+ file { '/etc/cron.d/dsa-puppet-stuff':
+ content => template('debian_org/dsa-puppet-stuff.cron.erb'),
+ require => Package['debian.org'],
+ }
+ file { '/etc/ldap/ldap.conf':
+ require => Package['debian.org'],
+ content => template('debian_org/ldap.conf.erb'),
+ }
+ file { '/etc/pam.d/common-session':
+ require => Package['debian.org'],
+ content => template('debian_org/pam.common-session.erb'),
+ }
+ file { '/etc/pam.d/common-session-noninteractive':
+ require => Package['debian.org'],
+ content => template('debian_org/pam.common-session-noninteractive.erb'),
+ }
+ file { '/etc/rc.local':
+ mode => '0755',
+ content => template('debian_org/rc.local.erb'),
+ notify => Exec['service rc.local restart'],
+ }
+ file { '/etc/dsa':
+ ensure => directory,
+ mode => '0755',
+ }
+ file { '/etc/dsa/cron.ignore.dsa-puppet-stuff':
+ source => 'puppet:///modules/debian_org/dsa-puppet-stuff.cron.ignore',
+ require => Package['debian.org']
+ }
+ file { '/etc/nsswitch.conf':
+ mode => '0755',
+ source => 'puppet:///modules/debian_org/nsswitch.conf',
+ }
+
+ file { '/etc/profile.d/timeout.sh':
+ mode => '0555',
+ source => 'puppet:///modules/debian_org/etc.profile.d/timeout.sh',
+ }
+ file { '/etc/zsh':
+ ensure => directory,
+ }
+ file { '/etc/zsh/zprofile':
+ mode => '0444',
+ source => 'puppet:///modules/debian_org/etc.zsh/zprofile',
+ }
+
+ # set mmap_min_addr to 4096 to mitigate
+ # Linux NULL-pointer dereference exploits
+ site::sysctl { 'mmap_min_addr':
+ ensure => absent
+ }
+ site::sysctl { 'perf_event_paranoid':
+ key => 'kernel.perf_event_paranoid',
+ value => '2',
+ }
+ site::sysctl { 'puppet-vfs_cache_pressure':
+ key => 'vm.vfs_cache_pressure',
+ value => '10',
+ }
+ site::alternative { 'editor':
+ linkto => '/usr/bin/vim.basic',
+ }
+ site::alternative { 'view':
+ linkto => '/usr/bin/vim.basic',
+ }
+ mailalias { 'samhain-reports':
+ ensure => present,
+ recipient => $debianadmin,
+ require => Package['debian.org']
+ }
+
+ file { '/usr/local/bin/check_for_updates':
+ source => 'puppet:///modules/debian_org/check_for_updates',
+ mode => '0755',
+ owner => root,
+ group => root,
+ }
+
+ exec { 'dpkg-reconfigure tzdata -pcritical -fnoninteractive':
+ path => '/usr/bin:/usr/sbin:/bin:/sbin',
+ refreshonly => true
+ }
+ exec { 'service puppetmaster restart':
+ refreshonly => true
+ }
+ exec { 'service rc.local restart':
+ refreshonly => true
+ }
+ exec { 'init q':
+ refreshonly => true
+ }
+
+ exec { 'systemctl daemon-reload':
+ refreshonly => true,
+ onlyif => "test -x /bin/systemctl"
+ }
+
+ exec { 'systemd-tmpfiles --create --exclude-prefix=/dev':
+ refreshonly => true,
+ onlyif => "test -x /bin/systemd-tmpfiles"
+ }
+
+ tidy { '/var/lib/puppet/clientbucket/':
+ age => '2w',
+ recurse => 9,
+ type => ctime,
+ matches => [ 'paths', 'contents' ],
+ schedule => weekly
+ }
+
+ file { '/root/.bashrc':
+ source => 'puppet:///modules/debian_org/root-dotfiles/bashrc',
+ }
+ file { '/root/.profile':
+ source => 'puppet:///modules/debian_org/root-dotfiles/profile',
+ }
+ file { '/root/.selected_editor':
+ source => 'puppet:///modules/debian_org/root-dotfiles/selected_editor',
+ }
+ file { '/root/.screenrc':
+ source => 'puppet:///modules/debian_org/root-dotfiles/screenrc',
+ }
+ file { '/root/.tmux.conf':
+ source => 'puppet:///modules/debian_org/root-dotfiles/tmux.conf',
+ }
+ file { '/root/.vimrc':
+ source => 'puppet:///modules/debian_org/root-dotfiles/vimrc',
+ }
+}