From: Martin Zobel-Helas <zobel@debian.org>
Date: Thu, 24 Dec 2009 15:30:04 +0000 (+0100)
Subject: ensure our tsig keys are protected
X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=9eeab5e696c258f5c9493bb10236ddde49e32119

ensure our tsig keys are protected
---

diff --git a/modules/named/manifests/secondary.pp b/modules/named/manifests/secondary.pp
index 003f1fe4..8d00d0af 100644
--- a/modules/named/manifests/secondary.pp
+++ b/modules/named/manifests/secondary.pp
@@ -4,5 +4,10 @@ class named::secondary inherits named {
                      "puppet:///named/common/named.conf.debian-zones" ],
         notify  => Exec["bind9 reload"],
     }
+    file { "/etc/bind/named.conf.shared-keys":
+        mode    => 640,
+        owner   => root,
+        group   => bind,
+    }
 }