From d31940e3f0422fe17037354dbe9407a018427585 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Fri, 25 Feb 2011 17:27:19 +0100
Subject: Remove other default accounts due to security reasons

---
 manifests/server/account_security.pp | 8 ++++++++
 manifests/server/base.pp             | 2 ++
 2 files changed, 10 insertions(+)
 create mode 100644 manifests/server/account_security.pp

(limited to 'manifests')

diff --git a/manifests/server/account_security.pp b/manifests/server/account_security.pp
new file mode 100644
index 0000000..23d1cb7
--- /dev/null
+++ b/manifests/server/account_security.pp
@@ -0,0 +1,8 @@
+class mysql::server::account_security {
+   # some installations have some default users which are not required.
+   # We remove them here. You can subclass this class to overwrite this behavior.
+   mysql_user{ [ "root@${fqdn}", "root@127.0.0.1", "@${fqdn}", "@localhost", "@%" ]:
+     ensure => 'absent',
+     require => Service['mysql'],
+   }
+}
diff --git a/manifests/server/base.pp b/manifests/server/base.pp
index 5031876..bb05fc4 100644
--- a/manifests/server/base.pp
+++ b/manifests/server/base.pp
@@ -76,6 +76,8 @@ class mysql::server::base {
         require => Package['mysql-server'],
    }
 
+   include mysql::server::account_security
+
     # Collect all databases and users
     Mysql_database<<| tag == "mysql_${fqdn}" |>>
     Mysql_user<<| tag == "mysql_${fqdn}"  |>>
-- 
cgit v1.2.3