diff options
author | Luke Hinds <lukehinds@gmail.com> | 2016-12-08 12:46:40 +0000 |
---|---|---|
committer | Luke Hinds <lhinds@redhat.com> | 2016-12-21 16:45:37 +0000 |
commit | 5a1764acf7623ee04d8610793f418ab1d4e2226e (patch) | |
tree | ee5a515ad816bfc76909e6d4a072c60b668d3a00 | |
parent | a102d35f12e75bbf7fa9c5f91aeaef145f203143 (diff) |
Adds ability to populate SSH Banner text
A puppet manifest to allow the toggle of 'Banner' in sshd_config
and enable population of an SSH login banner needed for security
compliance such as DISA STIG
If `Bannertext` is set as a parameter, the `Banner` key within
sshd_config is toggled to `/etc/issue` and the content is copied
into the `/etc/issue` file
Change-Id: Ie9f8afdfa9930428f06c9669fedb460dc1064d5e
Closes-Bug: #1640306
-rw-r--r-- | manifests/profile/base/sshd.pp | 61 | ||||
-rw-r--r-- | releasenotes/notes/sshd-437c531301f458bb.yaml | 3 | ||||
-rw-r--r-- | spec/classes/tripleo_profile_base_sshd_spec.rb | 30 |
3 files changed, 94 insertions, 0 deletions
diff --git a/manifests/profile/base/sshd.pp b/manifests/profile/base/sshd.pp new file mode 100644 index 0000000..e7916c1 --- /dev/null +++ b/manifests/profile/base/sshd.pp @@ -0,0 +1,61 @@ +# Copyright 2016 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::sshd +# +# SSH profile for tripleo +# +# === Parameters +# +# [*bannertext*] +# The text used within SSH Banner +# Defaults to hiera('BannerText') +# +class tripleo::profile::base::sshd ( + $bannertext = hiera('BannerText', undef), +) { + + if $bannertext { + $action = 'set' + } else { + $action = 'rm' + } + + package {'openssh-server': + ensure => installed, + } + + augeas { 'sshd_config_banner': + context => '/files/etc/ssh/sshd_config', + changes => [ "${action} Banner /etc/issue" ], + notify => Service['sshd'] + } + + file { '/etc/issue': + ensure => file, + backup => false, + content => $bannertext, + owner => 'root', + group => 'root', + mode => '0600' + } + + service { 'sshd': + ensure => 'running', + enable => true, + hasstatus => false, + require => Package['openssh-server'], + } +} diff --git a/releasenotes/notes/sshd-437c531301f458bb.yaml b/releasenotes/notes/sshd-437c531301f458bb.yaml new file mode 100644 index 0000000..0086cb0 --- /dev/null +++ b/releasenotes/notes/sshd-437c531301f458bb.yaml @@ -0,0 +1,3 @@ +--- +features: + - Added manifest and template to enable configuration of sshd_config diff --git a/spec/classes/tripleo_profile_base_sshd_spec.rb b/spec/classes/tripleo_profile_base_sshd_spec.rb new file mode 100644 index 0000000..210b41c --- /dev/null +++ b/spec/classes/tripleo_profile_base_sshd_spec.rb @@ -0,0 +1,30 @@ +# Copyright 2016 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::sshd' do + + context 'with banner configured' do + it do + is_expected.to contain_file('/etc/issue').with({ + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0600', + }) + end + end +end |