diff options
| author | mh <mh@immerda.ch> | 2011-02-25 17:27:19 +0100 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2011-02-25 17:27:19 +0100 |
| commit | d31940e3f0422fe17037354dbe9407a018427585 (patch) | |
| tree | 804ca761df15a2b481c5a85d294364aaacac6e7e | |
| parent | 995a291afa0aee63affb68172a3f5824468727df (diff) | |
Remove other default accounts due to security reasons
| -rw-r--r-- | manifests/server/account_security.pp | 8 | ||||
| -rw-r--r-- | manifests/server/base.pp | 2 |
2 files changed, 10 insertions, 0 deletions
diff --git a/manifests/server/account_security.pp b/manifests/server/account_security.pp new file mode 100644 index 0000000..23d1cb7 --- /dev/null +++ b/manifests/server/account_security.pp @@ -0,0 +1,8 @@ +class mysql::server::account_security { + # some installations have some default users which are not required. + # We remove them here. You can subclass this class to overwrite this behavior. + mysql_user{ [ "root@${fqdn}", "root@127.0.0.1", "@${fqdn}", "@localhost", "@%" ]: + ensure => 'absent', + require => Service['mysql'], + } +} diff --git a/manifests/server/base.pp b/manifests/server/base.pp index 5031876..bb05fc4 100644 --- a/manifests/server/base.pp +++ b/manifests/server/base.pp @@ -76,6 +76,8 @@ class mysql::server::base { require => Package['mysql-server'], } + include mysql::server::account_security + # Collect all databases and users Mysql_database<<| tag == "mysql_${fqdn}" |>> Mysql_user<<| tag == "mysql_${fqdn}" |>> |