Forge Home


Lockdown CDE on AIX and Solaris


6,810 latest version

1.9 quality score

Version information

  • 0.1.1 (latest)
  • 0.1.0
released Feb 21st 2017

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'geoffwilliams-cde_lockdown', '0.1.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add geoffwilliams-cde_lockdown
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install geoffwilliams-cde_lockdown --version 0.1.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



geoffwilliams/cde_lockdown — version 0.1.1 Feb 21st 2017

Build Status


Table of Contents

  1. Description
  2. Usage - Configuration options and additional functionality
  3. Reference - An under-the-hood peek at what the module is doing and how
  4. Limitations - OS compatibility, etc.
  5. Development - Guide for contributing to the module


Lockdown the CDE on Aix and Solaris buy restricting permissions and altering banner messages


What cde_lockdown affects

  • Set inactivity timeouts for CDE by writing files to /etc/dt/config for each locale in the /usr/dt/config directory
  • Ensure files under /etc/dt have correct permissions
  • Alter the default banner messages to prevent information disclosure
  • Disable remote logins
  • Remove SUID/SGID from CDE binaries
  • Lock down /etc/dt/confg/Xservers if it exists


General permissions and banner messages

class { "cde_lockdown":
  banner_title   => "Authorised users only",
  banner_message => "Get off my lawn",

Prevent remote logins

include cde_lockdown::remote

Remove SUID

include cde_lockdown::suid

Explicit Xserver in Xconfig

include cde_lockdown::xservers

Suggested overall system usage

class { "cde_lockdown":
  banner_title   => "Authorised users only",
  banner_message => "Get off my lawn",
include cde_lockdown::suid
include cde_lockdown::remote
include cde_lockdown::xservers

This will lock-down CDE to the extent possible using this module. Users are free to pick and choose classes to suit their needs.



  • cde_lockdown - banners and general permissions
  • cde_lockdown::remote - disable remote access
  • cde_lockdown::suid - remove suid
  • cde_lockdown::xservers - explicit Xserver


  • cde_installed - Detects the presence of CDE by checking for the presence of the /usr/dt/config directory


  • Does not remove or disable CDE, only restrict it somewhat
  • AIX and Solaris only
  • Not supported by Puppet, Inc.


PRs accepted :)


This module supports testing using PDQTest.

Test can be executed with:

bundle install
bundle exec pdqtest all

See .travis.yml for a working CI example