diff options
| -rw-r--r-- | manifests/init.pp | 22 | ||||
| -rw-r--r-- | templates/sshd_config/CentOS.erb | 6 | ||||
| -rw-r--r-- | templates/sshd_config/Debian_etch.erb | 6 | ||||
| -rw-r--r-- | templates/sshd_config/Debian_lenny.erb | 6 | ||||
| -rw-r--r-- | templates/sshd_config/Debian_squeeze.erb | 6 | ||||
| -rw-r--r-- | templates/sshd_config/Gentoo.erb | 6 | ||||
| -rw-r--r-- | templates/sshd_config/OpenBSD.erb | 6 |
7 files changed, 41 insertions, 17 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 4f82542..abb1490 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -118,8 +118,11 @@ # Valid Values: yes or no # Default: no # -# sshd_port: If you want to specify a different port than the default 22 -# Default: 22 +# sshd_port: Deprecated, use sshd_ports instead. +# +# sshd_ports: If you want to specify a list of ports other than the default 22 +# Default: [22] +# # # sshd_authorized_keys_file: Set this to the location of the AuthorizedKeysFile (e.g. /etc/ssh/authorized_keys/%u) # Default: AuthorizedKeysFile %h/.ssh/authorized_keys @@ -193,8 +196,14 @@ class sshd { case $sshd_permit_empty_passwords { '': { $sshd_permit_empty_passwords = 'no' } } - case $sshd_port { - '': { $sshd_port = 22 } + if ( $sshd_port != '' ) && ( $sshd_ports != []) { + err("Cannot use sshd_port and sshd_ports at the same time.") + } + if $sshd_port != '' { + $sshd_ports = [ $sshd_port ] + } + elsif $sshd_port == [] { + $sshd_ports = [ 22 ] } case $sshd_authorized_keys_file { '': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" } @@ -224,9 +233,12 @@ class sshd { } if $use_nagios { + define sshd::nagios { + nagios::service{ "ssh_port_${name}": check_command => "check_ssh_port!$name" } + } case $nagios_check_ssh { false: { info("We don't do nagioschecks for ssh on ${fqdn}" ) } - default: { nagios::service{ "ssh_port_${sshd_port}": check_command => "check_ssh_port!$sshd_port" } } + default: { sshd::nagios($sshd_ports:) } } } diff --git a/templates/sshd_config/CentOS.erb b/templates/sshd_config/CentOS.erb index 9d02a3f..da8bb9a 100644 --- a/templates/sshd_config/CentOS.erb +++ b/templates/sshd_config/CentOS.erb @@ -16,11 +16,13 @@ # only protocol 2 Protocol 2 -<%- if sshd_port.to_s == 'off' then -%> +<%- sshd_ports.each do |port| -%> +<%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= sshd_port -%> +Port <%= port -%> <% end -%> +<%- end -%> # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> diff --git a/templates/sshd_config/Debian_etch.erb b/templates/sshd_config/Debian_etch.erb index 9fef401..391328b 100644 --- a/templates/sshd_config/Debian_etch.erb +++ b/templates/sshd_config/Debian_etch.erb @@ -6,11 +6,13 @@ <%- end %> # What ports, IPs and protocols we listen for -<%- if sshd_port.to_s == 'off' then -%> +<%- sshd_ports.each do |port| -%> +<%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= sshd_port -%> +Port <%= port -%> <% end -%> +<%- end -%> # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> diff --git a/templates/sshd_config/Debian_lenny.erb b/templates/sshd_config/Debian_lenny.erb index 4bb9c87..13264cc 100644 --- a/templates/sshd_config/Debian_lenny.erb +++ b/templates/sshd_config/Debian_lenny.erb @@ -6,11 +6,13 @@ <%- end %> # What ports, IPs and protocols we listen for -<%- if sshd_port.to_s == 'off' then -%> +<%- sshd_ports.each do |port| -%> +<%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= sshd_port -%> +Port <%= port -%> <% end -%> +<%- end -%> # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb index 0b91514..439919f 100644 --- a/templates/sshd_config/Debian_squeeze.erb +++ b/templates/sshd_config/Debian_squeeze.erb @@ -6,11 +6,13 @@ <%- end %> # What ports, IPs and protocols we listen for -<%- if sshd_port.to_s == 'off' then -%> +<%- sshd_ports.each do |port| -%> +<%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= sshd_port -%> +Port <%= port -%> <% end -%> +<%- end -%> # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb index 291b2ea..9058aea 100644 --- a/templates/sshd_config/Gentoo.erb +++ b/templates/sshd_config/Gentoo.erb @@ -14,11 +14,13 @@ <%= sshd_head_additional_options %> <%- end %> -<%- if sshd_port.to_s == 'off' then -%> +<%- sshd_ports.each do |port| -%> +<%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= sshd_port -%> +Port <%= port -%> <% end -%> +<%- end -%> # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb index c0517f4..3d57097 100644 --- a/templates/sshd_config/OpenBSD.erb +++ b/templates/sshd_config/OpenBSD.erb @@ -12,11 +12,13 @@ <%= sshd_head_additional_options %> <%- end %> -<%- if sshd_port.to_s == 'off' then -%> +<%- sshd_ports.each do |port| -%> +<%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= sshd_port -%> +Port <%= port -%> <% end -%> +<%- end -%> # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> |