class sysctl {
  # root exploit fix, see http://wiki.debian.org/mmap_min_addr
  # TODO: remove in the future or use a sysctl puppet module
  file { "/etc/sysctl.d/mmap_min_addr.conf":
    owner   => "root",
    group   => "root",
    mode    => 0644,
    ensure  => present,
    content => "vm.mmap_min_addr = 4096\n",
  }

  exec { "/etc/init.d/procps restart":
    subscribe   => File["/etc/sysctl.d/mmap_min_addr.conf"],
    refreshonly => true,
  }
}