projects / mirror / dsa-puppet.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cdd2591)
quiet you
authorStephen Gran <steve@lobefin.net>
Thu, 5 Apr 2012 12:09:55 +0000 (13:09 +0100)
committerStephen Gran <steve@lobefin.net>
Thu, 5 Apr 2012 12:09:55 +0000 (13:09 +0100)
Signed-off-by: Stephen Gran <steve@lobefin.net>
modules/debian-org/manifests/init.pp patch | blob | history
modules/ferm/manifests/init.pp patch | blob | history
modules/named/manifests/geodns.pp patch | blob | history
modules/ntp/manifests/client.pp patch | blob | history
modules/ntp/manifests/init.pp patch | blob | history
modules/samhain/manifests/init.pp patch | blob | history
modules/syslog-ng/manifests/init.pp patch | blob | history
modules/unbound/manifests/init.pp patch | blob | history

diff --git a/modules/debian-org/manifests/init.pp b/modules/debian-org/manifests/init.pp
index 30998c3..554c083 100644 (file)
--- a/modules/debian-org/manifests/init.pp
+++ b/modules/debian-org/manifests/init.pp
@@ -8,13 +8,19 @@ class debian-org {
                'paravoid@debian.org'
        ]
 
+       package { [
+                       'klogd',
+                       'sysklogd',
+                       'rsyslog',
+               ]:
+                       ensure => purged,
+       }
        package { [
                        'apt-utils',
                        'bash-completion',
                        'debian.org',
                        'dnsutils',
                        'dsa-munin-plugins',
-                       'klogd',
                        'less',
                        'lsb-release',
                        'libfilesystem-ruby1.8',
@@ -22,8 +28,6 @@ class debian-org {
                        'mtr-tiny',
                        'nload',
                        'pciutils',
-                       'rsyslog',
-                       'sysklogd',
                ]:
                        ensure => installed,
        }
@@ -131,8 +135,8 @@ class debian-org {
                require => Package['debian.org']
        }
 
-  # set mmap_min_addr to 4096 to mitigate
-  # Linux NULL-pointer dereference exploits
+       # set mmap_min_addr to 4096 to mitigate
+       # Linux NULL-pointer dereference exploits
        site::sysctl { 'mmap_min_addr':
                key   => 'vm.mmap_min_addr',
                value => '4096',
diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
index 44872de..2ad9750 100644 (file)
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -37,6 +37,7 @@ class ferm {
        }
        file { '/etc/ferm/dsa.d':
                ensure => directory,
+               mode   => '0555',
                purge   => true,
                force   => true,
                recurse => true,
@@ -44,11 +45,13 @@ class ferm {
        }
        file { '/etc/ferm/conf.d':
                ensure => directory,
+               mode   => '0555',
        }
        file { '/etc/default/ferm':
                source  => 'puppet:///modules/ferm/ferm.default',
                require => Package['ferm'],
                notify  => Service['ferm'],
+               mode    => '0444',
        }
        file { '/etc/ferm/ferm.conf':
                source  => 'puppet:///modules/ferm/ferm.conf',
@@ -63,7 +66,8 @@ class ferm {
                content => template('ferm/interfaces.conf.erb'),
        }
        file { '/etc/logrotate.d/ulogd':
-               source => 'puppet:///modules/ferm/logrotate-ulogd',
+               source  => 'puppet:///modules/ferm/logrotate-ulogd',
+               mode    => '0444',
                require => Package['debian.org'],
        }
 
diff --git a/modules/named/manifests/geodns.pp b/modules/named/manifests/geodns.pp
index 1dd5711..b12593d 100644 (file)
--- a/modules/named/manifests/geodns.pp
+++ b/modules/named/manifests/geodns.pp
@@ -9,11 +9,14 @@ class named::geodns inherits named {
 
