diff --git a/abusehelper/manifests/init.pp b/abusehelper/manifests/init.pp index 2db1f5d..bc10ba4 100644 --- a/abusehelper/manifests/init.pp +++ b/abusehelper/manifests/init.pp @@ -2,6 +2,9 @@ # # === Global variables # +# $abusehelper_datadir +# Abusehelper home directory. Defaults to /var/lib/ah2. +# # $abusehelper_botnets # Array of botnet paths to start at boot. # @@ -92,8 +95,8 @@ class abusehelper { if $abusehelper_datadir { file { $abusehelper_datadir: ensure => directory, - mode => "2750", - owner => "root", + mode => "2770", + owner => "abusehel", group => "abusehel", require => User["abusehel"], } @@ -106,54 +109,67 @@ class abusehelper { } else { file { "/var/lib/ah2": ensure => directory, - mode => "2750", - owner => "root", + mode => "2770", + owner => "abusehel", group => "abusehel", require => User["abusehel"], } } + if $abusehelper_botnets { + include abusehelper::init + } + +} + + +# Install abusehelper init script. +# +class abusehelper::init { + + if !$abusehelper_botnets { + fail("Must define \$abusehelper_botnets") + } + if !$abusehelper_user { $abusehelper_user = "abusehel" } - if $abusehelper_botnets { - file { "/etc/sysconfig/botnet": - ensure => present, - name => $::operatingsystem ? { - "debian" => "/etc/default/botnet", - "ubuntu" => "/etc/default/botnet", - default => "/etc/sysconfig/botnet", - }, - mode => "0644", - owner => "root", - group => "root", - content => template("abusehelper/botnet.sysconfig.erb"), - before => Service["botnet"], - } + file { "/etc/sysconfig/botnet": + ensure => present, + name => $::operatingsystem ? { + "debian" => "/etc/default/botnet", + "ubuntu" => "/etc/default/botnet", + default => "/etc/sysconfig/botnet", + }, + mode => "0644", + owner => "root", + group => "root", + content => template("abusehelper/botnet.sysconfig.erb"), + before => Service["botnet"], + } - file { "/etc/init.d/botnet": - ensure => present, - mode => "0755", - owner => "root", - group => "root", - source => "puppet:///modules/abusehelper/botnet.init", - notify => Exec["add-service-botnet"], - } - exec { "add-service-botnet": - path => "/bin:/usr/bin:/sbin:/usr/sbin", - command => $::operatingsystem ? { - "debian" => "update-rc.d botnet defaults", - "ubuntu" => "update-rc.d botnet defaults", - default => "chkconfig --add botnet", - }, - refreshonly => true, - before => Service["botnet"], - } + file { "/etc/init.d/botnet": + ensure => present, + mode => "0755", + owner => "root", + group => "root", + source => "puppet:///modules/abusehelper/botnet.init", + notify => Exec["add-service-botnet"], + } + exec { "add-service-botnet": + path => "/bin:/usr/bin:/sbin:/usr/sbin", + command => $::operatingsystem ? { + "debian" => "update-rc.d botnet defaults", + "ubuntu" => "update-rc.d botnet defaults", + default => "chkconfig --add botnet", + }, + refreshonly => true, + before => Service["botnet"], + } - service { "botnet": - enable => true, - } + service { "botnet": + enable => true, } } diff --git a/abusesa/manifests/init.pp b/abusesa/manifests/init.pp index 0d4a327..4ad416c 100644 --- a/abusesa/manifests/init.pp +++ b/abusesa/manifests/init.pp @@ -5,6 +5,9 @@ # $abusesa_datadir # AbuseSA home directory. Defaults to /var/lib/abusesa. # +# $abusesa_botnets +# Array of botnet paths to start at boot. +# class abusesa { case $::operatingsystem { @@ -76,4 +79,10 @@ class abusesa { } python::setup::install { "/usr/local/src/abusesa": } + if $abusesa_botnets { + $abusehelper_botnets = $abusesa_botnets + $abusehelper_user = "abusesa" + include abusehelper::init + } + } diff --git a/ejabberd/manifests/init.pp b/ejabberd/manifests/init.pp index 45b96b2..b06b93c 100644 --- a/ejabberd/manifests/init.pp +++ b/ejabberd/manifests/init.pp @@ -78,45 +78,51 @@ class ejabberd { } } - if $ejabberd_ssl_key and $ejabberd_ssl_cert { - file { "${cert_prefix}/private/ejabberd.key": + if !$ejabberd_ssl_key { + $ejabberd_ssl_key = "${puppet_ssldir}/private_keys/${homename}.pem" + } + if !