Adds order param at nodo::subsystem::grsec

author Silvio Rhatto <rhatto@riseup.net>

Thu, 9 Mar 2017 13:54:32 +0000 (10:54 -0300)

committer Silvio Rhatto <rhatto@riseup.net>

Thu, 9 Mar 2017 13:54:32 +0000 (10:54 -0300)
author Silvio Rhatto <rhatto@riseup.net>
Thu, 9 Mar 2017 13:54:32 +0000 (10:54 -0300)
committer Silvio Rhatto <rhatto@riseup.net>
Thu, 9 Mar 2017 13:54:32 +0000 (10:54 -0300)
diff --git a/manifests/subsystem/grsec.pp b/manifests/subsystem/grsec.pp

index 185454fdc71d8ba4349e2801b2265f5311213c89..9cc8ba6a981b834edd326c017d7237bef00e179a 100644 (file)
--- a/manifests/subsystem/grsec.pp
+++ b/manifests/subsystem/grsec.pp
@@ -1,11 +1,18 @@
  class nodo::subsystem::grsec {
    include nodo::utils::security::grsec
  
+  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.grsec_lock':
+    order => 'zz',
+    value => 1,
+  }
+
    nodo::subsystem::sysctl::entry { 'kernel.grsecurity.rwxmap_logging':
+    order => 'xx',
      value => 0,
    }
  
-  nodo::subsystem::sysctl::entry { 'kernel.grsecurity.grsec_lock':
-    value => 1,
+  # Old configs
+  file { [ '/etc/sysctl.d/kernel.grsecurity.rwxmap_logging.conf', '/etc/sysctl.d/kernel.grsecurity.grsec_lock.conf' ]:
+    ensure => absent,
    }
  }
author	Silvio Rhatto <rhatto@riseup.net>
	Thu, 9 Mar 2017 13:54:32 +0000 (10:54 -0300)
committer	Silvio Rhatto <rhatto@riseup.net>
	Thu, 9 Mar 2017 13:54:32 +0000 (10:54 -0300)