diff options
| author | intrigeri <intrigeri@boum.org> | 2011-02-26 00:19:22 +0100 |
|---|---|---|
| committer | intrigeri <intrigeri@boum.org> | 2011-02-26 00:22:43 +0100 |
| commit | f14a6d81d58e3e36fb7fef593086aab6e576dfa1 (patch) | |
| tree | 3ad080db0c10a513b72dee68622d8455bebd5bad | |
| parent | 1138f154f9cb0985076159dec34546eb9f677017 (diff) | |
| download | puppet-loginrecords-f14a6d81d58e3e36fb7fef593086aab6e576dfa1.tar.gz puppet-loginrecords-f14a6d81d58e3e36fb7fef593086aab6e576dfa1.tar.bz2 | |
New feature: mount a ramdisk on /var/run.
This helps protecting users privacy since /var/run/utmp cannot be deleted.
| -rw-r--r-- | README | 12 | ||||
| -rw-r--r-- | manifests/debian.pp | 6 | ||||
| -rw-r--r-- | manifests/init.pp | 3 | ||||
| -rw-r--r-- | manifests/ramrun/disable.pp | 7 | ||||
| -rw-r--r-- | manifests/ramrun/enable.pp | 8 |
5 files changed, 35 insertions, 1 deletions
@@ -47,6 +47,18 @@ $disable_lastlog Default: lastlog is disabled. When set to a false, non-empty value, lastlog is not changed. +$ramdisk_on_var_run +------------------- + +Default: have the initscripts mount a ramdisk on /var/run. +When set to a false, non-empty value, the mounting of a ramdisk on +/var/run is disabled. + +Please note that the changes only take effect on reboot. When enabling +this feature, you probably want to get rid of any file previously +stored on the files (such as utmp) stored in the non-ramdisk +underlying /var/run directory. + Copyright ========= diff --git a/manifests/debian.pp b/manifests/debian.pp index 02c2dad..e68185b 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -30,4 +30,10 @@ class loginrecords::debian inherits loginrecords::base { class{'loginrecords::wtmp::enable': } } + if $loginrecords::ramdisk_on_var_run { + class{'loginrecords::ramrun::enable': } + } else { + class{'loginrecords::ramrun::disable': } + } + } diff --git a/manifests/init.pp b/manifests/init.pp index 446819b..0bc7a22 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -3,7 +3,8 @@ class loginrecords( $disable_faillog = true, $disable_lastlog = true, $protect_utmp = true, - $disable_wtmp = true + $disable_wtmp = true, + $ramdisk_on_var_run = true ){ # Include main class case $kernel { diff --git a/manifests/ramrun/disable.pp b/manifests/ramrun/disable.pp new file mode 100644 index 0000000..304d234 --- /dev/null +++ b/manifests/ramrun/disable.pp @@ -0,0 +1,7 @@ +class loginrecords::ramrun::disable inherits loginrecords::ramrun::enable { + + Augeas { "ramdisk-on-var-run": + changes => "set RAMRUN yes", + } + +} diff --git a/manifests/ramrun/enable.pp b/manifests/ramrun/enable.pp new file mode 100644 index 0000000..564ef06 --- /dev/null +++ b/manifests/ramrun/enable.pp @@ -0,0 +1,8 @@ +class loginrecords::ramrun::enable { + + augeas { "ramdisk-on-var-run": + context => "/files/etc/default/rcS", + changes => "set RAMRUN yes", + } + +} |