Merge branch 'shared'

Conflicts:
	README

16 files changed, 73 insertions, 60 deletions

diff --git a/README b/README
index 8395501..d5acff3 100644
--- a/README
+++ b/README
@@ -11,8 +11,8 @@ Defaults to disable all supported login records.
 Dependencies
 ============
 
-- the common module: git://labs.riseup.net/shared-common
 - the lsb module: git://labs.riseup.net/shared-lsb
+- the stdlib module from puppetlabs: http://forge.puppetlabs.com/puppetlabs/stdlib
 
 Configuration
 =============
diff --git a/manifests/base.pp b/manifests/base.pp
index 66d3477..07f4541 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -1,3 +1,7 @@
+# main class to manage things
+# empty so we don't harm
+# any non supported linux
+# systems
 class loginrecords::base {
 
 }
diff --git a/manifests/btmp/disable.pp b/manifests/btmp/disable.pp
index f32d36a..77c5d1e 100644
--- a/manifests/btmp/disable.pp
+++ b/manifests/btmp/disable.pp
@@ -1,5 +1,6 @@
+# ensure that btmp is not on the system
 class loginrecords::btmp::disable inherits loginrecords::btmp::enable {
-  File[$btmp_file]{
+  File[$loginrecords::btmp::enable::btmp_file]{
     ensure => 'absent',
     backup => false,
   }
diff --git a/manifests/btmp/enable.pp b/manifests/btmp/enable.pp
index c173362..95c663d 100644
--- a/manifests/btmp/enable.pp
+++ b/manifests/btmp/enable.pp
@@ -1,8 +1,11 @@
+# manage the btmp file
 class loginrecords::btmp::enable(
   $btmp_file = '/var/log/btmp'
 ){
-  file{$btmp_file:
-    ensure => 'present',
-    owner => 'root', group => 'utmp', mode => 660;
+  file{$loginrecords::btmp::enable::btmp_file:
+    ensure  => 'present',
+    owner   => 'root',
+    group   => 'utmp',
+    mode    => '0660';
   }
 }
diff --git a/manifests/debian.pp b/manifests/debian.pp
index c20be6c..9208145 100644
--- a/manifests/debian.pp
+++ b/manifests/debian.pp
@@ -1,3 +1,4 @@
+# how loginrecords are managed on debian
 class loginrecords::debian inherits loginrecords::base {
 
