bundle agent sshd
{
    files:
        freebsd::
            "/etc/rc.conf"
                create => "true",
                edit_defaults => std_defs,
                perms => system_owned("444"),
                edit_line => append_if_no_line("sshd_enable=\"YES\""),
                classes => if_repaired("sshd_rc_conf_file_repaired");
            "/root/.ssh/."
                create => "true",
                perms => system_owned("700"),
                classes => if_repaired("sshd_ssh_dir_repaired");
            "/root/.ssh/authorized_keys"
                create => "true",
                edit_defaults => empty,
                perms => system_owned("444"),
                edit_template => "$(sys.inputdir)/templates/sshd/authorized_keys",
                classes => if_repaired("sshd_authorized_keys_files_repaired");
    classes:
        freebsd::
            "sshd_service_running" expression => returnszero("/usr/sbin/service sshd status", "noshell");
    commands:
        freebsd.!sshd_service_running::
            "/usr/sbin/service sshd start" classes => if_repaired("sshd_service_repaired");
    reports:
        any::
            "$(this.bundle): /etc/rc.conf repaired" ifvarclass => "sshd_rc_conf_file_repaired";
            "$(this.bundle): /root/.ssh directory repaired" ifvarclass => "sshd_ssh_dir_repaired";
            "$(this.bundle): /root/.ssh/authorized_keys repaired" ifvarclass => "sshd_rc_conf_file_repaired";
            "$(this.bundle): sshd service repaired" ifvarclass => "sshd_service_repaired";
}