diff options
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/client/base.pp | 3 | ||||
| -rw-r--r-- | manifests/debian.pp | 3 | ||||
| -rw-r--r-- | manifests/init.pp | 30 | ||||
| -rw-r--r-- | manifests/nagios.pp | 24 |
4 files changed, 50 insertions, 10 deletions
diff --git a/manifests/client/base.pp b/manifests/client/base.pp index 33d9f9e..64d4f6f 100644 --- a/manifests/client/base.pp +++ b/manifests/client/base.pp @@ -1,7 +1,6 @@ class sshd::client::base { # this is needed because the gid might have changed - file { '/etc/ssh/ssh_known_hosts': - owner => root, group => 0, mode => 0644; + config_file { '/etc/ssh/ssh_known_hosts': } # Now collect all server keys diff --git a/manifests/debian.pp b/manifests/debian.pp index 0cc4ede..43dc26c 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -9,8 +9,7 @@ class sshd::debian inherits sshd::linux { $sshd_restartandstatus = $lsbdistcodename ? { etch => false, - lenny => true, - default => false + default => true } Service[sshd]{ diff --git a/manifests/init.pp b/manifests/init.pp index 90b7c64..76ee107 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -142,8 +142,11 @@ # Valid Values: yes or no # Default: no # -# sshd_port: If you want to specify a different port than the default 22 -# Default: 22 +# sshd_port: Deprecated, use sshd_ports instead. +# +# sshd_ports: If you want to specify a list of ports other than the default 22 +# Default: [22] +# # # sshd_authorized_keys_file: Set this to the location of the AuthorizedKeysFile (e.g. /etc/ssh/authorized_keys/%u) # Default: AuthorizedKeysFile %h/.ssh/authorized_keys @@ -232,8 +235,13 @@ class sshd { case $sshd_permit_empty_passwords { '': { $sshd_permit_empty_passwords = 'no' } } - case $sshd_port { - '': { $sshd_port = 22 } + if ( $sshd_port != '' ) and ( $sshd_ports != []) { + err("Cannot use sshd_port and sshd_ports at the same time.") + } + if $sshd_port != '' { + $sshd_ports = [ $sshd_port ] + } elsif ! $sshd_ports { + $sshd_ports = [ 22 ] } case $sshd_authorized_keys_file { '': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" } @@ -265,11 +273,21 @@ class sshd { if $use_nagios { case $nagios_check_ssh { false: { info("We don't do nagioschecks for ssh on ${fqdn}" ) } - default: { nagios::service{ "ssh_port_${sshd_port}": check_command => "check_ssh_port!$sshd_port" } } + default: { + sshd::nagios{$sshd_ports: + check_hostname => $nagios_check_ssh_hostname ? { + '' => 'absent', + undef => 'absent', + default => $nagios_check_ssh_hostname + } + } + } } } if $use_shorewall{ - include shorewall::rules::ssh + class{'shorewall::rules::ssh': + ports => $sshd_ports, + } } } diff --git a/manifests/nagios.pp b/manifests/nagios.pp new file mode 100644 index 0000000..7742cdb --- /dev/null +++ b/manifests/nagios.pp @@ -0,0 +1,24 @@ +define sshd::nagios( + $port = 'absent', + $ensure = 'present', + $check_hostname = 'absent' +) { + $real_port = $port ? { + 'absent' => $name, + default => $port, + } + case $check_hostname { + 'absent': { + nagios::service{"ssh_port_${name}": + ensure => $ensure, + check_command => "check_ssh_port!$real_port" + } + } + default: { + nagios::service{"ssh_port_host_${name}": + ensure => $ensure, + check_command => "check_ssh_port_host!${real_port}!${check_hostname}" + } + } + } +} |