{"id":15013985,"url":"https://github.com/simp/pupmod-simp-svckill","last_synced_at":"2026-05-22T20:01:31.325Z","repository":{"id":32298732,"uuid":"35873693","full_name":"simp/pupmod-simp-svckill","owner":"simp","description":"The SIMP svckill Puppet Module","archived":false,"fork":false,"pushed_at":"2023-10-25T19:28:22.000Z","size":275,"stargazers_count":2,"open_issues_count":0,"forks_count":14,"subscribers_count":16,"default_branch":"master","last_synced_at":"2024-03-15T00:51:30.303Z","etag":null,"topics":["puppet","simp"],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/simp.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-05-19T09:49:42.000Z","updated_at":"2024-06-19T03:16:06.484Z","dependencies_parsed_at":"2022-09-14T21:41:26.265Z","dependency_job_id":"92b2d5c0-2772-4f52-a22b-9a12e1e895fc","html_url":"https://github.com/simp/pupmod-simp-svckill","commit_stats":{"total_commits":81,"total_committers":15,"mean_commits":5.4,"dds":0.617283950617284,"last_synced_commit":"b5114ce9e922e184491354e4a7645092e91ffa7c"},"previous_names":[],"tags_count":21,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simp%2Fpupmod-simp-svckill","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simp%2Fpupmod-simp-svckill/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simp%2Fpupmod-simp-svckill/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simp%2Fpupmod-simp-svckill/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/simp","download_url":"https://codeload.github.com/simp/pupmod-simp-svckill/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248525156,"owners_count":21118616,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["puppet","simp"],"created_at":"2024-09-24T19:45:02.086Z","updated_at":"2026-05-22T20:01:31.234Z","avatar_url":"https://github.com/simp.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![License](https://img.shields.io/:license-apache-blue.svg)](http://www.apache.org/licenses/LICENSE-2.0.html)\n[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/73/badge)](https://bestpractices.coreinfrastructure.org/projects/73)\n[![Puppet Forge](https://img.shields.io/puppetforge/v/simp/svckill.svg)](https://forge.puppetlabs.com/simp/svckill)\n[![Puppet Forge Downloads](https://img.shields.io/puppetforge/dt/simp/svckill.svg)](https://forge.puppetlabs.com/simp/svckill)\n[![Build Status](https://travis-ci.org/simp/pupmod-simp-svckill.svg)](https://travis-ci.org/simp/pupmod-simp-svckill)\n\n#### Table of Contents\n\n1. [Overview](#this-is-a-simp-module)\n2. [Module Description - A Puppet module for managing svckill](#module-description)\n3. [Setup - The basics of getting started with pupmod-simp-svckill](#setup)\n    * [What pupmod-simp-svckill affects](#what-simp-svckill-affects)\n    * [Beginning with svckill](#beginning-with-svckill)\n4. [Usage - Configuration options and additional functionality](#usage)\n5. [Reference - An under-the-hood peek at what the module is doing and how](#reference)\n6. [Limitations - OS compatibility, etc.](#limitations)\n7. [Development - Guide for contributing to the module](#development)\n\n## This is a SIMP module\n\nThis module is a component of the [System Integrity Management Platform](https://simp-project.com),\na compliance-management framework built on Puppet.\n\nIf you find any issues, they can be submitted to our\n[JIRA](https://simp-project.atlassian.net/).\n\nPlease read our [Contribution Guide](https://simp.readthedocs.io/en/stable/contributors_guide/index.html).\n\nThis module is optimally designed for use within a larger SIMP ecosystem, but it\ncan be used independently:\n* When included within the SIMP ecosystem, security compliance settings will be\nmanaged from the Puppet server.\n* In the future, all SIMP-managed security subsystems will be disabled by\ndefault and must be explicitly opted into by administrators.  Please review\n*simp/simp_options* for details.\n\n## Module Description\n\nSvckill is a system that attempts to run with the security best practice that\n\"No unnecessary services should be running on the system.\"\n\nThe way svckill works is to fetch all services on the running system and then\nshutdown and disable any that are not declared in a Puppet manifest (or ignore\nlist/file) somewhere.\n\n## Setup\n\n### What simp svckill affects\n\n*simp/svckill* effects ALL services on a given node. If this class is included\non a node, all services not declared in a puppet service resource or a svckill\nignore list will be disabled and turned off on a system. The following are\nexceptions:\n\n```\n    A default list of services to ignore is kept in the module's hiera data for\n    the parameter svckill::ignore_defaults.  This default list is split over\n    several hiera files, grouped as services that are common, services that\n    are os family related and services that are version related. The arrays\n    are merged and sorted uniquely during catalog compilation.\n\n    These services will not be killed unless they are removed using the knock out\n    prefix in the svckill::ignore parameter.\n\n    The following is an example of a hiera entry that will remove a service on\n    the svckill::ignore_defaults list and allow svckill to kill this service:\n\n    ---\n    svckill::ignore:\n       - '--sshd'\n```\n\n### Beginning with svckill\n\nYou can set up svckill on a node by:\n\n```puppet\ninclude 'svckill'\n```\n\n## Usage\n\n### I have a service I don't want puppet to kill on a single node\n\nThere are two ways to solve this problem:\n\nDeclare the service in puppet:\n\n```puppet\nservice { 'myservice':\n  ensure =\u003e running,\n}\n```\n\nor Declare the service in an ignore list in svckill:\n\n```puppet\nsvckill::ignore { 'myservice': }\n```\n\n### I want to ignore a list of services I deploy in a file\n\n```puppet\nsvckill { 'ourservices':\n  ignorefiles =\u003e '/opt/services',\n}\n```\n\n### I want to set a list of services allowed in my entire infrascture\n\n```puppet\nsite.pp\n\nclass { 'svckill':\n  ignore =\u003e ['A',\n             'B',\n             'C'\n            ],\n}\n```\n\n### I don't want to kill a service, but I'd like to be alerted when it is running\n\n```puppet\nclass { 'svckill':\n  ignore =\u003e 'A',\n  mode   =\u003e 'warning',\n}\n```\n\n## Reference\n\nPlease refer to the [REFERENCE.md](./REFERENCE.md).\n\n## Limitations\n\nSIMP Puppet modules are generally intended for use on Red Hat Enterprise\nLinux and compatible distributions, such as CentOS. Please see the\n[`metadata.json` file](./metadata.json) for the most up-to-date list of\nsupported operating systems, Puppet versions, and module dependencies.\n\n## Development\n\nPlease read our [Contribution Guide](https://simp.readthedocs.io/en/stable/contributors_guide/index.html).\n\nVisit the project homepage on [GitHub](https://simp-project.com),\nand look at our issues on  [JIRA](https://simp-project.atlassian.net/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimp%2Fpupmod-simp-svckill","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsimp%2Fpupmod-simp-svckill","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimp%2Fpupmod-simp-svckill/lists"}