newer kernel actually have defaults well above that

diff --git a/modules/debian-org/manifests/init.pp b/modules/debian-org/manifests/init.pp
index 0c423ec104d284c1e5aacd97a82ea30d75b7a707..d18c7bc9611d901c62beb1d60e9d376eee038b93 100644 (file)
--- a/modules/debian-org/manifests/init.pp
+++ b/modules/debian-org/manifests/init.pp
@@ -216,8 +216,7 @@ class debian-org {
        # set mmap_min_addr to 4096 to mitigate
        # Linux NULL-pointer dereference exploits
        site::sysctl { 'mmap_min_addr':
-               key   => 'vm.mmap_min_addr',
-               value => '4096',
+               ensure => absent
        }
        site::sysctl { 'perf_event_paranoid':
                key   => 'kernel.perf_event_paranoid',

diff --git a/modules/site/manifests/sysctl.pp b/modules/site/manifests/sysctl.pp
index 72b8e3d8ec148581b25f1675614515cf834b2366..e2d8f881602b2e59306213193255e231d718b871 100644 (file)
--- a/modules/site/manifests/sysctl.pp
+++ b/modules/site/manifests/sysctl.pp
@@ -1,7 +1,7 @@
-define site::sysctl ($key, $value, $target=Linux, $ensure = present) {
+define site::sysctl ($key='', $value='', $target=Linux, $ensure = present) {
        include site
        case $ensure {
-               present: {}
+               present: { if ($key == "" or $value == "") { fail ( "Need to provide key and value" )} }
                absent:  {}
                default: { fail ( "Unknown ensure value: '$ensure'" ) }
        }