diff options
| -rw-r--r-- | manifests/subsystem/grsec.pp | 11 | ||||
| -rw-r--r-- | manifests/utils/security/grsec.pp | 13 |
2 files changed, 24 insertions, 0 deletions
diff --git a/manifests/subsystem/grsec.pp b/manifests/subsystem/grsec.pp new file mode 100644 index 0000000..185454f --- /dev/null +++ b/manifests/subsystem/grsec.pp @@ -0,0 +1,11 @@ +class nodo::subsystem::grsec { + include nodo::utils::security::grsec + + nodo::subsystem::sysctl::entry { 'kernel.grsecurity.rwxmap_logging': + value => 0, + } + + nodo::subsystem::sysctl::entry { 'kernel.grsecurity.grsec_lock': + value => 1, + } +} diff --git a/manifests/utils/security/grsec.pp b/manifests/utils/security/grsec.pp new file mode 100644 index 0000000..c978088 --- /dev/null +++ b/manifests/utils/security/grsec.pp @@ -0,0 +1,13 @@ +class nodo::utils::security::grsec { + package { [ + # The package with the specific image version might not be used + # but right now apt is complaining of unmet dependencies when + # trying to install only the metapackage maybe because both are + # on jessie-backports. This might chance in the near future. + 'linux-image-4.7.0-1-grsec-amd64', + 'linux-image-grsec-amd64', + 'paxtest', + ]: + ensure => present, + } +} |