--- /dev/null
+Puppet module to manage login records.
+
+E.g. disable successful and failed login records.
+
+All functionality is currently only available on Debian GNU/Linux.
+Bits should be made available for other operating systems after
+checking they are configured the same way.
+
+Defaults to disable all supported login records.
+
+Dependencies
+============
+
+- the common module: git://labs.riseup.net/shared-common
+
+Configuration
+=============
+
+$enable_faillog
+---------------
+
+Default: faillog is disabled.
+When set to a true value, faillog is enabled.
+
+Copyright
+=========
+
+Copyright (c) 2010 intrigeri <intrigeri@boum.org>
+
+Licence
+=======
+
+GPL-3+
--- /dev/null
+class loginrecords::debian inherits loginrecords::base {
+
+ $login_defs_file = '/etc/login.defs'
+
+ if $enable_faillog {
+ include loginrecords::faillog::enable
+ }
+ else {
+ include loginrecords::faillog::disable
+ }
+
+}
--- /dev/null
+class loginrecords::faillog::enable {
+ replace { 'loginrecords-faillog-enable':
+ file => $login_defs_file,
+ pattern => '^FAILLOG_ENAB\w+no$',
+ replace => 'FAILLOG_ENAB yes',
+ }
+ append_if_no_such_line { 'loginrecords-faillog-enable':
+ file => $login_defs_file,
+ line => 'FAILLOG_ENAB yes',
+ require => Replace['loginrecords-faillog-enable'],
+ }
+}
+
+class loginrecords::faillog::disable {
+ replace { 'loginrecords-faillog-disable':
+ file => $login_defs_file,
+ pattern => '^FAILLOG_ENAB\w+yes$',
+ replace => 'FAILLOG_ENAB no',
+ }
+ append_if_no_such_line { 'loginrecords-faillog-disable':
+ file => $login_defs_file,
+ line => 'FAILLOG_ENAB no',
+ require => Replace['loginrecords-faillog-disable'],
+ }
+}
--- /dev/null
+class loginrecords {
+
+ case $kernel {
+ "Linux": {
+ case $operatingsystem {
+ "debian", "ubuntu": { include loginrecords::debian }
+ default: { include loginrecords::base }
+ }
+ }
+ default: {
+ err("Kernel $kernel is not supported.")
+ }
+ }
+
+}
projects / puppet-loginrecords.git / commitdiff