Change 'hardened_ssl' paramter to simply 'hardened', this makes more

sense in general

diff --git a/README.md b/README.md
index cbe0bbaa0a40c8333cd4d7f83bdb82467fdf665d..77e4d29b242c6fc5d271e8495091901193dff5ed 100644 (file)
--- a/README.md
+++ b/README.md
@@ -4,6 +4,10 @@
 
 This puppet module manages OpenSSH configuration and services.
 
+**!! Upgrade Notice (05/2015) !!**
+
+The hardened_ssl parameter name was changed to simply 'hardened'.
+
 **!! Upgrade Notice (01/2013) !!**
 
 This module now uses parameterized classes, where it used global variables
@@ -179,8 +183,8 @@ The following is a list of the currently available variables:
     Set this to the location of the AuthorizedKeysFile
     (e.g. `/etc/ssh/authorized_keys/%u`). Default: `AuthorizedKeysFile
     %h/.ssh/authorized_keys`
-  - `hardened_ssl`
-    Use only strong SSL ciphers and MAC.
+  - `hardened`
+    Use only strong ciphers, MAC, KexAlgorithms, etc.
     Values:
     - `no` (default)
     - `yes`

diff --git a/manifests/init.pp b/manifests/init.pp
index 0f8c472d1986611be9b74ff2ffe5e0a801c73ce1..2dfc71c0aac4481baca0e05673e5578f819461a1 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -40,7 +40,7 @@ class sshd(
     OpenBSD => '%h/.ssh/authorized_keys',
     default => '%h/.ssh/authorized_keys %h/.ssh/authorized_keys2',
   },
-  $hardened_ssl = 'no',
+  $hardened = 'no',
   $sftp_subsystem = '',
   $head_additional_options = '',
   $tail_additional_options = '',

diff --git a/templates/sshd_config/CentOS_6.erb b/templates/sshd_config/CentOS_6.erb
index 47cb077372bf22cb856a30ccac2f348b8db3579b..97e9a5b49142a9eff6b4badf4ae62f364e450d7c 100644 (file)
--- a/templates/sshd_config/CentOS_6.erb
+++ b/templates/sshd_config/CentOS_6.erb
@@ -150,7 +150,7 @@ AllowUsers <%= s %>
 AllowGroups <%= s %>
 <%- end -%>
 
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>

diff --git a/templates/sshd_config/CentOS_7.erb b/templates/sshd_config/CentOS_7.erb
index 7db227741870430174f2d03bf89b3e18e2b7635a..cad9f59075eb9cd91c42eefe5782c875be0f5aa5 100644 (file)
--- a/templates/sshd_config/CentOS_7.erb
+++ b/templates/sshd_config/CentOS_7.erb
@@ -164,7 +164,7 @@ AllowGroups <%= s %>
 #Host *.local
 #  CheckHostIP no
 
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>

diff --git a/templates/sshd_config/Debian_jessie.erb b/templates/sshd_config/Debian_jessie.erb
index 033f40940e0cd7927643910e3a1ebbc1554f921b..ada38912a3e3e3e6c6d5c996228ca88be3e299ca 100644 (file)
--- a/templates/sshd_config/Debian_jessie.erb
+++ b/templates/sshd_config/Debian_jessie.erb
@@ -111,7 +111,7 @@ AllowUsers <%= s %>
 AllowGroups <%= s %>
 <%- end -%>
 
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>

diff --git a/templates/sshd_config/Debian_sid.erb b/templates/sshd_config/Debian_sid.erb
index 033f40940e0cd7927643910e3a1ebbc1554f921b..ada38912a3e3e3e6c6d5c996228ca88be3e299ca 100644 (file)
--- a/templates/sshd_config/Debian_sid.erb
+++ b/templates/sshd_config/Debian_sid.erb
@@ -111,7 +111,7 @@ AllowUsers <%= s %>
 AllowGroups <%= s %>
 <%- end -%>
 
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>

diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb
index 0ba323faff9abe29657ae3a3d4c0af4bb7c2da0c..d42fac109ec0ca75773bd4175e714fa8eb86ac30 100644 (file)
--- a/templates/sshd_config/Debian_squeeze.erb
+++ b/templates/sshd_config/Debian_squeeze.erb
@@ -115,7 +115,7 @@ AllowUsers <%= s %>
 AllowGroups <%= s %>
 <%- end -%>
 
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>

diff --git a/templates/sshd_config/Debian_wheezy.erb b/templates/sshd_config/Debian_wheezy.erb
index cd4bf48f0fd954209ef175065976468465e9122b..4633c099fb92fca3aec84b4fc0f9c2b7a6063bfa 100644 (file)
--- a/templates/sshd_config/Debian_wheezy.erb
+++ b/templates/sshd_config/Debian_wheezy.erb
@@ -114,7 +114,7 @@ AllowUsers <%= s %>
 AllowGroups <%= s %>
 <%- end -%>
 
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>

diff --git a/templates/sshd_config/FreeBSD.erb b/templates/sshd_config/FreeBSD.erb
index d4cd9b5836da766334afb42023260d7405a50cc7..f5bd4390d853c87fbc5deff711234f26c6d82448 100644 (file)
--- a/templates/sshd_config/FreeBSD.erb
+++ b/templates/sshd_config/FreeBSD.erb
@@ -152,7 +152,7 @@ AllowUsers <%= s %>
 AllowGroups <%= s %>
 <%- end -%>
 
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>

diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb
index 1cb45227c7a707db210d8b004629e61076c0a388..6e51b4c92d286db8245a301274d32697f92793af 100644 (file)
--- a/templates/sshd_config/Gentoo.erb
+++ b/templates/sshd_config/Gentoo.erb
@@ -147,7 +147,7 @@ AllowUsers <%= s %>
 AllowGroups <%= s %>
 <%- end -%>
 
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>

diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb
index aa92eb66a983924c3bb10f959adbd8d11874c071..7577bacd20195aa3657a054759cb509d7befea1e 100644 (file)
--- a/templates/sshd_config/OpenBSD.erb
+++ b/templates/sshd_config/OpenBSD.erb
@@ -128,7 +128,7 @@ AllowGroups <%= s %>
 #      AllowTcpForwarding no
 #      ForceCommand cvs server
 
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>

diff --git a/templates/sshd_config/Ubuntu.erb b/templates/sshd_config/Ubuntu.erb
index 0ba323faff9abe29657ae3a3d4c0af4bb7c2da0c..d42fac109ec0ca75773bd4175e714fa8eb86ac30 100644 (file)
--- a/templates/sshd_config/Ubuntu.erb
+++ b/templates/sshd_config/Ubuntu.erb
@@ -115,7 +115,7 @@ AllowUsers <%= s %>
 AllowGroups <%= s %>
 <%- end -%>
 
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>

diff --git a/templates/sshd_config/Ubuntu_lucid.erb b/templates/sshd_config/Ubuntu_lucid.erb
index cff95a77fb823641dd788a1cb975bf0ab1b163df..1ed8fd791acd5867c4b2ad15c83dfac1024ef194 100644 (file)
--- a/templates/sshd_config/Ubuntu_lucid.erb
+++ b/templates/sshd_config/Ubuntu_lucid.erb
@@ -118,7 +118,7 @@ AllowGroups <%= s %>
 
 PrintMotd <%= scope.lookupvar('sshd::print_motd') %>
 
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>