puppet-os-hardening
puppet-os-hardening copied to clipboard
dev-sec
This puppet module provides numerous security-related configurations, providing all-round base protection.
**Describe the bug** `Warning: The directory '/usr/bin' contains 1004 entries, which exceeds the default soft limit 1000 and may cause excessive resource consumption and degraded performance. To remove this warning...
**Is your feature request related to a problem? Please describe.** ``` [root@pldckapp00071-m ~]# puppet agent -t --environment ccs_265_ablaufende_systemuseder ... # Maximum number of days a password may be used. -PASS_MAX_DAYS...
Good day I would like to submit a PR to disable some network protocols that typically are not used. This will too satisfy Lynis. Regards Brent
The auto generated CHANGELOG is broken, older PRs and issues popup on the current version delta. We're using the [github-changelog-generator](https://github.com/github-changelog-generator/github-changelog-generator) for this, and as I cannot find a proper issue...
This disables a few sysctls that do not apply in LXC and docker environments, without affecting the rest.
Dear maintainer, **Is your feature request related to a problem? Please describe.** The sysctl option `net.ipv4.tcp_timestamps` comment is false, and parameter value can be improved. **Describe the solution you'd like**...
Do we need all those skip_* ?? Should work already: https://github.com/dev-sec/linux-baseline/pull/91
Some rules cannot be implemented in container setups (docker, lxc), e.g. kernel settings.
Use [purge](https://forge.puppet.com/crayfishx/purge) to prevent duplicate resource declarations (especially for user `www-data`) See #157
Currently the hardening is only implemented for debian and ubuntu (see `pam.pp`) - CentOS, RedHat - OpenSUSE, SLES See also #134