summaryrefslogtreecommitdiff
path: root/services
diff options
context:
space:
mode:
authorJulien Dessaux2017-08-04 07:34:10 +0000
committerJulien Dessaux2017-08-08 09:16:23 +0000
commit44c194abe5eb7f3438ea25f2aa2dd6ef6bf4ca18 (patch)
treeaadd9aa912590a02b77d9dd6df940c5475629c8b /services
parentAdded basic julien policies (diff)
downloadmasterfiles-44c194abe5eb7f3438ea25f2aa2dd6ef6bf4ca18.tar.gz
masterfiles-44c194abe5eb7f3438ea25f2aa2dd6ef6bf4ca18.tar.bz2
masterfiles-44c194abe5eb7f3438ea25f2aa2dd6ef6bf4ca18.zip
Added basic sshd policy
Diffstat (limited to '')
-rw-r--r--services/main.cf2
-rw-r--r--services/sshd.cf33
2 files changed, 35 insertions, 0 deletions
diff --git a/services/main.cf b/services/main.cf
index 4c2b022..5d994b3 100644
--- a/services/main.cf
+++ b/services/main.cf
@@ -7,12 +7,14 @@ bundle common classify
"check_mk",
"flavour",
"julien",
+ "sshd",
};
"inputs" slist => {
"services/check_mk.cf",
"services/common.cf",
"services/$(flavour).cf",
"services/julien.cf",
+ "services/sshd.cf",
};
debian::
"flavour" string => "debian";
diff --git a/services/sshd.cf b/services/sshd.cf
new file mode 100644
index 0000000..da602a1
--- /dev/null
+++ b/services/sshd.cf
@@ -0,0 +1,33 @@
+bundle agent sshd
+{
+ files:
+ freebsd::
+ "/etc/rc.conf"
+ create => "true",
+ edit_defaults => std_defs,
+ perms => system_owned("444"),
+ edit_line => append_if_no_line("sshd_enable=\"YES\""),
+ classes => if_repaired("sshd_rc_conf_file_repaired");
+ "/root/.ssh/."
+ create => "true",
+ perms => system_owned("700"),
+ classes => if_repaired("sshd_ssh_dir_repaired");
+ "/root/.ssh/authorized_keys"
+ create => "true",
+ edit_defaults => empty,
+ perms => system_owned("444"),
+ edit_template => "$(sys.inputdir)/templates/sshd/authorized_keys",
+ classes => if_repaired("sshd_authorized_keys_files_repaired");
+ classes:
+ freebsd::
+ "sshd_service_running" expression => returnszero("/usr/sbin/service sshd status", "noshell");
+ commands:
+ freebsd.!sshd_service_running::
+ "/usr/sbin/service sshd start" classes => if_repaired("sshd_service_repaired");
+ reports:
+ any::
+ "$(this.bundle): /etc/rc.conf repaired" ifvarclass => "sshd_rc_conf_file_repaired";
+ "$(this.bundle): /root/.ssh directory repaired" ifvarclass => "sshd_ssh_dir_repaired";
+ "$(this.bundle): /root/.ssh/authorized_keys repaired" ifvarclass => "sshd_rc_conf_file_repaired";
+ "$(this.bundle): sshd service repaired" ifvarclass => "sshd_service_repaired";
+}