manifests/subsystem/grsec.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

class nodo::subsystem::grsec {
  include nodo::utils::security::grsec

  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.grsec_lock':
    order => 'zz',
    value => 1,
  }

  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.rwxmap_logging':
    order => 'xx',
    value => 0,
  }

  # Old configs
  file { [ '/etc/sysctl.d/kernel.grsecurity.rwxmap_logging.conf', '/etc/sysctl.d/kernel.grsecurity.grsec_lock.conf' ]:
    ensure => absent,
  }
}