$ejabberd_ssl_cert { + $ejabberd_ssl_cert = "${puppet_ssldir}/certs/${homename}.pem" + } + + file { "${cert_prefix}/private/ejabberd.key": + ensure => present, + source => $ejabberd_ssl_key, + mode => "0600", + owner => "root", + group => "root", + notify => Exec["generate-ejabberd-pem"], + } + file { "${cert_prefix}/certs/ejabberd.crt": + ensure => present, + source => $ejabberd_ssl_cert, + mode => "0644", + owner => "root", + group => "root", + notify => Exec["generate-ejabberd-pem"], + } + if $ejabberd_ssl_chain { + file { "${cert_prefix}/certs/ejabberd.chain.crt": ensure => present, - source => $ejabberd_ssl_key, - mode => "0600", - owner => "root", - group => "root", - notify => Exec["generate-ejabberd-pem"], - } - file { "${cert_prefix}/certs/ejabberd.crt": - ensure => present, - source => $ejabberd_ssl_cert, + source => $ejabberd_ssl_chain, mode => "0644", owner => "root", group => "root", notify => Exec["generate-ejabberd-pem"], } - if $ejabberd_ssl_chain { - file { "${cert_prefix}/certs/ejabberd.chain.crt": - ensure => present, - source => $ejabberd_ssl_chain, - mode => "0644", - owner => "root", - group => "root", - notify => Exec["generate-ejabberd-pem"], - } - $cert_files = "private/ejabberd.key certs/ejabberd.crt certs/ejabberd.chain.crt" - } else { - $cert_files = "private/ejabberd.key certs/ejabberd.crt" - } - exec { "generate-ejabberd-pem": - path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin", - cwd => $cert_prefix, - command => "/bin/sh -c 'umask 077 ; cat ${cert_files} > /etc/ejabberd/ejabberd.pem'", - refreshonly => true, - before => File["/etc/ejabberd/ejabberd.pem"], - require => Package["ejabberd"], - notify => Service["ejabberd"], - } + $cert_files = "private/ejabberd.key certs/ejabberd.crt certs/ejabberd.chain.crt" + } else { + $cert_files = "private/ejabberd.key certs/ejabberd.crt" + } + + exec { "generate-ejabberd-pem": + path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin", + cwd => $cert_prefix, + command => "/bin/sh -c 'umask 077 ; cat ${cert_files} > /etc/ejabberd/ejabberd.pem'", + refreshonly => true, + before => File["/etc/ejabberd/ejabberd.pem"], + require => Package["ejabberd"], + notify => Service["ejabberd"], } file { "/etc/ejabberd/ejabberd.pem": diff --git a/syslog/manifests/init.pp b/syslog/manifests/init.pp index 61c457d..adb2064 100644 --- a/syslog/manifests/init.pp +++ b/syslog/manifests/init.pp @@ -331,8 +331,8 @@ class syslog::standalone inherits syslog::common::standalone { class syslog::standalone::syslogd inherits syslog::client::syslogd { File["/etc/syslog.conf"] { - content => template("syslog/syslog.conf.$operatingsystem.erb", - "syslog/syslog.conf.server.erb"), + content => template("syslog/syslog.conf.server.erb", + "syslog/syslog.conf.$operatingsystem.erb"), require => [ File["/srv/log"], File["/var/log/all.log"], ], } @@ -346,8 +346,8 @@ class syslog::standalone::rsyslog inherits syslog::client::rsyslog { File["/etc/rsyslog.conf"] { content => template("syslog/rsyslog.conf.erb", - "syslog/syslog.conf.$operatingsystem.erb", - "syslog/syslog.conf.server.erb"), + "syslog/syslog.conf.server.erb", + "syslog/syslog.conf.$operatingsystem.erb"), require => [ File["/srv/log"], File["/var/log/all.log"], ], } @@ -375,8 +375,8 @@ class syslog::server::rsyslog inherits syslog::client::rsyslog { File["/etc/rsyslog.conf"] { content => template("syslog/rsyslog.conf.erb", "syslog/rsyslog.conf.server.erb", - "syslog/syslog.conf.$operatingsystem.erb", - "syslog/syslog.conf.server.erb"), + "syslog/syslog.conf.server.erb", + "syslog/syslog.conf.$operatingsystem.erb"), require => [ File["/srv/log"], File["/var/log/all.log"], ], } diff --git a/syslog/templates/syslog.conf.server.erb b/syslog/templates/syslog.conf.server.erb index d58b076..0691b66 100644 --- a/syslog/templates/syslog.conf.server.erb +++ b/syslog/templates/syslog.conf.server.erb @@ -1,3 +1,9 @@ +# Everything goes here +*.* /srv/log/all.log +mark.* /srv/log/all.log -*.* /srv/log/all.log -mark.* /srv/log/all.log +<% if syslog_type == "rsyslog" -%> +# Remote logs only go in all.log +:fromhost-ip, !isequal, "127.0.0.1" ~ + +<% end -%> diff --git a/user/manifests/init.pp b/user/manifests/init.pp index 9aa7e64..575e114 100644 --- a/user/manifests/init.pp +++ b/user/manifests/init.pp @@ -198,7 +198,7 @@ class user::system { uid => 813, gid => 813, comment => "Service AbuseHelper", - home => "/var/empty", + home => "/var/lib/ah2", shell => "/sbin/nologin", require => Group["abusehel"], }