From 93e2f4d4c02d01fd430d1b9e1cf6860508a03773 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 7 Jul 2009 20:55:13 -0400 Subject: Template out the possibility of specifying the key word 'off' to the $sshd_port parameter, which simply puts a comment in front of that option, rather than specifying it. --- templates/sshd_config/CentOS.erb | 10 ++++++++++ templates/sshd_config/Debian_etch.erb | 4 ++++ templates/sshd_config/Debian_lenny.erb | 4 ++++ templates/sshd_config/Gentoo.erb | 10 ++++++++++ templates/sshd_config/OpenBSD.erb | 10 ++++++++++ 5 files changed, 38 insertions(+) (limited to 'templates/sshd_config') diff --git a/templates/sshd_config/CentOS.erb b/templates/sshd_config/CentOS.erb index a3a9a52..bc5256a 100644 --- a/templates/sshd_config/CentOS.erb +++ b/templates/sshd_config/CentOS.erb @@ -14,6 +14,16 @@ <%= sshd_head_additional_options %> <%- end %> +<%- unless sshd_port.to_s.empty? then -%> +<%- if sshd_port.to_s == 'off' then -%> +#Port -- disabled by puppet +<% else -%> +Port <%= sshd_port -%> +<% end -%> +<%- else -%> +Port 22 +<%- end -%> + # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> ListenAddress <%= address %> diff --git a/templates/sshd_config/Debian_etch.erb b/templates/sshd_config/Debian_etch.erb index 2524172..746a447 100644 --- a/templates/sshd_config/Debian_etch.erb +++ b/templates/sshd_config/Debian_etch.erb @@ -7,7 +7,11 @@ # What ports, IPs and protocols we listen for <%- unless sshd_port.to_s.empty? then -%> +<%- if sshd_port.to_s == 'off' then -%> +#Port -- disabled by puppet +<% else -%> Port <%= sshd_port -%> +<% end -%> <%- else -%> Port 22 <%- end -%> diff --git a/templates/sshd_config/Debian_lenny.erb b/templates/sshd_config/Debian_lenny.erb index c7f4ab4..18f3e4d 100644 --- a/templates/sshd_config/Debian_lenny.erb +++ b/templates/sshd_config/Debian_lenny.erb @@ -7,7 +7,11 @@ # What ports, IPs and protocols we listen for <%- unless sshd_port.to_s.empty? then -%> +<%- if sshd_port.to_s == 'off' then -%> +#Port -- disabled by puppet +<% else -%> Port <%= sshd_port -%> +<% end -%> <%- else -%> Port 22 <%- end -%> diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb index ad15031..2112f0d 100644 --- a/templates/sshd_config/Gentoo.erb +++ b/templates/sshd_config/Gentoo.erb @@ -14,6 +14,16 @@ <%= sshd_head_additional_options %> <%- end %> +<%- unless sshd_port.to_s.empty? then -%> +<%- if sshd_port.to_s == 'off' then -%> +#Port -- disabled by puppet +<% else -%> +Port <%= sshd_port -%> +<% end -%> +<%- else -%> +Port 22 +<%- end -%> + # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> ListenAddress <%= address %> diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb index 045d9ba..69e8afa 100644 --- a/templates/sshd_config/OpenBSD.erb +++ b/templates/sshd_config/OpenBSD.erb @@ -12,6 +12,16 @@ <%= sshd_head_additional_options %> <%- end %> +<%- unless sshd_port.to_s.empty? then -%> +<%- if sshd_port.to_s == 'off' then -%> +#Port -- disabled by puppet +<% else -%> +Port <%= sshd_port -%> +<% end -%> +<%- else -%> +Port 22 +<%- end -%> + # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> ListenAddress <%= address %> -- cgit v1.2.3