diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2017-03-09 10:54:32 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2017-03-09 10:54:32 -0300 |
| commit | 36c0149f58efb23e0cf3f50a6c649f0957366f5e (patch) | |
| tree | a8901111e228e46438b95a8dc3c6b61213b2d398 | |
| parent | 81979cc2c044aba04a9639b5c8a0911d39070e5f (diff) | |
| download | puppet-nodo-36c0149f58efb23e0cf3f50a6c649f0957366f5e.tar.gz puppet-nodo-36c0149f58efb23e0cf3f50a6c649f0957366f5e.tar.bz2 | |
Adds order param at nodo::subsystem::grsec
| -rw-r--r-- | manifests/subsystem/grsec.pp | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/manifests/subsystem/grsec.pp b/manifests/subsystem/grsec.pp index 185454f..9cc8ba6 100644 --- a/manifests/subsystem/grsec.pp +++ b/manifests/subsystem/grsec.pp @@ -1,11 +1,18 @@ class nodo::subsystem::grsec { include nodo::utils::security::grsec + nodo::subsystem::sysctl::entry { 'kernel.grsecurity.grsec_lock': + order => 'zz', + value => 1, + } + nodo::subsystem::sysctl::entry { 'kernel.grsecurity.rwxmap_logging': + order => 'xx', value => 0, } - nodo::subsystem::sysctl::entry { 'kernel.grsecurity.grsec_lock': - value => 1, + # Old configs + file { [ '/etc/sysctl.d/kernel.grsecurity.rwxmap_logging.conf', '/etc/sysctl.d/kernel.grsecurity.grsec_lock.conf' ]: + ensure => absent, } } |