        file { '/etc/bind/':
                ensure  => directory,
+               group  => bind,
+               mode   => '2755',
                require => Package['bind9'],
                notify  => Service['bind9'],
        }
        file { '/etc/bind/geodns':
                ensure => directory,
+               mode   => '0755',
        }
        file { '/etc/bind/named.conf.options':
                content => template('named/named.conf.options.erb'),
@@ -28,12 +31,13 @@ class named::geodns inherits named {
                ensure => directory,
                owner  => geodnssync,
                group  => geodnssync,
-               mode   => '0755',
+               mode   => '2755',
        }
        file { '/etc/bind/geodns/named.conf.geo':
                source => 'puppet:///modules/named/common/named.conf.geo',
        }
        file { '/etc/bind/geodns/trigger':
+               mode   => '0555',
                source => 'puppet:///modules/named/common/trigger',
        }
        file { '/etc/ssh/userkeys/geodnssync':
diff --git a/modules/ntp/manifests/client.pp b/modules/ntp/manifests/client.pp
index aa877a1..6e8765c 100644 (file)
--- a/modules/ntp/manifests/client.pp
+++ b/modules/ntp/manifests/client.pp
@@ -4,11 +4,6 @@ class ntp::client {
                require => Package['ntp'],
                notify  => Service['ntp']
        }
-       file { '/etc/ntp.keys.d/':
-               ensure  => directory,
-               require => Package['ntp'],
-               notify  => Service['ntp']
-       }
        file { '/etc/ntp.keys.d/ntpkey_iff_merikanto':
                source => 'puppet:///modules/ntp/ntpkey_iff_merikanto.pub',
        }
diff --git a/modules/ntp/manifests/init.pp b/modules/ntp/manifests/init.pp
index 26aa2d4..35f0669 100644 (file)
--- a/modules/ntp/manifests/init.pp
+++ b/modules/ntp/manifests/init.pp
@@ -25,14 +25,14 @@ class ntp {
        file { '/etc/ntp.conf':
                content => template('ntp/ntp.conf'),
                notify  => Service['ntp'],
-               require => Package['ntp']
+               require => Package['ntp'],
        }
        file { '/etc/ntp.keys.d':
                ensure  => directory,
-               group   => ntp,
+               group   => 'ntp',
                mode    => '0750',
                notify  => Service['ntp'],
-               require => Package['ntp']
+               require => Package['ntp'],
        }
 
        if getfromhash($site::nodeinfo, 'timeserver') {
diff --git a/modules/samhain/manifests/init.pp b/modules/samhain/manifests/init.pp
index cfee73e..c373ed0 100644 (file)
--- a/modules/samhain/manifests/init.pp
+++ b/modules/samhain/manifests/init.pp
@@ -6,6 +6,8 @@ class samhain {
 
        service { 'samhain':
                ensure => running
+               hasstatus => false,
+               pattern   => 'samhain',
        }
 
        file { '/etc/samhain/samhainrc':
diff --git a/modules/syslog-ng/manifests/init.pp b/modules/syslog-ng/manifests/init.pp
index 36704e2..5b5518b 100644 (file)
--- a/modules/syslog-ng/manifests/init.pp
+++ b/modules/syslog-ng/manifests/init.pp
@@ -5,6 +5,8 @@ class syslog-ng {
 
        service { 'syslog-ng':
                ensure => running
+               hasstatus => false,
+               pattern   => 'syslog-ng',
        }
 
        file { '/etc/syslog-ng/syslog-ng.conf':
diff --git a/modules/unbound/manifests/init.pp b/modules/unbound/manifests/init.pp
index 9a110df..13a6adb 100644 (file)
--- a/modules/unbound/manifests/init.pp
+++ b/modules/unbound/manifests/init.pp
@@ -6,6 +6,8 @@ class unbound {
 
        service { 'unbound':
                ensure => running,
+               hasstatus => false,
+               pattern   => 'unbound',
        }
 
        file { '/var/lib/unbound':
Unnamed repository; edit this file 'description' to name the repository.