diff options
author | intrigeri <intrigeri@boum.org> | 2010-10-17 20:23:20 +0200 |
---|---|---|
committer | intrigeri <intrigeri@boum.org> | 2010-10-17 20:23:20 +0200 |
commit | ef2e21a7644eb5eb6d31bad47076a33abb02801c (patch) | |
tree | 03e1a7d7e515d4b6da4c9d375cd13a86f32eab1e | |
parent | 7fcec706fd74b5f958e74d7960640ff5ec8b19be (diff) | |
download | puppet-loginrecords-ef2e21a7644eb5eb6d31bad47076a33abb02801c.tar.gz puppet-loginrecords-ef2e21a7644eb5eb6d31bad47076a33abb02801c.tar.bz2 |
Also disable /var/run/utmp (opt-out).
-rw-r--r-- | README | 8 | ||||
-rw-r--r-- | manifests/debian.pp | 8 | ||||
-rw-r--r-- | manifests/init.pp | 3 | ||||
-rw-r--r-- | manifests/utmp.pp | 9 |
4 files changed, 25 insertions, 3 deletions
@@ -16,10 +16,12 @@ Dependencies Configuration ============= -$disable_btmp, $disable_wtmp ----------------------------- +$disable_btmp, $disable_utmp, $disable_wtmp +------------------------------------------- + +Default: /var/log/btmp, /var/run/utmp and /var/log/wtmp are ensured to +be absent. -Default: /var/log/btmp and /var/log/wtmp are ensured to be absent. These variables, when set to a false, non-empty value, have these files created and their logging enabled again. diff --git a/manifests/debian.pp b/manifests/debian.pp index d8432d6..3d4c7c1 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -3,6 +3,7 @@ class loginrecords::debian inherits loginrecords::base { $pam_login_file = '/etc/pam.d/login' $login_defs_file = '/etc/login.defs' $btmp_file = '/var/log/btmp' + $utmp_file = '/var/run/utmp' $wtmp_file = '/var/log/wtmp' if $disable_btmp { @@ -23,6 +24,13 @@ class loginrecords::debian inherits loginrecords::base { include loginrecords::lastlog::disable } + if $disable_utmp { + include loginrecords::utmp::disable + } + else { + include loginrecords::utmp::enable + } + if $disable_wtmp { include loginrecords::wtmp::disable } diff --git a/manifests/init.pp b/manifests/init.pp index e575dee..b2d063b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -12,6 +12,9 @@ class loginrecords { if $disable_lastlog == '' { $disable_lastlog = true } + if $disable_utmp == '' { + $disable_utmp = true + } if $disable_wtmp == '' { $disable_wtmp = true } diff --git a/manifests/utmp.pp b/manifests/utmp.pp new file mode 100644 index 0000000..3b79374 --- /dev/null +++ b/manifests/utmp.pp @@ -0,0 +1,9 @@ +class loginrecords::utmp::disable { + file { "$utmp_file": ensure => 'absent' } +} + +class loginrecords::utmp::enable { + file { "$utmp_file": + ensure => 'present', mode => 660, owner => 'root', group => 'utmp', + } +} |