$servicefiles = 'absent'
}
- # the virtual facter needs virt-what on jessie to work
- if versioncmp($::lsbmajdistrelease, '9') < 0 {
- package { 'virt-what': ensure => installed }
- } else {
- package { 'virt-what': ensure => purged }
- }
+ # the virtual facter needs virt-what on jessie to work; clean up.
+ package { 'virt-what': ensure => purged }
$samhain_recipients = hiera('samhain_recipients')
$root_mail_alias = hiera('root_mail_alias')
'nload',
'pciutils',
'lldpd',
+ 'ncurses-term',
]:
ensure => installed,
}
]:
}
- if getfromhash($site::nodeinfo, 'broken-rtc') {
- package { 'fake-hwclock':
- ensure => installed,
- tag => extra_repo,
- }
- }
-
package { 'molly-guard':
ensure => installed,
}
content => "Etc/UTC\n",
notify => Exec['dpkg-reconfigure tzdata -pcritical -fnoninteractive'],
}
- if versioncmp($::lsbmajdistrelease, '9') >= 0 { # jessie has a regular file there, for instance
- file { '/etc/localtime':
- ensure => 'link',
- target => '/usr/share/zoneinfo/Etc/UTC',
- notify => Exec['dpkg-reconfigure tzdata -pcritical -fnoninteractive'],
- }
- }
- if $::hostname == handel {
- include puppetmaster::db
- $dbpassword = $puppetmaster::db::password
+ file { '/etc/localtime':
+ ensure => 'link',
+ target => '/usr/share/zoneinfo/Etc/UTC',
+ notify => Exec['dpkg-reconfigure tzdata -pcritical -fnoninteractive'],
}
file { '/etc/puppet/puppet.conf':
content => template('debian_org/puppet.conf.erb'),
# set mmap_min_addr to 4096 to mitigate
# Linux NULL-pointer dereference exploits
- site::sysctl { 'mmap_min_addr':
+ base::sysctl { 'mmap_min_addr':
ensure => absent
}
- site::sysctl { 'perf_event_paranoid':
+ base::sysctl { 'perf_event_paranoid':
key => 'kernel.perf_event_paranoid',
value => '2',
}
- site::sysctl { 'puppet-vfs_cache_pressure':
+ base::sysctl { 'puppet-vfs_cache_pressure':
key => 'vm.vfs_cache_pressure',
value => '10',
}
- site::alternative { 'editor':
+ base::alternative { 'editor':
linkto => '/usr/bin/vim.basic',
}
- site::alternative { 'view':
+ base::alternative { 'view':
linkto => '/usr/bin/vim.basic',
}
mailalias { 'samhain-reports':
source => 'puppet:///modules/debian_org/root-dotfiles/vimrc',
}
- if versioncmp($::lsbmajdistrelease, '9') >= 0 { # older puppets do facts as strings.
+ if versioncmp($::lsbmajdistrelease, '9') == 0 { # older puppets do facts as strings.
if $::processorcount > 1 {
package { 'irqbalance': ensure => installed }
}
+ } else {
+ # 926967 drops the recommendation on irqbalance in Buster
+ package { 'irqbalance': ensure => purged }
}
# https://www.decadent.org.uk/ben/blog/bpf-security-issues-in-debian.html
- site::sysctl { 'unprivileged_bpf_disabled':
+ base::sysctl { 'unprivileged_bpf_disabled':
key => 'kernel.unprivileged_bpf_disabled',
value => '1',
}
projects / mirror / dsa-puppet.git / blobdiff