Quellcode durchsuchen
Configure interactive logon message
This is also covers the following CIS items * CIS 1.7.1.5 Ensure permissions on /etc/issue are configured (Scored) Change-Id: If8c237ff4db7e9ab7ee244278d28f632e73ecb56 Related-Prod: PROD-19166pull/149/head
Dmitry Teselkin
vor 6 Jahren
5 geänderte Dateien mit 53 neuen und 0 gelöschten Zeilen
+ 24
- 0
README.rst
Datei anzeigen
| @@ -822,6 +822,30 @@ default). | |||
| bash: | |||
| preserve_history: true | |||
| Login banner message | |||
| ~~~~~~~~~~~~~~~~~~~~ | |||
| /etc/issue is a text file which contains a message or system | |||
| identification to be printed before the login prompt. It may contain | |||
| various @char and \char sequences, if supported by the getty-type | |||
| program employed on the system. | |||
| Setting logon banner message is easy: | |||
| .. code-block:: yaml | |||
| liunx: | |||
| system: | |||
| banner: | |||
| enabled: true | |||
| contents: | | |||
| UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED | |||
| You must have explicit, authorized permission to access or configure this | |||
| device. Unauthorized attempts and actions to access or use this system may | |||
| result in civil and/or criminal penalties. | |||
| All activities performed on this system are logged and monitored. | |||
| Message of the day | |||
| ~~~~~~~~~~~~~~~~~~ | |||
+ 6
- 0
linux/map.jinja
Datei anzeigen
| @@ -85,6 +85,12 @@ | |||
| }, | |||
| }, grain='os_family', merge=salt['pillar.get']('linux:system')) %} | |||
| {% set banner = salt['grains.filter_by']({ | |||
| 'BaseDefaults': { | |||
| 'enabled': false, | |||
| }, | |||
| }, grain='os_family', merge=salt['pillar.get']('linux:system:banner'), base='BaseDefaults') %} | |||
| {% set auth = salt['grains.filter_by']({ | |||
| 'Arch': { | |||
| 'enabled': false, | |||
+ 10
- 0
linux/system/banner.sls
Datei anzeigen
| @@ -0,0 +1,10 @@ | |||
| {%- from "linux/map.jinja" import banner with context %} | |||
| {%- if banner.get('enabled', False) %} | |||
| /etc/issue: | |||
| file.managed: | |||
| - user: root | |||
| - group: root | |||
| - mode: 644 | |||
| - contents_pillar: linux:system:banner:contents | |||
| {%- endif %} | |||
+ 3
- 0
linux/system/init.sls
Datei anzeigen
| @@ -114,3 +114,6 @@ include: | |||
| {%- if system.auth is defined %} | |||
| - linux.system.auth | |||
| {%- endif %} | |||
| {%- if system.banner is defined %} | |||
| - linux.system.banner | |||
| {%- endif %} | |||
+ 10
- 0
tests/pillar/system_banner.sls
Datei anzeigen
| @@ -0,0 +1,10 @@ | |||
| linux: | |||
| system: | |||
| enabled: true | |||
| banner: | |||
| enabled: true | |||
| contents: | | |||
| ================= WARNING ================= | |||
| This is tcpcloud network. | |||
| Unauthorized access is strictly prohibited. | |||
| =========================================== | |||
Laden…