Puppet Class: aix_tidy::permissions

Defined in:
manifests/permissions.pp

Overview

Aix_tidy::Permissions

Lockdown common file permissions on AIX



4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
 
# File 'manifests/permissions.pp', line 4

class aix_tidy::permissions {

  chown_r { "/etc/security":
    want_user  => "root",
    want_group => "security",
    skip       => "/etc/security/audit",
  }

  chmod_r { "/etc/security":
    want_mode => "0644",
    skip      => "/etc/security/audit",
  }

  file { "/etc/group":
    ensure => file,
    owner  => "root",
    group  => "security",
    mode   => "0644",
  }

  file { "/etc/passwd":
    ensure => file,
    owner  => "root",
    group  => "security",
    mode   => "0644",
  }

  chown_r { "/etc/security/audit":
    want_user  => "root",
    want_group => "audit",
  }

  chmod_r { "/etc/security/audit":
    want_mode => "0644",
  }

  file { "/audit":
    ensure => directory,
    owner  => "root",
    group  => "audit",
  }

  chmod_r { "/audit":
    want_mode => "0640"
  }


  file { "/smit.log":
    ensure => file,
    owner  => "root",
    group  => "system",
    mode   => "0640",
  }

  chmod_r { "/var/adm/ras":
    want_mode => "0640",
  }

  file { "/var/ct/RMstart.log":
    ensure => file,
    owner  => "root",
    group  => "system",
    mode   => "0640",
  }

  file { "/var/tmp/dpid2.log":
    ensure => file,
    owner  => "root",
    group  => "system",
    mode   => "0640",
  }

  file { "/var/tmp/hostmibd.log":
    ensure => file,
    owner  => "root",
    group  => "system",
    mode   => "0640",
  }

  file { "/var/tmp/snmpd.log":
    ensure => file,
    owner  => "root",
    group  => "system",
    mode   => "0640",
  }

  file { "/var/adm/sa":
    ensure => directory,
    owner  => "adm",
    group  => "adm",
    mode   => "0755",
  }

  file { "/var/adm/cron":
    ensure => directory,
    owner  => "bin",
    group  => "cron",
    mode   => "0550",
  }

  file { "/etc/inetd.conf":
    ensure => file,
    owner  => "root",
    group  => "system",
    mode   => "0644",
  }

  file { "/tmp":
    ensure => directory,
    owner  => "bin",
    group  => "bin",
    mode   => "1777",
  }
}