diff options
| author | mh <mh@immerda.ch> | 2013-01-02 11:43:18 +0100 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2013-01-02 11:43:18 +0100 |
| commit | 43cba80d2ede774ecf91cb26531ecbca0f097551 (patch) | |
| tree | 51f3dbde6868f456def5652ea4076a06263a33f1 | |
| parent | 868c2bee3b8c77a01bdd2b003c0560c3006a0f8f (diff) | |
| download | puppet-loginrecords-43cba80d2ede774ecf91cb26531ecbca0f097551.tar.gz puppet-loginrecords-43cba80d2ede774ecf91cb26531ecbca0f097551.tar.bz2 | |
linting according to puppet-lint
| -rw-r--r-- | manifests/base.pp | 4 | ||||
| -rw-r--r-- | manifests/btmp/disable.pp | 3 | ||||
| -rw-r--r-- | manifests/btmp/enable.pp | 9 | ||||
| -rw-r--r-- | manifests/debian.pp | 1 | ||||
| -rw-r--r-- | manifests/faillog/disable.pp | 7 | ||||
| -rw-r--r-- | manifests/faillog/enable.pp | 11 | ||||
| -rw-r--r-- | manifests/init.pp | 20 | ||||
| -rw-r--r-- | manifests/lastlog/disable.pp | 3 | ||||
| -rw-r--r-- | manifests/lastlog/enable.pp | 11 | ||||
| -rw-r--r-- | manifests/ramrun/disable.pp | 7 | ||||
| -rw-r--r-- | manifests/ramrun/enable.pp | 9 | ||||
| -rw-r--r-- | manifests/utmp/protect.pp | 3 | ||||
| -rw-r--r-- | manifests/utmp/unprotect.pp | 9 | ||||
| -rw-r--r-- | manifests/wtmp/disable.pp | 3 | ||||
| -rw-r--r-- | manifests/wtmp/enable.pp | 9 |
15 files changed, 66 insertions, 43 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 66d3477..07f4541 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,3 +1,7 @@ +# main class to manage things +# empty so we don't harm +# any non supported linux +# systems class loginrecords::base { } diff --git a/manifests/btmp/disable.pp b/manifests/btmp/disable.pp index f32d36a..77c5d1e 100644 --- a/manifests/btmp/disable.pp +++ b/manifests/btmp/disable.pp @@ -1,5 +1,6 @@ +# ensure that btmp is not on the system class loginrecords::btmp::disable inherits loginrecords::btmp::enable { - File[$btmp_file]{ + File[$loginrecords::btmp::enable::btmp_file]{ ensure => 'absent', backup => false, } diff --git a/manifests/btmp/enable.pp b/manifests/btmp/enable.pp index c173362..95c663d 100644 --- a/manifests/btmp/enable.pp +++ b/manifests/btmp/enable.pp @@ -1,8 +1,11 @@ +# manage the btmp file class loginrecords::btmp::enable( $btmp_file = '/var/log/btmp' ){ - file{$btmp_file: - ensure => 'present', - owner => 'root', group => 'utmp', mode => 660; + file{$loginrecords::btmp::enable::btmp_file: + ensure => 'present', + owner => 'root', + group => 'utmp', + mode => '0660'; } } diff --git a/manifests/debian.pp b/manifests/debian.pp index e68185b..0813d2f 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -1,3 +1,4 @@ +# how loginrecords are managed on debian class loginrecords::debian inherits loginrecords::base { if $loginrecords::disable_btmp { diff --git a/manifests/faillog/disable.pp b/manifests/faillog/disable.pp index c05e6bc..4e1df4e 100644 --- a/manifests/faillog/disable.pp +++ b/manifests/faillog/disable.pp @@ -1,9 +1,10 @@ +# do not log any faillog class loginrecords::faillog::disable inherits loginrecords::faillog::enable{ Replace['loginrecords-faillog']{ - pattern => '^FAILLOG_ENAB[[:space:]]+yes$', - replacement => 'FAILLOG_ENAB no', + pattern => '^FAILLOG_ENAB[[:space:]]+yes$', + replacement => "FAILLOG_ENAB\tno", } Line['loginrecords-faillog']{ - line => 'FAILLOG_ENAB no', + line => "FAILLOG_ENAB\tno", } } diff --git a/manifests/faillog/enable.pp b/manifests/faillog/enable.pp index c714b74..d600f6f 100644 --- a/manifests/faillog/enable.pp +++ b/manifests/faillog/enable.pp @@ -1,14 +1,15 @@ +# manage faillog logging class loginrecords::faillog::enable( $login_defs_file = '/etc/login.defs' ) { replace{'loginrecords-faillog': - file => $login_defs_file, - pattern => '^FAILLOG_ENAB[[:space]]+no$', - replacement => 'FAILLOG_ENAB yes', + file => $loginrecords::faillog::enable::login_defs_file, + pattern => '^FAILLOG_ENAB[[:space]]+no$', + replacement => "FAILLOG_ENAB\tyes", } line{'loginrecords-faillog': - file => $login_defs_file, - line => 'FAILLOG_ENAB yes', + file => $loginrecords::faillog::enable::login_defs_file, + line => "FAILLOG_ENAB\tyes", require => Replace['loginrecords-faillog'], } } diff --git a/manifests/init.pp b/manifests/init.pp index 5c9f800..dd0e48e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,17 +1,19 @@ +# manage how login records are +# stored on the system class loginrecords( - $disable_btmp = true, - $disable_faillog = true, - $disable_lastlog = true, - $protect_utmp = true, - $disable_wtmp = true, + $disable_btmp = true, + $disable_faillog = true, + $disable_lastlog = true, + $protect_utmp = true, + $disable_wtmp = true, $ramdisk_on_var_run = true ){ # Include main class case $::kernel { - "Linux": { - case $::operatingsystem { - "debian", "ubuntu": { include loginrecords::debian } - default: { include loginrecords::base } + Linux: { + case $::operatingsystem { + debian, ubuntu: { include loginrecords::debian } + default: { include loginrecords::base } } } default: { diff --git a/manifests/lastlog/disable.pp b/manifests/lastlog/disable.pp index 69e13d5..f97c49c 100644 --- a/manifests/lastlog/disable.pp +++ b/manifests/lastlog/disable.pp @@ -1,6 +1,7 @@ +# disable lastlog loggin of pam class loginrecords::lastlog::disable inherits loginrecords::lastlog::enable { Replace['loginrecords-lastlog']{ - pattern => '^session[[:space:]]+optional[[:space:]]+pam_lastlog.so$', + pattern => '^session[[:space:]]+optional[[:space:]]+pam_lastlog.so$', replacement => '#session optional pam_lastlog.so', } File['/var/log/lastlog']{ diff --git a/manifests/lastlog/enable.pp b/manifests/lastlog/enable.pp index bd9378b..b8dec35 100644 --- a/manifests/lastlog/enable.pp +++ b/manifests/lastlog/enable.pp @@ -1,13 +1,16 @@ +# manage the lastlog logging of pam class loginrecords::lastlog::enable( $pam_login_file = '/etc/pam.d/login' ){ replace{'loginrecords-lastlog': - file => $pam_login_file, - pattern => '^#session[[:space:]]+optional[[:space:]]+pam_lastlog.so$', + file => $pam_login_file, + pattern => '^#session[[:space:]]+optional[[:space:]]+pam_lastlog.so$', replacement => 'session optional pam_lastlog.so', } file{'/var/log/lastlog': - ensure => present, - owner => root, group => utmp, mode => 0664; + ensure => present, + owner => 'root', + group => 'utmp', + mode => '0664'; } } diff --git a/manifests/ramrun/disable.pp b/manifests/ramrun/disable.pp index 3d282a3..d745bf0 100644 --- a/manifests/ramrun/disable.pp +++ b/manifests/ramrun/disable.pp @@ -1,7 +1,6 @@ +# do not put /var/run on a ramdisk class loginrecords::ramrun::disable inherits loginrecords::ramrun::enable { - - Augeas["ramdisk-on-var-run"]{ - changes => "set RAMRUN yes", + Augeas['ramdisk-on-var-run']{ + changes => 'set RAMRUN yes', } - } diff --git a/manifests/ramrun/enable.pp b/manifests/ramrun/enable.pp index 564ef06..27bf409 100644 --- a/manifests/ramrun/enable.pp +++ b/manifests/ramrun/enable.pp @@ -1,8 +1,7 @@ +# put /var/run on a ramdisk? class loginrecords::ramrun::enable { - - augeas { "ramdisk-on-var-run": - context => "/files/etc/default/rcS", - changes => "set RAMRUN yes", + augeas{'ramdisk-on-var-run': + context => '/files/etc/default/rcS', + changes => 'set RAMRUN yes', } - } diff --git a/manifests/utmp/protect.pp b/manifests/utmp/protect.pp index 166df5e..603064e 100644 --- a/manifests/utmp/protect.pp +++ b/manifests/utmp/protect.pp @@ -1,5 +1,6 @@ +# make the unprotect file protected from global read class loginrecords::utmp::protect inherits loginrecords::utmp::unprotect { - File[$utmp_file]{ + File[$loginrecords::utmp::protect::utmp_file]{ mode => 660, } } diff --git a/manifests/utmp/unprotect.pp b/manifests/utmp/unprotect.pp index 9da7517..54d821b 100644 --- a/manifests/utmp/unprotect.pp +++ b/manifests/utmp/unprotect.pp @@ -1,8 +1,11 @@ +# manage the utmp file class loginrecords::utmp::unprotect( $utmp_file = '/var/run/utmp' ){ - file{$utmp_file: - ensure => 'present', - owner => 'root', group => 'utmp', mode => 664; + file{$loginrecords::utmp::unprotect::utmp_file: + ensure => 'present', + owner => 'root', + group => 'utmp', + mode => '0664'; } } diff --git a/manifests/wtmp/disable.pp b/manifests/wtmp/disable.pp index 0d53e57..f98e201 100644 --- a/manifests/wtmp/disable.pp +++ b/manifests/wtmp/disable.pp @@ -1,5 +1,6 @@ +# ensure that wtmp is not on the system class loginrecords::wtmp::disable inherits loginrecords::wtmp::enable { - File[$wtmp_file]{ + File[$loginrecords::wtmp::enable::wtmp_file]{ ensure => 'absent', backup => false, } diff --git a/manifests/wtmp/enable.pp b/manifests/wtmp/enable.pp index f3b5ee9..4ba57ee 100644 --- a/manifests/wtmp/enable.pp +++ b/manifests/wtmp/enable.pp @@ -1,8 +1,11 @@ +# manage wtmp class loginrecords::wtmp::enable( $wtmp_file = '/var/log/wtmp' ){ - file{$wtmp_file: - ensure => 'present', - owner => 'root', group => 'utmp', mode => 664; + file{$loginrecords::wtmp::enable::wtmp_file: + ensure => 'present', + owner => 'root', + group => 'utmp', + mode => '0664'; } } |