umask_setting.pp makes pam changes even if authselect::enforce is set to false

landrypm commented 7 months ago

While I am using cis_security_hardening for most tasks I do still rely on other puppet modules for other tasks. On my system I use a separate module to manage authselect configuration. I have

cis_security_hardening::rules::authselect::enforce: false

in my params file but umask_setting.pp still attempts to make changes to pam.d files.

I solved the issue by enclosing the

$services.each |$srv| {

loop in umask_setting.pp within a if clause:

$authselect_enforce = fact('cis_security_hardening.authselect.enforce')
if $authselect_enforce {
       $services.each |$srv| {
       ...
       }
}

tom-krieger commented 7 months ago

I include this in version v0.9.2 but in a slightlt different way.

landrypm commented 7 months ago

Thanks

-- Patrick Landry

From: Thomas Krieger @.> Sent: Sunday, January 28, 2024 2:35:28 PM To: tom-krieger/cis_security_hardening @.> Cc: Patrick M Landry @.>; Author @.> Subject: Re: [tom-krieger/cis_security_hardening] umask_setting.pp makes pam changes even if authselect::enforce is set to false (Issue #76)

CAUTION: This email originated from outside of UL Lafayette. Do not click links or open attachments unless you recognize the sender and know the content is safe.

I include this in version v0.9.2 but in a slightlt different way.

— Reply to this email directly, view it on GitHubhttps://github.com/tom-krieger/cis_security_hardening/issues/76#issuecomment-1913714559, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AHRT4WAZXEQUY36YXO2TFX3YQ2ZBBAVCNFSM6AAAAABCLDEPTWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJTG4YTINJVHE. You are receiving this because you authored the thread.Message ID: @.***>

tom-krieger / cis_security_hardening

umask_setting.pp makes pam changes even if authselect::enforce is set to false #76