From: Stephen Gran Date: Thu, 5 Apr 2012 12:09:55 +0000 (+0100) Subject: quiet you X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=132ca45393a7d7fe277a5eb391e211d2c1775d24 quiet you Signed-off-by: Stephen Gran --- diff --git a/modules/debian-org/manifests/init.pp b/modules/debian-org/manifests/init.pp index 30998c35..554c0834 100644 --- a/modules/debian-org/manifests/init.pp +++ b/modules/debian-org/manifests/init.pp @@ -8,13 +8,19 @@ class debian-org { 'paravoid@debian.org' ] + package { [ + 'klogd', + 'sysklogd', + 'rsyslog', + ]: + ensure => purged, + } package { [ 'apt-utils', 'bash-completion', 'debian.org', 'dnsutils', 'dsa-munin-plugins', - 'klogd', 'less', 'lsb-release', 'libfilesystem-ruby1.8', @@ -22,8 +28,6 @@ class debian-org { 'mtr-tiny', 'nload', 'pciutils', - 'rsyslog', - 'sysklogd', ]: ensure => installed, } @@ -131,8 +135,8 @@ class debian-org { require => Package['debian.org'] } - # set mmap_min_addr to 4096 to mitigate - # Linux NULL-pointer dereference exploits + # set mmap_min_addr to 4096 to mitigate + # Linux NULL-pointer dereference exploits site::sysctl { 'mmap_min_addr': key => 'vm.mmap_min_addr', value => '4096', diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp index 44872de4..2ad97507 100644 --- a/modules/ferm/manifests/init.pp +++ b/modules/ferm/manifests/init.pp @@ -37,6 +37,7 @@ class ferm { } file { '/etc/ferm/dsa.d': ensure => directory, + mode => '0555', purge => true, force => true, recurse => true, @@ -44,11 +45,13 @@ class ferm { } file { '/etc/ferm/conf.d': ensure => directory, + mode => '0555', } file { '/etc/default/ferm': source => 'puppet:///modules/ferm/ferm.default', require => Package['ferm'], notify => Service['ferm'], + mode => '0444', } file { '/etc/ferm/ferm.conf': source => 'puppet:///modules/ferm/ferm.conf', @@ -63,7 +66,8 @@ class ferm { content => template('ferm/interfaces.conf.erb'), } file { '/etc/logrotate.d/ulogd': - source => 'puppet:///modules/ferm/logrotate-ulogd', + source => 'puppet:///modules/ferm/logrotate-ulogd', + mode => '0444', require => Package['debian.org'], } diff --git a/modules/named/manifests/geodns.pp b/modules/named/manifests/geodns.pp index 1dd57113..b12593da 100644 --- a/modules/named/manifests/geodns.pp +++ b/modules/named/manifests/geodns.pp @@ -9,11 +9,14 @@ class named::geodns inherits named { file { '/etc/bind/': ensure => directory, + group => bind, + mode => '2755', require => Package['bind9'], notify => Service['bind9'], } file { '/etc/bind/geodns': ensure => directory, + mode => '0755', } file { '/etc/bind/named.conf.options': content => template('named/named.conf.options.erb'), @@ -28,12 +31,13 @@ class named::geodns inherits named { ensure => directory, owner => geodnssync, group => geodnssync, - mode => '0755', + mode => '2755', } file { '/etc/bind/geodns/named.conf.geo': source => 'puppet:///modules/named/common/named.conf.geo', } file { '/etc/bind/geodns/trigger': + mode => '0555', source => 'puppet:///modules/named/common/trigger', } file { '/etc/ssh/userkeys/geodnssync': diff --git a/modules/ntp/manifests/client.pp b/modules/ntp/manifests/client.pp index aa877a1a..6e8765c4 100644 --- a/modules/ntp/manifests/client.pp +++ b/modules/ntp/manifests/client.pp @@ -4,11 +4,6 @@ class ntp::client { require => Package['ntp'], notify => Service['ntp'] } - file { '/etc/ntp.keys.d/': - ensure => directory, - require => Package['ntp'], - notify => Service['ntp'] - } file { '/etc/ntp.keys.d/ntpkey_iff_merikanto': source => 'puppet:///modules/ntp/ntpkey_iff_merikanto.pub', } diff --git a/modules/ntp/manifests/init.pp b/modules/ntp/manifests/init.pp index 26aa2d4f..35f0669d 100644 --- a/modules/ntp/manifests/init.pp +++ b/modules/ntp/manifests/init.pp @@ -25,14 +25,14 @@ class ntp { file { '/etc/ntp.conf': content => template('ntp/ntp.conf'), notify => Service['ntp'], - require => Package['ntp'] + require => Package['ntp'], } file { '/etc/ntp.keys.d': ensure => directory, - group => ntp, + group => 'ntp', mode => '0750', notify => Service['ntp'], - require => Package['ntp'] + require => Package['ntp'], } if getfromhash($site::nodeinfo, 'timeserver') { diff --git a/modules/samhain/manifests/init.pp b/modules/samhain/manifests/init.pp index cfee73e1..c373ed04 100644 --- a/modules/samhain/manifests/init.pp +++ b/modules/samhain/manifests/init.pp @@ -6,6 +6,8 @@ class samhain { service { 'samhain': ensure => running + hasstatus => false, + pattern => 'samhain', } file { '/etc/samhain/samhainrc': diff --git a/modules/syslog-ng/manifests/init.pp b/modules/syslog-ng/manifests/init.pp index 36704e20..5b5518b7 100644 --- a/modules/syslog-ng/manifests/init.pp +++ b/modules/syslog-ng/manifests/init.pp @@ -5,6 +5,8 @@ class syslog-ng { service { 'syslog-ng': ensure => running + hasstatus => false, + pattern => 'syslog-ng', } file { '/etc/syslog-ng/syslog-ng.conf': diff --git a/modules/unbound/manifests/init.pp b/modules/unbound/manifests/init.pp index 9a110df2..13a6adba 100644 --- a/modules/unbound/manifests/init.pp +++ b/modules/unbound/manifests/init.pp @@ -6,6 +6,8 @@ class unbound { service { 'unbound': ensure => running, + hasstatus => false, + pattern => 'unbound', } file { '/var/lib/unbound':