From c565f2877738b279d51ffb64e034e088785dca77 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Thu, 9 Dec 2010 17:41:39 +0100
Subject: lastlog improvements

* use class parameters
* clear lastlog content, so also old records are cleared
---
 manifests/debian.pp          |  3 +--
 manifests/lastlog/disable.pp | 18 ++++++++++++------
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/manifests/debian.pp b/manifests/debian.pp
index 56c5dca..2df522f 100644
--- a/manifests/debian.pp
+++ b/manifests/debian.pp
@@ -1,6 +1,5 @@
 class loginrecords::debian inherits loginrecords::base {
 
-    $pam_login_file  = '/etc/pam.d/login'
     $login_defs_file = '/etc/login.defs'
     $btmp_file       = '/var/log/btmp'
     $utmp_file       = '/var/run/utmp'
@@ -19,7 +18,7 @@ class loginrecords::debian inherits loginrecords::base {
     }
 
     if $loginrecords::disable_lastlog {
-        include loginrecords::lastlog::disable
+        class{'loginrecords::lastlog::disable': }
     }
 
     if $loginrecords::disable_utmp {
diff --git a/manifests/lastlog/disable.pp b/manifests/lastlog/disable.pp
index da6c735..519195f 100644
--- a/manifests/lastlog/disable.pp
+++ b/manifests/lastlog/disable.pp
@@ -1,7 +1,13 @@
-class loginrecords::lastlog::disable {
-    replace { 'loginrecords-lastlog-disable':
-        file        => $pam_login_file,
-        pattern     => '^session[[:space:]]+optional[[:space:]]+pam_lastlog.so$',
-        replacement => '#session    optional   pam_lastlog.so',
-    }
+class loginrecords::lastlog::disable(
+  $pam_login_file = '/etc/pam.d/login'
+){
+  replace { 'loginrecords-lastlog-disable':
+    file    => $pam_login_file,
+    pattern   => '^session[[:space:]]+optional[[:space:]]+pam_lastlog.so$',
+    replacement => '#session  optional   pam_lastlog.so',
+  }
+  file{'/var/log/lastlog':
+    content => '',
+    owner => root, group => utmp, mode => 0664;
+  } 
 }
-- 
cgit v1.2.3