   if $loginrecords::disable_btmp {
diff --git a/manifests/faillog/disable.pp b/manifests/faillog/disable.pp
index c05e6bc..c55e39e 100644
--- a/manifests/faillog/disable.pp
+++ b/manifests/faillog/disable.pp
@@ -1,9 +1,6 @@
+# do not log any faillog
 class loginrecords::faillog::disable inherits loginrecords::faillog::enable{
-  Replace['loginrecords-faillog']{
-    pattern   => '^FAILLOG_ENAB[[:space:]]+yes$',
-    replacement => 'FAILLOG_ENAB		no',
-  }
-  Line['loginrecords-faillog']{
-    line  => 'FAILLOG_ENAB		no',
+  File_line['loginrecords-faillog']{
+    line  => "FAILLOG_ENAB\tno",
   }
 }
diff --git a/manifests/faillog/enable.pp b/manifests/faillog/enable.pp
index c714b74..6120193 100644
--- a/manifests/faillog/enable.pp
+++ b/manifests/faillog/enable.pp
@@ -1,14 +1,10 @@
+# manage faillog logging
 class loginrecords::faillog::enable(
   $login_defs_file = '/etc/login.defs'
 ) {
-  replace{'loginrecords-faillog':
-    file    => $login_defs_file,
-    pattern   => '^FAILLOG_ENAB[[:space]]+no$',
-    replacement => 'FAILLOG_ENAB		yes',
-  }
-  line{'loginrecords-faillog':
-    file  => $login_defs_file,
-    line  => 'FAILLOG_ENAB		yes',
-    require => Replace['loginrecords-faillog'],
+  file_line{'loginrecords-faillog':
+    path  => $loginrecords::faillog::enable::login_defs_file,
+    match => '^FAILLOG_ENAB',
+    line  => "FAILLOG_ENAB\tyes",
   }
 }
diff --git a/manifests/init.pp b/manifests/init.pp
index 0bc7a22..fd2f86b 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,22 +1,23 @@
+# manage how login records are
+# stored on the system
 class loginrecords(
-    $disable_btmp = true,
-    $disable_faillog = true,
-    $disable_lastlog = true,
-    $protect_utmp = true,
-    $disable_wtmp = true,
-    $ramdisk_on_var_run = true
+  $disable_btmp       = true,
+  $disable_faillog    = true,
+  $disable_lastlog    = true,
+  $protect_utmp       = true,
+  $disable_wtmp       = true,
+  $ramdisk_on_var_run = true
 ){
-    # Include main class
-    case $kernel {
-        "Linux": {
-            case  $operatingsystem {
-                "debian", "ubuntu": { include loginrecords::debian }
-                default:            { include loginrecords::base   }
-            }
-        }
-        default: {
-            err("Kernel $kernel is not supported.")
-        }
+  # Include main class
+  case $::kernel {
+    Linux: {
+      case $::operatingsystem {
+        debian, ubuntu: { include loginrecords::debian }
+        default:        { include loginrecords::base }
+      }
     }
-
+    default: {
+      fail("Kernel ${::kernel} is not supported.")
+    }
+  }
 }
diff --git a/manifests/lastlog/disable.pp b/manifests/lastlog/disable.pp
index 69e13d5..f97c49c 100644
--- a/manifests/lastlog/disable.pp
+++ b/manifests/lastlog/disable.pp
@@ -1,6 +1,7 @@
+# disable lastlog loggin of pam
 class loginrecords::lastlog::disable inherits loginrecords::lastlog::enable {
   Replace['loginrecords-lastlog']{
-    pattern   => '^session[[:space:]]+optional[[:space:]]+pam_lastlog.so$',
+    pattern     => '^session[[:space:]]+optional[[:space:]]+pam_lastlog.so$',
     replacement => '#session  optional   pam_lastlog.so',
   }
   File['/var/log/lastlog']{
diff --git a/manifests/lastlog/enable.pp b/manifests/lastlog/enable.pp
index bd9378b..b8dec35 100644
--- a/manifests/lastlog/enable.pp
+++ b/manifests/lastlog/enable.pp
@@ -1,13 +1,16 @@
+# manage the lastlog logging of pam
 class loginrecords::lastlog::enable(
   $pam_login_file = '/etc/pam.d/login'
 ){
   replace{'loginrecords-lastlog':
-    file => $pam_login_file,
-    pattern   => '^#session[[:space:]]+optional[[:space:]]+pam_lastlog.so$',
+    file        => $pam_login_file,
+    pattern     => '^#session[[:space:]]+optional[[:space:]]+pam_lastlog.so$',
     replacement => 'session  optional   pam_lastlog.so',
   }
   file{'/var/log/lastlog':
-    ensure => present,
-    owner => root, group => utmp, mode => 0664;
+    ensure  => present,
+    owner   => 'root',
+    group   => 'utmp',
+    mode    => '0664';
   }
 }
diff --git a/manifests/ramrun/disable.pp b/manifests/ramrun/disable.pp
index 3d282a3..d745bf0 100644
--- a/manifests/ramrun/disable.pp
+++ b/manifests/ramrun/disable.pp
@@ -1,7 +1,6 @@
+# do not put /var/run on a ramdisk
 class loginrecords::ramrun::disable inherits loginrecords::ramrun::enable {
-
-  Augeas["ramdisk-on-var-run"]{
-    changes => "set RAMRUN yes",
+  Augeas['ramdisk-on-var-run']{
+    changes => 'set RAMRUN yes',
   }
-
 }
diff --git a/manifests/ramrun/enable.pp b/manifests/ramrun/enable.pp
index 564ef06..27bf409 100644
--- a/manifests/ramrun/enable.pp
+++ b/manifests/ramrun/enable.pp
@@ -1,8 +1,7 @@
+# put /var/run on a ramdisk?
 class loginrecords::ramrun::enable {
-
-  augeas { "ramdisk-on-var-run":
-    context => "/files/etc/default/rcS",
-    changes => "set RAMRUN yes",
+  augeas{'ramdisk-on-var-run':
+    context => '/files/etc/default/rcS',
+    changes => 'set RAMRUN yes',
   }
-
 }
diff --git a/manifests/utmp/protect.pp b/manifests/utmp/protect.pp
index 166df5e..603064e 100644
--- a/manifests/utmp/protect.pp
+++ b/manifests/utmp/protect.pp
@@ -1,5 +1,6 @@
+# make the unprotect file protected from global read
 class loginrecords::utmp::protect inherits loginrecords::utmp::unprotect {
-  File[$utmp_file]{
+  File[$loginrecords::utmp::protect::utmp_file]{
     mode => 660,
   }
 }
diff --git a/manifests/utmp/unprotect.pp b/manifests/utmp/unprotect.pp
index 9da7517..54d821b 100644
--- a/manifests/utmp/unprotect.pp
+++ b/manifests/utmp/unprotect.pp
@@ -1,8 +1,11 @@
+# manage the utmp file
 class loginrecords::utmp::unprotect(
   $utmp_file = '/var/run/utmp'
 ){
-  file{$utmp_file:
-    ensure => 'present',
-    owner => 'root', group => 'utmp', mode => 664;
+  file{$loginrecords::utmp::unprotect::utmp_file:
+    ensure  => 'present',
+    owner   => 'root',
+    group   => 'utmp',
+    mode    => '0664';
   }
 }
diff --git a/manifests/wtmp/disable.pp b/manifests/wtmp/disable.pp
index 0d53e57..f98e201 100644
--- a/manifests/wtmp/disable.pp
+++ b/manifests/wtmp/disable.pp
@@ -1,5 +1,6 @@
+# ensure that wtmp is not on the system
 class loginrecords::wtmp::disable inherits loginrecords::wtmp::enable {
-  File[$wtmp_file]{
+  File[$loginrecords::wtmp::enable::wtmp_file]{
     ensure => 'absent',
     backup => false,
   }
diff --git a/manifests/wtmp/enable.pp b/manifests/wtmp/enable.pp
index f3b5ee9..4ba57ee 100644
--- a/manifests/wtmp/enable.pp
+++ b/manifests/wtmp/enable.pp
@@ -1,8 +1,11 @@
+# manage wtmp
 class loginrecords::wtmp::enable(
   $wtmp_file = '/var/log/wtmp'
 ){
-  file{$wtmp_file:
-    ensure => 'present',
-    owner => 'root', group => 'utmp', mode => 664;
+  file{$loginrecords::wtmp::enable::wtmp_file:
+    ensure  => 'present',
+    owner   => 'root',
+    group   => 'utmp',
+    mode    => '0664';
   }
 }