crypto_policies
Version information
This version is compatible with:
- Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
- Puppet >= 4.10.0 < 7.0.0
- CentOS,RedHat
Start using this module
Documentation
crypto_policies
Table of Contents
- Description
- Setup - The basics of getting started with crypto_policies
- Usage - Configuration options and additional functionality
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Description
This module sets the system-wide crypto policy on the Red Hat OS family.
The module also provides a fact showing the current crypto policy and if the crypto-policies software is available and installed on the OS.
This affects the security level of BIND, GnuTLS, Kerberos, NSS, OpenJDK, OpenSSH, OpenSSL and more.
The crypto-policies
software available on the RedHat os family from
version 8 and on configures the policy for which cryptographic
algorithms are to be available and used across various applications
and libraries. See the crypto-policies(7) man page or the Red Hat
documentation on security
hardening
for more information.
Setup
Beginning with crypto_policies
This is a simple module. Include it to use the 'DEFAULT' crypto
policy, or use the policy
parameter to set a policy and optional
policy modules.
Usage
Basic usage. This will use the DEFAULT
policy, which is default for
this module..
include crypto_policies
Set a policy of DEFAULT
adding the NO-SHA1
module to disable the
sha1
hashing algorithm.
class { 'crypto_policies':
policy => 'DEFAULT:NO-SHA1',
}
Limitations
For now, this only works on the RedHat OS family version 8.
On any other OS, or if the crypto-policies software is uninstalled, this module will silently do nothing.
Development
Pull requests and bug reports are welcome.
Reference
Table of Contents
Classes
crypto_policies
: Manage system-wide crypto policies
Data types
Classes
crypto_policies
This class manages the system-wide crypto policies on the Red Hat operating system family. This will configure policies for which cryptographic algorithms to use in various parts of the operating system. See man:crypto-policies(7) for more information.
Examples
default
include crypto_policies
with a policy module
class { 'crypto_policies':
policy => 'DEFAULT:NO-SHA1',
}
Parameters
The following parameters are available in the crypto_policies
class.
policy
Data type: Crypto_policies::Policy
Default value: 'DEFAULT'
Data types
Crypto_policies::Policy
The Crypto_policies::Policy data type.
Alias of Pattern[/(?x: \A [A-Z0-9_-]+ # Policy name (:[A-Z0-9_-]+)* # Zero or more policy modules, colon separated \z )/]