Merge pull request #23 from jordiprats/master

autobanner

CHANGELOG.md

@@ -1,5 +1,11 @@
 # CHANGELOG
 
+## 0.1.18
+
+* added fact **eypconf_description**
+* added **eyplib::setdescription** fet setting **eypconf_description**
+* added **eyplib::autobanner** intended for generating a SSH banner file
+
 ## 0.1.17
 
 * renamed unused facts

lib/facter/eypconf_description.rb

@@ -0,0 +1,14 @@
+if File.exists?('/opt/eypconf/id/description.sh') then
+  description = Facter::Util::Resolution.exec('bash /opt/eypconf/id/description.sh').to_s
+else
+  description = Facter::Util::Resolution.exec('bash -c \'if [ -f /opt/eypconf/id/description ]; then cat /opt/eypconf/id/description | paste -sd,; fi\'').to_s
+end
+
+unless description.nil? or description.empty?
+  Facter.add('eypconf_description') do
+      setcode do
+        description
+      end
+  end
+
+end

manifests/autobanner.pp

@@ -0,0 +1,14 @@
+class eyplib::autobanner(
+                          $autobanner_file               = '/opt/eypconf/autobanner',
+                          $include_legal                 = false,
+                          $include_description           = true,
+                          $include_puppet_managed_server = true,
+                        ) {
+  file { $autobanner_file:
+    ensure  => 'present',
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    content => template("${module_name}/autobanner.erb"),
+  }
+}

manifests/init.pp

@@ -3,5 +3,9 @@
 # === eyplib documentation
 #
 class eyplib {
-  # nothing to do here
+  exec { 'mkdir -p /opt/eypconf/id':
+    command => 'mkdir -p /opt/eypconf/id',
+    path    => '/usr/sbin:/usr/bin:/sbin:/bin',
+    creates => '/opt/eypconf/id',
+  }
 }

manifests/setdescription.pp

@@ -0,0 +1,17 @@
+class eyplib::setdescription(
+                              $description = undef
+                            ) {
+  include ::eyplib
+
+  if($description!=undef)
+  {
+    file { '/opt/eypconf/id/description':
+      ensure  => 'present',
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0644',
+      content => $description,
+      require => Class['::eyplib'],
+    }
+  }
+}

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "eyp-eyplib",
-  "version": "0.1.17",
+  "version": "0.1.18",
   "author": "eyp",
   "summary": "Utility functions for puppet modules",
   "license": "Apache-2.0",

spec/acceptance/base_spec.rb

@@ -10,12 +10,60 @@
 
       class { 'eyplib': }
 
+      ->
+
+      class { 'eyplib::setdescription':
+        description => 'ACCEPTANCE TESTING',
+      }
+
+      ->
+
+      class { 'eyplib::autobanner': }
+
       EOF
 
-      # Run it twice and test for idempotency
+      # run several times - expect the 3rd run to be clean
+      expect(apply_manifest(pp).exit_code).to_not eq(1)
       expect(apply_manifest(pp).exit_code).to_not eq(1)
       expect(apply_manifest(pp).exit_code).to eq(0)
     end
 
+    describe file('/opt/eypconf/autobanner') do
+      it { should be_file }
+      its(:content) { should match 'ACCEPTANCE TESTING' }
+    end
+  end
+  context 'legal setup' do
+    # Using puppet_apply as a helper
+    it 'should work with no errors' do
+      pp = <<-EOF
+
+      class { 'eyplib': }
+
+      ->
+
+      class { 'eyplib::setdescription':
+        description => 'ACCEPTANCE TESTING',
+      }
+
+      ->
+
+      class { 'eyplib::autobanner':
+        include_legal => true,
+      }
+
+      EOF
+
+      # run several times - expect the 3rd run to be clean
+      expect(apply_manifest(pp).exit_code).to_not eq(1)
+      expect(apply_manifest(pp).exit_code).to_not eq(1)
+      expect(apply_manifest(pp).exit_code).to eq(0)
+    end
+
+    describe file('/opt/eypconf/autobanner') do
+      it { should be_file }
+      its(:content) { should match 'ACCEPTANCE TESTING' }
+      its(:content) { should match 'This is a private system!!! All connection attempts are logged and' }
+    end
   end
 end

templates/autobanner.erb

@@ -0,0 +1,44 @@
+<% if @include_legal -%>
+********************************************************************************
+                                   NOTICE
+********************************************************************************
+
+This is a private system!!! All connection attempts are logged and
+monitored. All unauthorized connection attempts will be investigated and
+handed over to the proper authorities.
+
+Users (authorized or unauthorized) have no explicit or implicit
+expectation of privacy.
+
+Any or all uses of this system and all files on this system may be
+intercepted, monitored, recorded, copied, audited, inspected, and
+disclosed (included but not limited) to your employer, to authorized site,
+government, and law enforcement personnel, as well as authorized
+officials of government agencies, both domestic and foreign.
+
+By using this system, the user consents to such interception, monitoring,
+recording, copying, auditing, inspection, and disclosure at the
+discretion of such personnel or officials.  Unauthorized or improper use
+of this system may result in civil and criminal penalties and
+administrative or disciplinary action, as appropriate. By continuing to
+use this system you indicate your awareness of and consent to these terms
+and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
+conditions stated in this warning.
+
+
+********************************************************************************
+<% end -%>
+<% if @include_description -%>
+<% if scope.lookupvar('::eypconf_description') -%>
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+  <%= scope.lookupvar('::eypconf_description') %>
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+<% end -%>
+<% end -%>
+<% if @include_puppet_managed -%>
+
+ ********************************************************************************
+                          puppet managed server
+ ********************************************************************************
+<% end -%>