diff options
Diffstat (limited to 'manifests/subsystem')
| -rw-r--r-- | manifests/subsystem/grsec/paxctl.pp | 11 | ||||
| -rw-r--r-- | manifests/subsystem/security.pp | 11 |
2 files changed, 22 insertions, 0 deletions
diff --git a/manifests/subsystem/grsec/paxctl.pp b/manifests/subsystem/grsec/paxctl.pp new file mode 100644 index 0000000..2b3a843 --- /dev/null +++ b/manifests/subsystem/grsec/paxctl.pp @@ -0,0 +1,11 @@ +define nodo::subsystem::grsec::paxctl( + $file, + $flags, +) +{ + exec { "paxctl-${name}": + command => "/sbin/paxctl -${flags} ${file}", + user => "root", + require => Package['paxtest'], + } +} diff --git a/manifests/subsystem/security.pp b/manifests/subsystem/security.pp new file mode 100644 index 0000000..faf00bb --- /dev/null +++ b/manifests/subsystem/security.pp @@ -0,0 +1,11 @@ +# Basic security measures +class nodo::subsystem::security { + # Ensure a modest permission for this place + # Frameworks like grsecurity might complain otherwise + file { '/usr/local/bin': + ensure => directory, + owner => "root", + group => "root", + mode => "0755", + } +} |