From 7fcec706fd74b5f958e74d7960640ff5ec8b19be Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@boum.org>
Date: Sun, 17 Oct 2010 20:13:20 +0200
Subject: Support disabling btmp and wtmp.

---
 README              |  7 +++++++
 manifests/btmp.pp   |  7 +++++++
 manifests/debian.pp | 16 ++++++++++++++++
 manifests/init.pp   |  6 ++++++
 manifests/wtmp.pp   |  7 +++++++
 5 files changed, 43 insertions(+)
 create mode 100644 manifests/btmp.pp
 create mode 100644 manifests/wtmp.pp

diff --git a/README b/README
index 48100c5..a9cf0ef 100644
--- a/README
+++ b/README
@@ -16,6 +16,13 @@ Dependencies
 Configuration
 =============
 
+$disable_btmp, $disable_wtmp
+----------------------------
+
+Default: /var/log/btmp and /var/log/wtmp are ensured to be absent.
+These variables, when set to a false, non-empty value, have these
+files created and their logging enabled again.
+
 $disable_faillog
 ----------------
 
diff --git a/manifests/btmp.pp b/manifests/btmp.pp
new file mode 100644
index 0000000..4d40654
--- /dev/null
+++ b/manifests/btmp.pp
@@ -0,0 +1,7 @@
+class loginrecords::btmp::disable {
+    file { "$btmp_file": ensure => 'absent' }
+}
+
+class loginrecords::btmp::enable {
+    file { "$btmp_file": ensure => 'present' }
+}
diff --git a/manifests/debian.pp b/manifests/debian.pp
index 8cf95f1..d8432d6 100644
--- a/manifests/debian.pp
+++ b/manifests/debian.pp
@@ -2,6 +2,15 @@ class loginrecords::debian inherits loginrecords::base {
 
     $pam_login_file  = '/etc/pam.d/login'
     $login_defs_file = '/etc/login.defs'
+    $btmp_file       = '/var/log/btmp'
+    $wtmp_file       = '/var/log/wtmp'
+
+    if $disable_btmp {
+        include loginrecords::btmp::disable
+    }
+    else {
+        include loginrecords::btmp::enable
+    }
 
     if $disable_faillog {
         include loginrecords::faillog::disable
@@ -14,4 +23,11 @@ class loginrecords::debian inherits loginrecords::base {
         include loginrecords::lastlog::disable
     }
 
+    if $disable_wtmp {
+        include loginrecords::wtmp::disable
+    }
+    else {
+        include loginrecords::wtmp::enable
+    }
+
 }
diff --git a/manifests/init.pp b/manifests/init.pp
index 6826c32..e575dee 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -3,12 +3,18 @@ import "*.pp"
 class loginrecords {
 
     # Default settings
+    if $disable_btmp == '' {
+        $disable_btmp = true
+    }
     if $disable_faillog == '' {
         $disable_faillog = true
     }
     if $disable_lastlog == '' {
         $disable_lastlog = true
     }
+    if $disable_wtmp == '' {
+        $disable_wtmp = true
+    }
 
     # Include main class
     case $kernel {
diff --git a/manifests/wtmp.pp b/manifests/wtmp.pp
new file mode 100644
index 0000000..36cea0e
--- /dev/null
+++ b/manifests/wtmp.pp
@@ -0,0 +1,7 @@
+class loginrecords::wtmp::disable {
+    file { "$wtmp_file": ensure => 'absent' }
+}
+
+class loginrecords::wtmp::enable {
+    file { "$wtmp_file": ensure => 'present' }
+}
-- 
cgit v1.2.3