Disable some network protocols that typically are not used.

Author: Brent Clark

manifests/modules.pp

@@ -11,6 +11,7 @@
 class os_hardening::modules (
   Array $disable_filesystems =
     ['cramfs','freevxfs','jffs2','hfs','hfsplus','squashfs','udf'],
+  Array $disable_network_protocol = ['dccp','sctp','rds','tipc'],
 ) {
 
   # Disable unused filesystems (os-10)
@@ -22,5 +23,12 @@
     content => template('os_hardening/disable_fs.erb'),
   }
 
+  file { '/etc/modprobe.d/dev-sec-net-protocols.conf':
+    ensure  => file,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0440',
+    content => template('os_hardening/disable_net_protocols.erb'),
+  }
 }