瀏覽代碼
CIS 5.4.4, 5.4.5
* CIS 5.4.4 Ensure default user umask is 027 or more restrictive (Scored) * CIS 5.4.5 Ensure default user shell timeout is 900 seconds or less (Scored) Related-Prod: PROD-20765 Change-Id: I5ff5e5bc76e1d87432caec70f2b35eec288e9213pull/167/head
Dmitry Teselkin
6 年之前
+ 45
- 0
linux/system/shell.sls
查看文件
| @@ -0,0 +1,45 @@ | |||
| {%- from "linux/map.jinja" import system with context %} | |||
| {%- if system.enabled %} | |||
| {%- if system.shell is defined %} | |||
| {%- if system.shell.umask is defined %} | |||
| etc_bash_bashrc_umask: | |||
| file.blockreplace: | |||
| - name: /etc/bash.bashrc | |||
| - marker_start: "# BEGIN CIS 5.4.4 default user umask" | |||
| - marker_end: "# END CIS 5.4.4 default user umask" | |||
| - content: "umask {{ system.shell.umask }}" | |||
| - append_if_not_found: True | |||
| - onlyif: test -f /etc/bash.bashrc | |||
| etc_profile_umask: | |||
| file.blockreplace: | |||
| - name: /etc/profile | |||
| - marker_start: "# BEGIN CIS 5.4.4 default user umask" | |||
| - marker_end: "# END CIS 5.4.4 default user umask" | |||
| - content: "umask {{ system.shell.umask }}" | |||
| - append_if_not_found: True | |||
| - onlyif: test -f /etc/profile | |||
| {%- endif %} | |||
| {%- if system.shell.timeout is defined %} | |||
| etc_bash_bashrc_timeout: | |||
| file.blockreplace: | |||
| - name: /etc/bash.bashrc | |||
| - marker_start: "# BEGIN CIS 5.4.5 default user shell timeout" | |||
| - marker_end: "# END CIS 5.4.5 default user shell timeout" | |||
| - content: "TMOUT={{ system.shell.timeout }}" | |||
| - append_if_not_found: True | |||
| - onlyif: test -f /etc/bash.bashrc | |||
| etc_profile_timeout: | |||
| file.blockreplace: | |||
| - name: /etc/profile | |||
| - marker_start: "# BEGIN CIS 5.4.5 default user shell timeout" | |||
| - marker_end: "# END CIS 5.4.5 default user shell timeout" | |||
| - content: "TMOUT={{ system.shell.timeout }}" | |||
| - append_if_not_found: True | |||
| - onlyif: test -f /etc/profile | |||
| {%- endif %} | |||
| {%- endif %} | |||
| {%- endif %} | |||
+ 3
- 0
tests/pillar/system.sls
查看文件
| @@ -410,6 +410,9 @@ linux: | |||
| login_defs: | |||
| PASS_MAX_DAYS: | |||
| value: 99 | |||
| shell: | |||
| umask: '027' | |||
| timeout: 900 | |||
| profile: | |||
| vi_flavors.sh: | | |||
| export PAGER=view | |||
Loading…