From 619ca3f02fdbed3b39217a770d66dca0d7a3bb43 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 17 Oct 2010 18:37:58 +0200 Subject: Initial commit, with untested faillog support. --- README | 33 +++++++++++++++++++++++++++++++++ manifests/base.pp | 3 +++ manifests/debian.pp | 12 ++++++++++++ manifests/faillog.pp | 25 +++++++++++++++++++++++++ manifests/init.pp | 15 +++++++++++++++ 5 files changed, 88 insertions(+) create mode 100644 README create mode 100644 manifests/base.pp create mode 100644 manifests/debian.pp create mode 100644 manifests/faillog.pp create mode 100644 manifests/init.pp diff --git a/README b/README new file mode 100644 index 0000000..12372fc --- /dev/null +++ b/README @@ -0,0 +1,33 @@ +Puppet module to manage login records. + +E.g. disable successful and failed login records. + +All functionality is currently only available on Debian GNU/Linux. +Bits should be made available for other operating systems after +checking they are configured the same way. + +Defaults to disable all supported login records. + +Dependencies +============ + +- the common module: git://labs.riseup.net/shared-common + +Configuration +============= + +$enable_faillog +--------------- + +Default: faillog is disabled. +When set to a true value, faillog is enabled. + +Copyright +========= + +Copyright (c) 2010 intrigeri + +Licence +======= + +GPL-3+ diff --git a/manifests/base.pp b/manifests/base.pp new file mode 100644 index 0000000..66d3477 --- /dev/null +++ b/manifests/base.pp @@ -0,0 +1,3 @@ +class loginrecords::base { + +} diff --git a/manifests/debian.pp b/manifests/debian.pp new file mode 100644 index 0000000..236cbe2 --- /dev/null +++ b/manifests/debian.pp @@ -0,0 +1,12 @@ +class loginrecords::debian inherits loginrecords::base { + + $login_defs_file = '/etc/login.defs' + + if $enable_faillog { + include loginrecords::faillog::enable + } + else { + include loginrecords::faillog::disable + } + +} diff --git a/manifests/faillog.pp b/manifests/faillog.pp new file mode 100644 index 0000000..2af2299 --- /dev/null +++ b/manifests/faillog.pp @@ -0,0 +1,25 @@ +class loginrecords::faillog::enable { + replace { 'loginrecords-faillog-enable': + file => $login_defs_file, + pattern => '^FAILLOG_ENAB\w+no$', + replace => 'FAILLOG_ENAB yes', + } + append_if_no_such_line { 'loginrecords-faillog-enable': + file => $login_defs_file, + line => 'FAILLOG_ENAB yes', + require => Replace['loginrecords-faillog-enable'], + } +} + +class loginrecords::faillog::disable { + replace { 'loginrecords-faillog-disable': + file => $login_defs_file, + pattern => '^FAILLOG_ENAB\w+yes$', + replace => 'FAILLOG_ENAB no', + } + append_if_no_such_line { 'loginrecords-faillog-disable': + file => $login_defs_file, + line => 'FAILLOG_ENAB no', + require => Replace['loginrecords-faillog-disable'], + } +} diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 0000000..c615d90 --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,15 @@ +class loginrecords { + + case $kernel { + "Linux": { + case $operatingsystem { + "debian", "ubuntu": { include loginrecords::debian } + default: { include loginrecords::base } + } + } + default: { + err("Kernel $kernel is not supported.") + } + } + +} -- cgit v1.2.3