From 96a39b816a4922cb9e710e6bdd044125708d8411 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 17 Oct 2010 19:49:05 +0200 Subject: Add (untested) lastlog disabling support. --- README | 6 ++++++ manifests/debian.pp | 5 +++++ manifests/init.pp | 3 +++ manifests/lastlog.pp | 7 +++++++ 4 files changed, 21 insertions(+) create mode 100644 manifests/lastlog.pp diff --git a/README b/README index 3a0ef24..48100c5 100644 --- a/README +++ b/README @@ -22,6 +22,12 @@ $disable_faillog Default: faillog is disabled. When set to false, faillog is enabled. +$disable_lastlog +---------------- + +Default: lastlog is disabled. +When set to a false, non-empty value, lastlog is not changed. + Copyright ========= diff --git a/manifests/debian.pp b/manifests/debian.pp index 8bc296d..8cf95f1 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -1,5 +1,6 @@ class loginrecords::debian inherits loginrecords::base { + $pam_login_file = '/etc/pam.d/login' $login_defs_file = '/etc/login.defs' if $disable_faillog { @@ -9,4 +10,8 @@ class loginrecords::debian inherits loginrecords::base { include loginrecords::faillog::enable } + if $disable_lastlog { + include loginrecords::lastlog::disable + } + } diff --git a/manifests/init.pp b/manifests/init.pp index 0dbe627..6826c32 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -6,6 +6,9 @@ class loginrecords { if $disable_faillog == '' { $disable_faillog = true } + if $disable_lastlog == '' { + $disable_lastlog = true + } # Include main class case $kernel { diff --git a/manifests/lastlog.pp b/manifests/lastlog.pp new file mode 100644 index 0000000..da6c735 --- /dev/null +++ b/manifests/lastlog.pp @@ -0,0 +1,7 @@ +class loginrecords::lastlog::disable { + replace { 'loginrecords-lastlog-disable': + file => $pam_login_file, + pattern => '^session[[:space:]]+optional[[:space:]]+pam_lastlog.so$', + replacement => '#session optional pam_lastlog.so', + } +} -- cgit v1.2.3