Browse Source
This adds the ability to manage the securetty file. By allowing management of securetty, operators can limit root console access and improve security through hardening. Change-Id: I0767c9529b40a721ebce1eadc2dea263e0a5d4d7 Partial-Bug: #1665042 Depends-On: Ic4647fb823bd112648c5b8d102913baa8b4dac1cchanges/53/449153/7
7 changed files with 69 additions and 0 deletions
@ -0,0 +1,12 @@
|
||||
resource_registry: |
||||
OS::TripleO::Services::Securetty: ../puppet/services/securetty.yaml |
||||
|
||||
parameter_defaults: |
||||
TtyValues: |
||||
- console |
||||
- tty1 |
||||
- tty2 |
||||
- tty3 |
||||
- tty4 |
||||
- tty5 |
||||
- tty6 |
@ -0,0 +1,36 @@
|
||||
heat_template_version: ocata |
||||
|
||||
description: > |
||||
Configure securetty values |
||||
|
||||
parameters: |
||||
ServiceNetMap: |
||||
default: {} |
||||
description: Mapping of service_name -> network name. Typically set |
||||
via parameter_defaults in the resource registry. This |
||||
mapping overrides those in ServiceNetMapDefaults. |
||||
type: json |
||||
DefaultPasswords: |
||||
default: {} |
||||
type: json |
||||
EndpointMap: |
||||
default: {} |
||||
description: Mapping of service endpoint -> protocol. Typically set |
||||
via parameter_defaults in the resource registry. |
||||
type: json |
||||
TtyValues: |
||||
default: {} |
||||
description: Configures console values in securetty |
||||
type: json |
||||
constraints: |
||||
- length: { min: 1} |
||||
|
||||
outputs: |
||||
role_data: |
||||
description: Console data for the securetty |
||||
value: |
||||
service_name: securetty |
||||
config_settings: |
||||
tripleo::profile::base::securetty::tty_list: {get_param: TtyValues} |
||||
step_config: | |
||||
include ::tripleo::profile::base::securetty |
Loading…
Reference in new issue