diff options
author | Georg Pfuetzenreuter | 2023-01-15 09:45:04 +0100 |
---|---|---|
committer | Georg Pfuetzenreuter | 2023-01-15 09:45:04 +0100 |
commit | 2b40942a442a0f15b2d75289d4977a114cd81e72 (patch) | |
tree | f82a2d89b523fd9f323297f4b67384b9a722aa77 /salt/profile/seccheck | |
parent | f1a4b0514c148d9b5477f5c2b11938445e4438b1 (diff) | |
download | salt-2b40942a442a0f15b2d75289d4977a114cd81e72.tar.gz salt-2b40942a442a0f15b2d75289d4977a114cd81e72.tar.bz2 salt-2b40942a442a0f15b2d75289d4977a114cd81e72.zip |
Import profiles/roles from salt-devel
- + renaming baseline to common
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Diffstat (limited to 'salt/profile/seccheck')
-rw-r--r-- | salt/profile/seccheck/files/etc/security/autologout.conf | 9 | ||||
-rw-r--r-- | salt/profile/seccheck/files/etc/sysconfig/seccheck | 4 | ||||
-rw-r--r-- | salt/profile/seccheck/init.sls | 20 |
3 files changed, 33 insertions, 0 deletions
diff --git a/salt/profile/seccheck/files/etc/security/autologout.conf b/salt/profile/seccheck/files/etc/security/autologout.conf new file mode 100644 index 0000000..e910a29 --- /dev/null +++ b/salt/profile/seccheck/files/etc/security/autologout.conf @@ -0,0 +1,9 @@ +{%- set header = salt['pillar.get']('managed_header_pound') -%} +{{ header }} +TTY_TIMEOUT=60 +DEFAULT_DELAY=60 +KILL_WAIT=20 + +LOGOUTCONF=( +"ssh idle:720 delay:30" +) diff --git a/salt/profile/seccheck/files/etc/sysconfig/seccheck b/salt/profile/seccheck/files/etc/sysconfig/seccheck new file mode 100644 index 0000000..86eb9af --- /dev/null +++ b/salt/profile/seccheck/files/etc/sysconfig/seccheck @@ -0,0 +1,4 @@ +{%- set header = salt['pillar.get']('managed_header_pound') -%} +{{ header }} +SECCHK_USER="root" +START_SECCHK="yes" diff --git a/salt/profile/seccheck/init.sls b/salt/profile/seccheck/init.sls new file mode 100644 index 0000000..eed0c57 --- /dev/null +++ b/salt/profile/seccheck/init.sls @@ -0,0 +1,20 @@ +seccheck_packages: + pkg.installed: + - pkgs: + - seccheck + +seccheck_files: + file.managed: + - user: root + - mode: '0644' + - template: jinja + - names: + - /etc/sysconfig/seccheck: + - source: salt:///{{ slspath }}/files/etc/sysconfig/seccheck + - /etc/security/autologout.conf: + - source: salt:///{{ slspath }}/files/etc/security/autologout.conf + +seccheck_service: + service.running: + - name: seccheck-autologout.timer + - enable: True |