diff options
| author | mh <mh@immerda.ch> | 2011-03-01 23:50:11 +0100 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2011-03-01 23:50:11 +0100 |
| commit | 489ac37c566e0341f490a3c9258e358ffed4fbc3 (patch) | |
| tree | 3ad080db0c10a513b72dee68622d8455bebd5bad | |
| parent | 5b303f63c2133e25f84b21f7c2b275aa02c32545 (diff) | |
| parent | f14a6d81d58e3e36fb7fef593086aab6e576dfa1 (diff) | |
| download | puppet-loginrecords-489ac37c566e0341f490a3c9258e358ffed4fbc3.tar.gz puppet-loginrecords-489ac37c566e0341f490a3c9258e358ffed4fbc3.tar.bz2 | |
merge with intrigeri
| -rw-r--r-- | README | 26 | ||||
| -rw-r--r-- | manifests/debian.pp | 12 | ||||
| -rw-r--r-- | manifests/init.pp | 5 | ||||
| -rw-r--r-- | manifests/ramrun/disable.pp | 7 | ||||
| -rw-r--r-- | manifests/ramrun/enable.pp | 8 | ||||
| -rw-r--r-- | manifests/utmp/disable.pp | 6 | ||||
| -rw-r--r-- | manifests/utmp/enable.pp | 8 | ||||
| -rw-r--r-- | manifests/utmp/protect.pp | 5 | ||||
| -rw-r--r-- | manifests/utmp/unprotect.pp | 8 |
9 files changed, 57 insertions, 28 deletions
@@ -21,23 +21,19 @@ If you just include the class loginrecords this will disable all loginlogs. $disable_btmp, $disable_wtmp ---------------------------- +---------------------------- Default: /var/log/btmp and /var/log/wtmp are ensured to be absent. These variables, when set to a false, non-empty value, have these files created and their logging enabled again. -$disable_utmp +$protect_utmp ------------- -Default: /var/run/utmp is not removed. - -WARNING: Removing utmp removes necessary information for binaries such -as runlevel. This might break other scripts that are relaying on the -output of this binary or other scripts depending on their output. For -example it is known that puppet will not anymore be able to idempodently -manage runlevels. -> https://projects.puppetlabs.com/issues/5409 +Default: /var/run/utmp is ensured to be present, but chmod'ed 660. +When set to a false, non-empty value, /var/run/utmp is ensured to be +present, and chmod'ed 664. $disable_faillog ---------------- @@ -51,6 +47,18 @@ $disable_lastlog Default: lastlog is disabled. When set to a false, non-empty value, lastlog is not changed. +$ramdisk_on_var_run +------------------- + +Default: have the initscripts mount a ramdisk on /var/run. +When set to a false, non-empty value, the mounting of a ramdisk on +/var/run is disabled. + +Please note that the changes only take effect on reboot. When enabling +this feature, you probably want to get rid of any file previously +stored on the files (such as utmp) stored in the non-ramdisk +underlying /var/run directory. + Copyright ========= diff --git a/manifests/debian.pp b/manifests/debian.pp index 12ec571..e68185b 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -18,10 +18,10 @@ class loginrecords::debian inherits loginrecords::base { class{'loginrecords::lastlog::enable': } } - if $loginrecords::disable_utmp { - class{'loginrecords::utmp::disable': } + if $loginrecords::protect_utmp { + class{'loginrecords::utmp::protect': } } else { - class{'loginrecords::utmp::enable': } + class{'loginrecords::utmp::unprotect': } } if $loginrecords::disable_wtmp { @@ -30,4 +30,10 @@ class loginrecords::debian inherits loginrecords::base { class{'loginrecords::wtmp::enable': } } + if $loginrecords::ramdisk_on_var_run { + class{'loginrecords::ramrun::enable': } + } else { + class{'loginrecords::ramrun::disable': } + } + } diff --git a/manifests/init.pp b/manifests/init.pp index fe65eec..0bc7a22 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -2,8 +2,9 @@ class loginrecords( $disable_btmp = true, $disable_faillog = true, $disable_lastlog = true, - $disable_utmp = false, - $disable_wtmp = true + $protect_utmp = true, + $disable_wtmp = true, + $ramdisk_on_var_run = true ){ # Include main class case $kernel { diff --git a/manifests/ramrun/disable.pp b/manifests/ramrun/disable.pp new file mode 100644 index 0000000..304d234 --- /dev/null +++ b/manifests/ramrun/disable.pp @@ -0,0 +1,7 @@ +class loginrecords::ramrun::disable inherits loginrecords::ramrun::enable { + + Augeas { "ramdisk-on-var-run": + changes => "set RAMRUN yes", + } + +} diff --git a/manifests/ramrun/enable.pp b/manifests/ramrun/enable.pp new file mode 100644 index 0000000..564ef06 --- /dev/null +++ b/manifests/ramrun/enable.pp @@ -0,0 +1,8 @@ +class loginrecords::ramrun::enable { + + augeas { "ramdisk-on-var-run": + context => "/files/etc/default/rcS", + changes => "set RAMRUN yes", + } + +} diff --git a/manifests/utmp/disable.pp b/manifests/utmp/disable.pp deleted file mode 100644 index d01d44b..0000000 --- a/manifests/utmp/disable.pp +++ /dev/null @@ -1,6 +0,0 @@ -class loginrecords::utmp::disable inherits loginrecords::utmp::enable { - File[$utmp_file]{ - ensure => 'absent', - backup => false, - } -} diff --git a/manifests/utmp/enable.pp b/manifests/utmp/enable.pp deleted file mode 100644 index 1003182..0000000 --- a/manifests/utmp/enable.pp +++ /dev/null @@ -1,8 +0,0 @@ -class loginrecords::utmp::enable( - $utmp_file = '/var/run/utmp' -){ - file{$utmp_file: - ensure => 'present', - owner => 'root', group => 'utmp', mode => 660; - } -} diff --git a/manifests/utmp/protect.pp b/manifests/utmp/protect.pp new file mode 100644 index 0000000..166df5e --- /dev/null +++ b/manifests/utmp/protect.pp @@ -0,0 +1,5 @@ +class loginrecords::utmp::protect inherits loginrecords::utmp::unprotect { + File[$utmp_file]{ + mode => 660, + } +} diff --git a/manifests/utmp/unprotect.pp b/manifests/utmp/unprotect.pp new file mode 100644 index 0000000..9da7517 --- /dev/null +++ b/manifests/utmp/unprotect.pp @@ -0,0 +1,8 @@ +class loginrecords::utmp::unprotect( + $utmp_file = '/var/run/utmp' +){ + file{$utmp_file: + ensure => 'present', + owner => 'root', group => 'utmp', mode => 664; + } +} |