80 lines
2.4 KiB
Puppet
80 lines
2.4 KiB
Puppet
#########################################################################
|
|
# Copyright (C) 2017 Red Hat Inc.
|
|
#
|
|
# Author: Luke Hinds <lhinds@redhat.com>
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# == Class: tripleo::profile::base::aide
|
|
#
|
|
# Aide profile for TripleO
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*step*]
|
|
# (Optional) The current step in deployment. See tripleo-heat-templates
|
|
# for more details.
|
|
# Defaults to hiera('step')
|
|
#
|
|
# [*aide_conf_path*]
|
|
# The aide configuration file to use for rules and db path
|
|
# Defaults to hiera('aide_conf_path', '/etc/aide.conf')
|
|
#
|
|
# [*aide_db_path*]
|
|
# (Optional) The location of AIDE's integrity database file
|
|
# Defaults to hiera('aide_db_path', '/var/lib/aide/aide.db')
|
|
#
|
|
# [*aide_db_temp_path*]
|
|
# (Optional) The staging location during integrity database creation
|
|
# Defaults to hiera('aide_db_temp_path', '/var/lib/aide/aide.db.new')
|
|
#
|
|
# [*aide_rules*]
|
|
# A hiera based hash of aides integrity rules
|
|
# Defaults to hiera('rules', {})
|
|
#
|
|
class tripleo::profile::base::aide (
|
|
$step = Integer(hiera('step')),
|
|
$aide_conf_path = hiera('aide_conf_path', '/etc/aide.conf'),
|
|
$aide_db_path = hiera('aide_db_path', '/var/lib/aide/aide.db'),
|
|
$aide_db_temp_path = hiera('aide_db_temp_path', '/var/lib/aide/aide.db.new'),
|
|
$aide_rules = hiera('aide_rules', {})
|
|
) {
|
|
|
|
if $step >=5 {
|
|
package { 'aide':
|
|
ensure => 'present'
|
|
}
|
|
|
|
contain ::tripleo::profile::base::aide::installdb
|
|
|
|
concat { 'aide.conf':
|
|
path => $aide_conf_path,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0600',
|
|
ensure_newline => true,
|
|
require => Package['aide']
|
|
}
|
|
|
|
concat::fragment { 'aide.conf.header':
|
|
target => 'aide.conf',
|
|
order => 0,
|
|
content => template( 'tripleo/aide/aide.conf.erb')
|
|
}
|
|
|
|
create_resources('tripleo::profile::base::aide::rules', $aide_rules)
|
|
|
|
contain ::tripleo::profile::base::aide::cron
|
|
}
|
|
}
|