FAQ
Hello,

I try to ensure our password policies using /etc/login.defs and PAM
cracklib.

class pci_policy::password(
     $cracklib = $pci_policy::params::cracklib,
     $pam_password = $pci_policy::params::pam_password,
) inherits pci_policy::params {

   package{$cracklib:
     ensure => installed,
   }

   file{'/etc/login.defs':
     ensure => present,
     owner => root,
     group => root,
     mode => 0644,
     source => "puppet:///modules/pci_policy/login.defs.$::operatingsystem",
     require => Package[$cracklib],
   }

   exec{'ensure password policy for pci':
     cwd => '/bin/',
     command => "/bin/sed -i 's/^password.*cracklib.so.*/password
requisite pam_cracklib.so retry=3 minlen=8 difok=5
dcredit=-1 lcredit=-1 ucredit=-1 ocredit=-1/g' $pam_password",
     path => "/usr/bin:/usr/sbin:/bin",
     onlyif => "grep '^password.*cracklib.so.*' $pam_password",
     require => Package[$cracklib],
   }

   exec{'ensure password policy for pci when nothing is present':
     cwd => '/bin/',
     command => "echo 'password requisite
pam_cracklib.so retry=3 minlen=8 difok=5 dcredit=-1 lcredit=-1 ucredit=-1
ocredit=-1' >> $pam_password",
     path => "/usr/bin:/usr/sbin:/bin",
     onlyif => "grep -vq '^password.*cracklib.so.*' $pam_password",
     require => Package[$cracklib],
   }
}

My problem are the exec commands.

With the first exec I try to change an existing line with sed.

With the second exec I try to add the rule if no line with
"password.*cracklib" is existing.
Unfortunately, this exec run when the return code of onlyif is 0. I don't
know a command which return 0 when the line isn't available and return 1
when the line is available.

May be I'm thinking to complicated? Do you have another solution?

Thanks a lot!

Björn

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

Discussion Posts

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 5 | next ›
Discussion Overview
grouppuppet-users @
categoriespuppet
postedOct 2, '13 at 11:15a
activeOct 4, '13 at 1:05p
posts5
users3
websitepuppetlabs.com

People

Translate

site design / logo © 2022 Grokbase