From 2b40942a442a0f15b2d75289d4977a114cd81e72 Mon Sep 17 00:00:00 2001 From: Georg Pfuetzenreuter Date: Sun, 15 Jan 2023 09:45:04 +0100 Subject: Import profiles/roles from salt-devel - + renaming baseline to common Signed-off-by: Georg Pfuetzenreuter --- .../seccheck/files/etc/security/autologout.conf | 9 +++++++++ salt/profile/seccheck/files/etc/sysconfig/seccheck | 4 ++++ salt/profile/seccheck/init.sls | 20 ++++++++++++++++++++ 3 files changed, 33 insertions(+) create mode 100644 salt/profile/seccheck/files/etc/security/autologout.conf create mode 100644 salt/profile/seccheck/files/etc/sysconfig/seccheck create mode 100644 salt/profile/seccheck/init.sls (limited to 'salt/profile/seccheck') diff --git a/salt/profile/seccheck/files/etc/security/autologout.conf b/salt/profile/seccheck/files/etc/security/autologout.conf new file mode 100644 index 0000000..e910a29 --- /dev/null +++ b/salt/profile/seccheck/files/etc/security/autologout.conf @@ -0,0 +1,9 @@ +{%- set header = salt['pillar.get']('managed_header_pound') -%} +{{ header }} +TTY_TIMEOUT=60 +DEFAULT_DELAY=60 +KILL_WAIT=20 + +LOGOUTCONF=( +"ssh idle:720 delay:30" +) diff --git a/salt/profile/seccheck/files/etc/sysconfig/seccheck b/salt/profile/seccheck/files/etc/sysconfig/seccheck new file mode 100644 index 0000000..86eb9af --- /dev/null +++ b/salt/profile/seccheck/files/etc/sysconfig/seccheck @@ -0,0 +1,4 @@ +{%- set header = salt['pillar.get']('managed_header_pound') -%} +{{ header }} +SECCHK_USER="root" +START_SECCHK="yes" diff --git a/salt/profile/seccheck/init.sls b/salt/profile/seccheck/init.sls new file mode 100644 index 0000000..eed0c57 --- /dev/null +++ b/salt/profile/seccheck/init.sls @@ -0,0 +1,20 @@ +seccheck_packages: + pkg.installed: + - pkgs: + - seccheck + +seccheck_files: + file.managed: + - user: root + - mode: '0644' + - template: jinja + - names: + - /etc/sysconfig/seccheck: + - source: salt:///{{ slspath }}/files/etc/sysconfig/seccheck + - /etc/security/autologout.conf: + - source: salt:///{{ slspath }}/files/etc/security/autologout.conf + +seccheck_service: + service.running: + - name: seccheck-autologout.timer + - enable: True -- cgit v1.2.3