aboutsummaryrefslogtreecommitdiff
path: root/manifests/init.pp
blob: e933a46b8ab53f267f323e703667af1567c2034a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
class sshd {
   # prepare variables to use in templates
  case $sshd_listen_address {
    '': { $sshd_listen_address = [ '0.0.0.0', '::' ] }
  }
  case $sshd_allowed_users {
    '': { $sshd_allowed_users = '' }
  }
  case $sshd_allowed_groups {
    '': { $sshd_allowed_groups = '' }
  }
  case $sshd_use_pam {
    '': { $sshd_use_pam = 'no' }
  }
  case $sshd_permit_root_login {
    '': { $sshd_permit_root_login = 'without-password' }
  }
  case $sshd_password_authentication {
    '': { $sshd_password_authentication = 'no' }
  }
  case $sshd_kerberos_authentication {
    '': { $sshd_kerberos_authentication = 'no' }
  }
  case $sshd_kerberos_orlocalpasswd {
    '': { $sshd_kerberos_orlocalpasswd = 'yes' }
  }
  case $sshd_kerberos_ticketcleanup {
    '': { $sshd_kerberos_ticketcleanup = 'yes' }
  }
  case $sshd_gssapi_authentication {
    '': { $sshd_gssapi_authentication = 'no' }
  }
  case $sshd_gssapi_cleanupcredentials {
    '': { $sshd_gssapi_cleanupcredentials = 'yes' }
  }
  case $sshd_tcp_forwarding {
    '': { $sshd_tcp_forwarding = 'no' }
  }
  case $sshd_x11_forwarding {
    '': { $sshd_x11_forwarding = 'no' }
  }
  case $sshd_agent_forwarding {
    '': { $sshd_agent_forwarding = 'no' }
  }
  case $sshd_challenge_response_authentication {
    '': { $sshd_challenge_response_authentication = 'no' }
  }
  case $sshd_pubkey_authentication {
    '': { $sshd_pubkey_authentication = 'yes' }
  }
  case $sshd_rsa_authentication {
    '': { $sshd_rsa_authentication = 'no' }
  }
  case $sshd_strict_modes {
    '': { $sshd_strict_modes = 'yes' }
  }
  case $sshd_ignore_rhosts {
    '': { $sshd_ignore_rhosts = 'yes' }
  }
  case $sshd_rhosts_rsa_authentication {
    '': { $sshd_rhosts_rsa_authentication = 'no' }
  }
  case $sshd_hostbased_authentication {
    '': { $sshd_hostbased_authentication = 'no' }
  }
  case $sshd_permit_empty_passwords {
    '': { $sshd_permit_empty_passwords = 'no' }
  }
  if ( $sshd_port != '' ) and ( $sshd_ports != []) {
      err("Cannot use sshd_port and sshd_ports at the same time.")
  }
  if $sshd_port != '' {
      $sshd_ports = [ $sshd_port ]
  } elsif ! $sshd_ports {
      $sshd_ports = [ 22 ]
  }
  case $sshd_authorized_keys_file {
    '': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" }
  }
  case $sshd_hardened_ssl {
    '': { $sshd_hardened_ssl = 'no' }
  }
  case $sshd_sftp_subsystem {
    '': { $sshd_sftp_subsystem = '' }
  }
  case $sshd_head_additional_options {
    '': { $sshd_head_additional_options = '' }
  }
  case $sshd_tail_additional_options {
    '': { $sshd_tail_additional_options = '' }
  }
  case $sshd_ensure_version {
    '': { $sshd_ensure_version = "present" }
  }

  include sshd::client

  case $operatingsystem {
    gentoo: { include sshd::gentoo }
    redhat,centos: { include sshd::redhat }
    centos: { include sshd::centos }
    openbsd: { include sshd::openbsd }
    debian,ubuntu: { include sshd::debian }
    default: { include sshd::base }
  }

  if $use_nagios {
    case $nagios_check_ssh {
      false: { info("We don't do nagioschecks for ssh on ${fqdn}" ) }
      default: {
        sshd::nagios{$sshd_ports:
          check_hostname => $nagios_check_ssh_hostname ? {
            '' => 'absent',
            undef => 'absent',
            default => $nagios_check_ssh_hostname
          }
        }
      }
    }
  }

  if $use_shorewall{
    class{'shorewall::rules::ssh':
      ports => $sshd_ports,
    }
  }
}