diff --git a/sudo/files/fakesudo b/sudo/files/fakesudo new file mode 100644 index 0000000..8541c21 --- /dev/null +++ b/sudo/files/fakesudo @@ -0,0 +1,24 @@ +#!/bin/sh + +trap report SIGINT SIGTERM + +function askpw { + read -s -p "Password:" password + password="" + echo "" + echo "Sorry, try again." +} + +function report { + stty echo # Fix echo if ^C during password prompt + ( whoami ; date ) | mailx -s "Someone sudo'ed (`id -un`, ${SSH_CONNECTION})" root + exit 1 +} + +function main { + for try in 1 2 3; do askpw; done + echo "sudo: 3 incorrect password attempts" + report +} + +main diff --git a/sudo/manifests/init.pp b/sudo/manifests/init.pp index 6b21b1f..6a4f273 100644 --- a/sudo/manifests/init.pp +++ b/sudo/manifests/init.pp @@ -37,6 +37,20 @@ class sudo { } +# Install fake sudo +# +class sudo::fake { + + file { "/usr/bin/sudo": + ensure => present, + mode => 0555, + owner => "root", + group => "root", + source => "puppet:///modules/sudo/fakesudo", + } + +} + # Add sudoer. # # === Parameters