Merge 89dfe22 into 690b5c9

Author: brentclark

manifests/modules.pp

@@ -11,6 +11,7 @@
 class os_hardening::modules (
   Array $disable_filesystems =
     ['cramfs','freevxfs','jffs2','hfs','hfsplus','squashfs','udf'],
+  Array $disable_network_protocol = ['dccp','sctp','rds','tipc'],
 ) {
 
   # Disable unused filesystems (os-10)
@@ -22,5 +23,12 @@
     content => template('os_hardening/disable_fs.erb'),
   }
 
+  file { '/etc/modprobe.d/dev-sec-net-protocols.conf':
+    ensure  => file,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0440',
+    content => template('os_hardening/disable_net_protocols.erb'),
+  }
 }
 

templates/disable_net_protocols.erb

@@ -0,0 +1,7 @@
+# MANAGED BY PUPPET
+# Puppet os_hardening: 
+
+<% @disable_network_protocol.each do |protocol| -%>
+install <%= protocol %> /bin/true
+<% end -%>
+