diff options
Diffstat (limited to 'manifests/subsystem/grsec.pp')
| -rw-r--r-- | manifests/subsystem/grsec.pp | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/manifests/subsystem/grsec.pp b/manifests/subsystem/grsec.pp index 9cc8ba6..7b90002 100644 --- a/manifests/subsystem/grsec.pp +++ b/manifests/subsystem/grsec.pp @@ -11,6 +11,17 @@ class nodo::subsystem::grsec { value => 0, } + # We ship a custom grsec.conf that does not handle kernel.grsecurity.grsec_lock + # so we can manage or own sysctl configs. + # See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810920 + file { "/etc/sysctl.d/grsec.conf": + owner => "root", + group => "root", + mode => 0644, + ensure => $ensure, + source => "puppet:///modules/nodo/etc/sysctl.d/grsec.conf", + } + # Old configs file { [ '/etc/sysctl.d/kernel.grsecurity.rwxmap_logging.conf', '/etc/sysctl.d/kernel.grsecurity.grsec_lock.conf' ]: ensure => absent, |