summaryrefslogtreecommitdiffstats
path: root/salt/profile/seccheck
diff options
context:
space:
mode:
Diffstat (limited to 'salt/profile/seccheck')
-rw-r--r--salt/profile/seccheck/files/etc/security/autologout.conf9
-rw-r--r--salt/profile/seccheck/files/etc/sysconfig/seccheck4
-rw-r--r--salt/profile/seccheck/init.sls20
3 files changed, 33 insertions, 0 deletions
diff --git a/salt/profile/seccheck/files/etc/security/autologout.conf b/salt/profile/seccheck/files/etc/security/autologout.conf
new file mode 100644
index 0000000..e910a29
--- /dev/null
+++ b/salt/profile/seccheck/files/etc/security/autologout.conf
@@ -0,0 +1,9 @@
+{%- set header = salt['pillar.get']('managed_header_pound') -%}
+{{ header }}
+TTY_TIMEOUT=60
+DEFAULT_DELAY=60
+KILL_WAIT=20
+
+LOGOUTCONF=(
+"ssh idle:720 delay:30"
+)
diff --git a/salt/profile/seccheck/files/etc/sysconfig/seccheck b/salt/profile/seccheck/files/etc/sysconfig/seccheck
new file mode 100644
index 0000000..86eb9af
--- /dev/null
+++ b/salt/profile/seccheck/files/etc/sysconfig/seccheck
@@ -0,0 +1,4 @@
+{%- set header = salt['pillar.get']('managed_header_pound') -%}
+{{ header }}
+SECCHK_USER="root"
+START_SECCHK="yes"
diff --git a/salt/profile/seccheck/init.sls b/salt/profile/seccheck/init.sls
new file mode 100644
index 0000000..eed0c57
--- /dev/null
+++ b/salt/profile/seccheck/init.sls
@@ -0,0 +1,20 @@
+seccheck_packages:
+ pkg.installed:
+ - pkgs:
+ - seccheck
+
+seccheck_files:
+ file.managed:
+ - user: root
+ - mode: '0644'
+ - template: jinja
+ - names:
+ - /etc/sysconfig/seccheck:
+ - source: salt:///{{ slspath }}/files/etc/sysconfig/seccheck
+ - /etc/security/autologout.conf:
+ - source: salt:///{{ slspath }}/files/etc/security/autologout.conf
+
+seccheck_service:
+ service.running:
+ - name: seccheck-autologout.timer
+ - enable: True