diff options
author | Julien Dessaux | 2017-08-04 07:34:10 +0000 |
---|---|---|
committer | Julien Dessaux | 2017-08-08 09:16:23 +0000 |
commit | 44c194abe5eb7f3438ea25f2aa2dd6ef6bf4ca18 (patch) | |
tree | aadd9aa912590a02b77d9dd6df940c5475629c8b /services | |
parent | Added basic julien policies (diff) | |
download | masterfiles-44c194abe5eb7f3438ea25f2aa2dd6ef6bf4ca18.tar.gz masterfiles-44c194abe5eb7f3438ea25f2aa2dd6ef6bf4ca18.tar.bz2 masterfiles-44c194abe5eb7f3438ea25f2aa2dd6ef6bf4ca18.zip |
Added basic sshd policy
Diffstat (limited to '')
-rw-r--r-- | services/main.cf | 2 | ||||
-rw-r--r-- | services/sshd.cf | 33 |
2 files changed, 35 insertions, 0 deletions
diff --git a/services/main.cf b/services/main.cf index 4c2b022..5d994b3 100644 --- a/services/main.cf +++ b/services/main.cf @@ -7,12 +7,14 @@ bundle common classify "check_mk", "flavour", "julien", + "sshd", }; "inputs" slist => { "services/check_mk.cf", "services/common.cf", "services/$(flavour).cf", "services/julien.cf", + "services/sshd.cf", }; debian:: "flavour" string => "debian"; diff --git a/services/sshd.cf b/services/sshd.cf new file mode 100644 index 0000000..da602a1 --- /dev/null +++ b/services/sshd.cf @@ -0,0 +1,33 @@ +bundle agent sshd +{ + files: + freebsd:: + "/etc/rc.conf" + create => "true", + edit_defaults => std_defs, + perms => system_owned("444"), + edit_line => append_if_no_line("sshd_enable=\"YES\""), + classes => if_repaired("sshd_rc_conf_file_repaired"); + "/root/.ssh/." + create => "true", + perms => system_owned("700"), + classes => if_repaired("sshd_ssh_dir_repaired"); + "/root/.ssh/authorized_keys" + create => "true", + edit_defaults => empty, + perms => system_owned("444"), + edit_template => "$(sys.inputdir)/templates/sshd/authorized_keys", + classes => if_repaired("sshd_authorized_keys_files_repaired"); + classes: + freebsd:: + "sshd_service_running" expression => returnszero("/usr/sbin/service sshd status", "noshell"); + commands: + freebsd.!sshd_service_running:: + "/usr/sbin/service sshd start" classes => if_repaired("sshd_service_repaired"); + reports: + any:: + "$(this.bundle): /etc/rc.conf repaired" ifvarclass => "sshd_rc_conf_file_repaired"; + "$(this.bundle): /root/.ssh directory repaired" ifvarclass => "sshd_ssh_dir_repaired"; + "$(this.bundle): /root/.ssh/authorized_keys repaired" ifvarclass => "sshd_rc_conf_file_repaired"; + "$(this.bundle): sshd service repaired" ifvarclass => "sshd_service_repaired"; +} |