diff options
author | intrigeri <intrigeri@boum.org> | 2010-10-17 19:49:05 +0200 |
---|---|---|
committer | intrigeri <intrigeri@boum.org> | 2010-10-17 19:49:05 +0200 |
commit | 96a39b816a4922cb9e710e6bdd044125708d8411 (patch) | |
tree | 7f2d9f523489139b45601027f9af816b92a7184a | |
parent | 6cefcabecf1a8afac2e932aa13dfbde675742dee (diff) | |
download | puppet-loginrecords-96a39b816a4922cb9e710e6bdd044125708d8411.tar.gz puppet-loginrecords-96a39b816a4922cb9e710e6bdd044125708d8411.tar.bz2 |
Add (untested) lastlog disabling support.
-rw-r--r-- | README | 6 | ||||
-rw-r--r-- | manifests/debian.pp | 5 | ||||
-rw-r--r-- | manifests/init.pp | 3 | ||||
-rw-r--r-- | manifests/lastlog.pp | 7 |
4 files changed, 21 insertions, 0 deletions
@@ -22,6 +22,12 @@ $disable_faillog Default: faillog is disabled. When set to false, faillog is enabled. +$disable_lastlog +---------------- + +Default: lastlog is disabled. +When set to a false, non-empty value, lastlog is not changed. + Copyright ========= diff --git a/manifests/debian.pp b/manifests/debian.pp index 8bc296d..8cf95f1 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -1,5 +1,6 @@ class loginrecords::debian inherits loginrecords::base { + $pam_login_file = '/etc/pam.d/login' $login_defs_file = '/etc/login.defs' if $disable_faillog { @@ -9,4 +10,8 @@ class loginrecords::debian inherits loginrecords::base { include loginrecords::faillog::enable } + if $disable_lastlog { + include loginrecords::lastlog::disable + } + } diff --git a/manifests/init.pp b/manifests/init.pp index 0dbe627..6826c32 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -6,6 +6,9 @@ class loginrecords { if $disable_faillog == '' { $disable_faillog = true } + if $disable_lastlog == '' { + $disable_lastlog = true + } # Include main class case $kernel { diff --git a/manifests/lastlog.pp b/manifests/lastlog.pp new file mode 100644 index 0000000..da6c735 --- /dev/null +++ b/manifests/lastlog.pp @@ -0,0 +1,7 @@ +class loginrecords::lastlog::disable { + replace { 'loginrecords-lastlog-disable': + file => $pam_login_file, + pattern => '^session[[:space:]]+optional[[:space:]]+pam_lastlog.so$', + replacement => '#session optional pam_lastlog.so', + } +} |