blob: e933a46b8ab53f267f323e703667af1567c2034a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
class sshd {
# prepare variables to use in templates
case $sshd_listen_address {
'': { $sshd_listen_address = [ '0.0.0.0', '::' ] }
}
case $sshd_allowed_users {
'': { $sshd_allowed_users = '' }
}
case $sshd_allowed_groups {
'': { $sshd_allowed_groups = '' }
}
case $sshd_use_pam {
'': { $sshd_use_pam = 'no' }
}
case $sshd_permit_root_login {
'': { $sshd_permit_root_login = 'without-password' }
}
case $sshd_password_authentication {
'': { $sshd_password_authentication = 'no' }
}
case $sshd_kerberos_authentication {
'': { $sshd_kerberos_authentication = 'no' }
}
case $sshd_kerberos_orlocalpasswd {
'': { $sshd_kerberos_orlocalpasswd = 'yes' }
}
case $sshd_kerberos_ticketcleanup {
'': { $sshd_kerberos_ticketcleanup = 'yes' }
}
case $sshd_gssapi_authentication {
'': { $sshd_gssapi_authentication = 'no' }
}
case $sshd_gssapi_cleanupcredentials {
'': { $sshd_gssapi_cleanupcredentials = 'yes' }
}
case $sshd_tcp_forwarding {
'': { $sshd_tcp_forwarding = 'no' }
}
case $sshd_x11_forwarding {
'': { $sshd_x11_forwarding = 'no' }
}
case $sshd_agent_forwarding {
'': { $sshd_agent_forwarding = 'no' }
}
case $sshd_challenge_response_authentication {
'': { $sshd_challenge_response_authentication = 'no' }
}
case $sshd_pubkey_authentication {
'': { $sshd_pubkey_authentication = 'yes' }
}
case $sshd_rsa_authentication {
'': { $sshd_rsa_authentication = 'no' }
}
case $sshd_strict_modes {
'': { $sshd_strict_modes = 'yes' }
}
case $sshd_ignore_rhosts {
'': { $sshd_ignore_rhosts = 'yes' }
}
case $sshd_rhosts_rsa_authentication {
'': { $sshd_rhosts_rsa_authentication = 'no' }
}
case $sshd_hostbased_authentication {
'': { $sshd_hostbased_authentication = 'no' }
}
case $sshd_permit_empty_passwords {
'': { $sshd_permit_empty_passwords = 'no' }
}
if ( $sshd_port != '' ) and ( $sshd_ports != []) {
err("Cannot use sshd_port and sshd_ports at the same time.")
}
if $sshd_port != '' {
$sshd_ports = [ $sshd_port ]
} elsif ! $sshd_ports {
$sshd_ports = [ 22 ]
}
case $sshd_authorized_keys_file {
'': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" }
}
case $sshd_hardened_ssl {
'': { $sshd_hardened_ssl = 'no' }
}
case $sshd_sftp_subsystem {
'': { $sshd_sftp_subsystem = '' }
}
case $sshd_head_additional_options {
'': { $sshd_head_additional_options = '' }
}
case $sshd_tail_additional_options {
'': { $sshd_tail_additional_options = '' }
}
case $sshd_ensure_version {
'': { $sshd_ensure_version = "present" }
}
include sshd::client
case $operatingsystem {
gentoo: { include sshd::gentoo }
redhat,centos: { include sshd::redhat }
centos: { include sshd::centos }
openbsd: { include sshd::openbsd }
debian,ubuntu: { include sshd::debian }
default: { include sshd::base }
}
if $use_nagios {
case $nagios_check_ssh {
false: { info("We don't do nagioschecks for ssh on ${fqdn}" ) }
default: {
sshd::nagios{$sshd_ports:
check_hostname => $nagios_check_ssh_hostname ? {
'' => 'absent',
undef => 'absent',
default => $nagios_check_ssh_hostname
}
}
}
}
}
if $use_shorewall{
class{'shorewall::rules::ssh':
ports => $sshd_ports,
}
}
}
|