浏览代码

Merge "CIS 5.4.4, 5.4.5"

pull/167/head
mcp-jenkins 6 年前
父节点
当前提交
6e38b02c50
共有 2 个文件被更改,包括 48 次插入0 次删除
  1. +45
    -0
      linux/system/shell.sls
  2. +3
    -0
      tests/pillar/system.sls

+ 45
- 0
linux/system/shell.sls 查看文件

@@ -0,0 +1,45 @@
{%- from "linux/map.jinja" import system with context %}
{%- if system.enabled %}
{%- if system.shell is defined %}

{%- if system.shell.umask is defined %}
etc_bash_bashrc_umask:
file.blockreplace:
- name: /etc/bash.bashrc
- marker_start: "# BEGIN CIS 5.4.4 default user umask"
- marker_end: "# END CIS 5.4.4 default user umask"
- content: "umask {{ system.shell.umask }}"
- append_if_not_found: True
- onlyif: test -f /etc/bash.bashrc

etc_profile_umask:
file.blockreplace:
- name: /etc/profile
- marker_start: "# BEGIN CIS 5.4.4 default user umask"
- marker_end: "# END CIS 5.4.4 default user umask"
- content: "umask {{ system.shell.umask }}"
- append_if_not_found: True
- onlyif: test -f /etc/profile
{%- endif %}

{%- if system.shell.timeout is defined %}
etc_bash_bashrc_timeout:
file.blockreplace:
- name: /etc/bash.bashrc
- marker_start: "# BEGIN CIS 5.4.5 default user shell timeout"
- marker_end: "# END CIS 5.4.5 default user shell timeout"
- content: "TMOUT={{ system.shell.timeout }}"
- append_if_not_found: True
- onlyif: test -f /etc/bash.bashrc

etc_profile_timeout:
file.blockreplace:
- name: /etc/profile
- marker_start: "# BEGIN CIS 5.4.5 default user shell timeout"
- marker_end: "# END CIS 5.4.5 default user shell timeout"
- content: "TMOUT={{ system.shell.timeout }}"
- append_if_not_found: True
- onlyif: test -f /etc/profile
{%- endif %}
{%- endif %}
{%- endif %}

+ 3
- 0
tests/pillar/system.sls 查看文件

@@ -427,6 +427,9 @@ linux:
login_defs:
PASS_MAX_DAYS:
value: 99
shell:
umask: '027'
timeout: 900
profile:
vi_flavors.sh: |
export PAGER=view

正在加载...
取消
保存