diff options
author | intrigeri <intrigeri@boum.org> | 2010-10-17 18:37:58 +0200 |
---|---|---|
committer | intrigeri <intrigeri@boum.org> | 2010-10-17 18:37:58 +0200 |
commit | 619ca3f02fdbed3b39217a770d66dca0d7a3bb43 (patch) | |
tree | de44089f41f2ecb4792884744fecebe7ea5e530b | |
download | puppet-loginrecords-619ca3f02fdbed3b39217a770d66dca0d7a3bb43.tar.gz puppet-loginrecords-619ca3f02fdbed3b39217a770d66dca0d7a3bb43.tar.bz2 |
Initial commit, with untested faillog support.
-rw-r--r-- | README | 33 | ||||
-rw-r--r-- | manifests/base.pp | 3 | ||||
-rw-r--r-- | manifests/debian.pp | 12 | ||||
-rw-r--r-- | manifests/faillog.pp | 25 | ||||
-rw-r--r-- | manifests/init.pp | 15 |
5 files changed, 88 insertions, 0 deletions
@@ -0,0 +1,33 @@ +Puppet module to manage login records. + +E.g. disable successful and failed login records. + +All functionality is currently only available on Debian GNU/Linux. +Bits should be made available for other operating systems after +checking they are configured the same way. + +Defaults to disable all supported login records. + +Dependencies +============ + +- the common module: git://labs.riseup.net/shared-common + +Configuration +============= + +$enable_faillog +--------------- + +Default: faillog is disabled. +When set to a true value, faillog is enabled. + +Copyright +========= + +Copyright (c) 2010 intrigeri <intrigeri@boum.org> + +Licence +======= + +GPL-3+ diff --git a/manifests/base.pp b/manifests/base.pp new file mode 100644 index 0000000..66d3477 --- /dev/null +++ b/manifests/base.pp @@ -0,0 +1,3 @@ +class loginrecords::base { + +} diff --git a/manifests/debian.pp b/manifests/debian.pp new file mode 100644 index 0000000..236cbe2 --- /dev/null +++ b/manifests/debian.pp @@ -0,0 +1,12 @@ +class loginrecords::debian inherits loginrecords::base { + + $login_defs_file = '/etc/login.defs' + + if $enable_faillog { + include loginrecords::faillog::enable + } + else { + include loginrecords::faillog::disable + } + +} diff --git a/manifests/faillog.pp b/manifests/faillog.pp new file mode 100644 index 0000000..2af2299 --- /dev/null +++ b/manifests/faillog.pp @@ -0,0 +1,25 @@ +class loginrecords::faillog::enable { + replace { 'loginrecords-faillog-enable': + file => $login_defs_file, + pattern => '^FAILLOG_ENAB\w+no$', + replace => 'FAILLOG_ENAB yes', + } + append_if_no_such_line { 'loginrecords-faillog-enable': + file => $login_defs_file, + line => 'FAILLOG_ENAB yes', + require => Replace['loginrecords-faillog-enable'], + } +} + +class loginrecords::faillog::disable { + replace { 'loginrecords-faillog-disable': + file => $login_defs_file, + pattern => '^FAILLOG_ENAB\w+yes$', + replace => 'FAILLOG_ENAB no', + } + append_if_no_such_line { 'loginrecords-faillog-disable': + file => $login_defs_file, + line => 'FAILLOG_ENAB no', + require => Replace['loginrecords-faillog-disable'], + } +} diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 0000000..c615d90 --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,15 @@ +class loginrecords { + + case $kernel { + "Linux": { + case $operatingsystem { + "debian", "ubuntu": { include loginrecords::debian } + default: { include loginrecords::base } + } + } + default: { + err("Kernel $kernel is not supported.") + } + } + +} |