Merge pull request #22 from rbkmoney/proc-hidepid

mount /proc with hidepid=2 option
2024-11-06 18:35:18 +00:00 · 2019-07-15 16:55:52 +03:00 · 2019-07-15 16:55:52 +03:00 · 7d4db6fd72
commit 7d4db6fd72
parent 217b4cfc06 6a92d7c37e
1 changed files with 27 additions and 0 deletions
--- a/sls/gentoo/hardening.sls
+++ b/sls/gentoo/hardening.sls
@ -0,0 +1,27 @@
+proc_view:
+  group.present:
+    - gid: 391
+    - system: True
+  {%- if salt['cmd.retcode']('id polkitd') == 0 %}
+    - addusers:
+      - polkitd
+  {%- endif %}
+
+/proc:
+  mount.mounted:
+    - device: proc
+    - fstype: proc
+    - dump: 0 
+    - pass_num: 0
+    - persist: True
+    - mkmnt: True
+    - opts:
+      - defaults
+      - nosuid
+      - nodev
+      - noexec
+      - relatime
+      - hidepid=2
+      - gid=391
+    - require:
+      - group: proc_view