Adds ability to populate SSH Banner text
A puppet manifest to allow the toggle of 'Banner' in sshd_config and enable population of an SSH login banner needed for security compliance such as DISA STIG If `Bannertext` is set as a parameter, the `Banner` key within sshd_config is toggled to `/etc/issue` and the content is copied into the `/etc/issue` file Change-Id: Ie9f8afdfa9930428f06c9669fedb460dc1064d5e Closes-Bug: #1640306
This commit is contained in:
parent
a102d35f12
commit
5a1764acf7
61
manifests/profile/base/sshd.pp
Normal file
61
manifests/profile/base/sshd.pp
Normal file
@ -0,0 +1,61 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::sshd
|
||||
#
|
||||
# SSH profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*bannertext*]
|
||||
# The text used within SSH Banner
|
||||
# Defaults to hiera('BannerText')
|
||||
#
|
||||
class tripleo::profile::base::sshd (
|
||||
$bannertext = hiera('BannerText', undef),
|
||||
) {
|
||||
|
||||
if $bannertext {
|
||||
$action = 'set'
|
||||
} else {
|
||||
$action = 'rm'
|
||||
}
|
||||
|
||||
package {'openssh-server':
|
||||
ensure => installed,
|
||||
}
|
||||
|
||||
augeas { 'sshd_config_banner':
|
||||
context => '/files/etc/ssh/sshd_config',
|
||||
changes => [ "${action} Banner /etc/issue" ],
|
||||
notify => Service['sshd']
|
||||
}
|
||||
|
||||
file { '/etc/issue':
|
||||
ensure => file,
|
||||
backup => false,
|
||||
content => $bannertext,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0600'
|
||||
}
|
||||
|
||||
service { 'sshd':
|
||||
ensure => 'running',
|
||||
enable => true,
|
||||
hasstatus => false,
|
||||
require => Package['openssh-server'],
|
||||
}
|
||||
}
|
3
releasenotes/notes/sshd-437c531301f458bb.yaml
Normal file
3
releasenotes/notes/sshd-437c531301f458bb.yaml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
features:
|
||||
- Added manifest and template to enable configuration of sshd_config
|
30
spec/classes/tripleo_profile_base_sshd_spec.rb
Normal file
30
spec/classes/tripleo_profile_base_sshd_spec.rb
Normal file
@ -0,0 +1,30 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
|
||||
require 'spec_helper'
|
||||
|
||||
describe 'tripleo::profile::base::sshd' do
|
||||
|
||||
context 'with banner configured' do
|
||||
it do
|
||||
is_expected.to contain_file('/etc/issue').with({
|
||||
'owner' => 'root',
|
||||
'group' => 'root',
|
||||
'mode' => '0600',
|
||||
})
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue
Block a user