diff --git a/sendmail/manifests/init.pp b/sendmail/manifests/init.pp index 3b9b07e..13869b1 100644 --- a/sendmail/manifests/init.pp +++ b/sendmail/manifests/init.pp @@ -167,12 +167,16 @@ class sendmail::client::msa inherits sendmail::client { $ssl_key = basename($sendmail_ssl_key) $ssl_cert = basename($sendmail_ssl_cert) file { "${ssl::private}/${ssl_key}": - ensure => present, - mode => "0640", - owner => "root", - group => "smmsp", - source => $sendmail_ssl_key, - notify => Service["sendmail"], + ensure => present, + mode => "0640", + owner => "root", + group => "smmsp", + source => $sendmail_ssl_key, + require => $::operatingsystem ? { + "openbsd" => undef, + default => Package["sendmail"], + }, + notify => Service["sendmail"], } file { "${ssl::certs}/${ssl_cert}": ensure => present, diff --git a/sudo/files/fakesudo b/sudo/files/fakesudo new file mode 100644 index 0000000..8541c21 --- /dev/null +++ b/sudo/files/fakesudo @@ -0,0 +1,24 @@ +#!/bin/sh + +trap report SIGINT SIGTERM + +function askpw { + read -s -p "Password:" password + password="" + echo "" + echo "Sorry, try again." +} + +function report { + stty echo # Fix echo if ^C during password prompt + ( whoami ; date ) | mailx -s "Someone sudo'ed (`id -un`, ${SSH_CONNECTION})" root + exit 1 +} + +function main { + for try in 1 2 3; do askpw; done + echo "sudo: 3 incorrect password attempts" + report +} + +main diff --git a/sudo/manifests/init.pp b/sudo/manifests/init.pp index 6b21b1f..6a4f273 100644 --- a/sudo/manifests/init.pp +++ b/sudo/manifests/init.pp @@ -37,6 +37,20 @@ class sudo { } +# Install fake sudo +# +class sudo::fake { + + file { "/usr/bin/sudo": + ensure => present, + mode => 0555, + owner => "root", + group => "root", + source => "puppet:///modules/sudo/fakesudo", + } + +} + # Add sudoer. # # === Parameters