From e822d6140b1ffea7d85546062376a7e464a3cb61 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Wed, 20 Mar 2013 12:01:14 +0100
Subject: Security: plugin-config should not me world readable as it might
 contain passwords

---
 manifests/plugin.pp        |  2 +-
 manifests/plugins/setup.pp | 23 +++++++++++++++--------
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/manifests/plugin.pp b/manifests/plugin.pp
index e9e5dba..36fc81b 100644
--- a/manifests/plugin.pp
+++ b/manifests/plugin.pp
@@ -47,7 +47,7 @@ define munin::plugin (
             content => "[${name}]\n${config}\n",
             owner   => root,
             group   => 0,
-            mode    => '0644',
+            mode    => '0640',
           }
         }
       }
diff --git a/manifests/plugins/setup.pp b/manifests/plugins/setup.pp
index caf2e28..5c56099 100644
--- a/manifests/plugins/setup.pp
+++ b/manifests/plugins/setup.pp
@@ -1,15 +1,22 @@
 class munin::plugins::setup {
   file {
     [ '/etc/munin/plugins', '/etc/munin/plugin-conf.d' ]:
-      ignore => 'snmp_*',
-      ensure => directory, checksum => mtime,
-      recurse => true, purge => true, force => true,
-      mode => 0755, owner => root, group => 0,
-      notify => Service['munin-node'];
+      ignore    => 'snmp_*',
+      ensure    => directory,
+      checksum  => mtime,
+      recurse 	=> true,
+      purge     => true,
+      force     => true,
+      notify    => Service['munin-node'],
+      owner     => root,
+      group     => 0,
+      mode      => '0755';
     '/etc/munin/plugin-conf.d/munin-node':
-      ensure => present,
-      mode => 0644, owner => root, group => 0,
-      notify => Service['munin-node'],
+      ensure    => present,
+      notify    => Service['munin-node'],
+      owner     => root,
+      group     => 0,
+      mode      => '0640';
   }
   case $::kernel {
     openbsd: {
-- 
cgit v1.2.3