puppet-ssh-hardening icon indicating copy to clipboard operation
puppet-ssh-hardening copied to clipboard

Published 20 hours ago verified publisher icon dev-sec

Wrong detection of os version number on debian 8 (prerelease)

Open chris-rock opened this issue 9 years ago • 0 comments

The puppet facter releases a os version number https://docs.puppetlabs.com/facter/2.3/core_facts.html#operatingsystemrelease, that we use in https://github.com/hardening-io/puppet-ssh-hardening/blob/master/lib/puppet/parser/functions/use_privilege_separation.rb#L19

This does not work as intended in debian 8 prerelease due to the fact that

$ cat /etc/debian_version
jessie/sid

does not return a number like on debian 7:

$ cat /etc/debian_version
7.7

Therefore the server config will include UsePrivilegeSeparation yes instead of the intended UsePrivilegeSeparation sandbox

chris-rock avatar Apr 21 '15 09:04 chris-rock