 'SpeculativeExecutionProtection_HyperV_Parent':
ensure => present,
path => 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization',
}
registry_value { 'SpeculativeExecutionProtection_HyperV':
ensure => present,
path => 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\MinVmVersionForCpuBasedMitigations',
type => string,
data => '1.0',
require => Registry_key['SpeculativeExecutionProtection_HyperV_Parent']
}
}
|