Added basic sshd policy

author: Julien Dessaux 2017-08-04 07:34:10 +0000
committer: Julien Dessaux 2017-08-08 09:16:23 +0000
commit: 44c194abe5eb7f3438ea25f2aa2dd6ef6bf4ca18 (patch)
tree: aadd9aa912590a02b77d9dd6df940c5475629c8b /services
parent: Added basic julien policies (diff)
download: masterfiles-44c194abe5eb7f3438ea25f2aa2dd6ef6bf4ca18.tar.gz
masterfiles-44c194abe5eb7f3438ea25f2aa2dd6ef6bf4ca18.tar.bz2
masterfiles-44c194abe5eb7f3438ea25f2aa2dd6ef6bf4ca18.zip
2 files changed, 35 insertions, 0 deletions
diff --git a/services/main.cf b/services/main.cf
index 4c2b022..5d994b3 100644
--- a/services/main.cf
+++ b/services/main.cf
@@ -7,12 +7,14 @@ bundle common classify
                 "check_mk",
                 "flavour",
                 "julien",
+                "sshd",
             };
             "inputs" slist => {
                 "services/check_mk.cf",
                 "services/common.cf",
                 "services/$(flavour).cf",
                 "services/julien.cf",
+                "services/sshd.cf",
             };
         debian::
             "flavour" string => "debian";
diff --git a/services/sshd.cf b/services/sshd.cf
new file mode 100644
index 0000000..da602a1
--- /dev/null
+++ b/services/sshd.cf
@@ -0,0 +1,33 @@
+bundle agent sshd
+{
+    files:
+        freebsd::
+            "/etc/rc.conf"
+                create => "true",
+                edit_defaults => std_defs,
+                perms => system_owned("444"),
+                edit_line => append_if_no_line("sshd_enable=\"YES\""),
+                classes => if_repaired("sshd_rc_conf_file_repaired");
+            "/root/.ssh/."
+                create => "true",
+                perms => system_owned("700"),
+                classes => if_repaired("sshd_ssh_dir_repaired");
+            "/root/.ssh/authorized_keys"
+                create => "true",
+                edit_defaults => empty,
+                perms => system_owned("444"),
+                edit_template => "$(sys.inputdir)/templates/sshd/authorized_keys",
+                classes => if_repaired("sshd_authorized_keys_files_repaired");
+    classes:
+        freebsd::
+            "sshd_service_running" expression => returnszero("/usr/sbin/service sshd status", "noshell");
+    commands:
+        freebsd.!sshd_service_running::
+            "/usr/sbin/service sshd start" classes => if_repaired("sshd_service_repaired");
+    reports:
+        any::
+            "$(this.bundle): /etc/rc.conf repaired" ifvarclass => "sshd_rc_conf_file_repaired";
+            "$(this.bundle): /root/.ssh directory repaired" ifvarclass => "sshd_ssh_dir_repaired";
+            "$(this.bundle): /root/.ssh/authorized_keys repaired" ifvarclass => "sshd_rc_conf_file_repaired";
+            "$(this.bundle): sshd service repaired" ifvarclass => "sshd_service_repaired";
+}
author	Julien Dessaux	2017-08-04 07:34:10 +0000
committer	Julien Dessaux	2017-08-08 09:16:23 +0000
commit	44c194abe5eb7f3438ea25f2aa2dd6ef6bf4ca18 (patch)
tree	aadd9aa912590a02b77d9dd6df940c5475629c8b /services
parent	Added basic julien policies (diff)
download	masterfiles-44c194abe5eb7f3438ea25f2aa2dd6ef6bf4ca18.tar.gz masterfiles-44c194abe5eb7f3438ea25f2aa2dd6ef6bf4ca18.tar.bz2 masterfiles-44c194abe5eb7f3438ea25f2aa2dd6ef6bf4ca18.zip