Forum: Cfengine Help
Subject: Re: sshd_conf managing with cfengine
Author: zzamboni
Link to topic: https://cfengine.com/forum/read.php?3,19218,19272#msg-19272
I have implemented an edit_sshd bundle which allows generalized parameter
setting, and handles restarting sshd. Here it is:
bundle agent configfiles
{
vars:
# Files to edit
"files" string => "/etc/ssh/sshd_config";
# SSHD configuration to set
"sshd" string => "2";
"sshd" string => "yes";
"sshd" string => "no";
"sshd" string => "yes";
methods:
"sshd" usebundle => edit_sshd;
}
bundle agent edit_sshd
{
files:
"$(configfiles.files)"
handle => "edit_sshd",
comment => "Set desired sshd_config parameters",
edit_line => set_config_values("configfiles.sshd"),
classes => if_repaired("restart_sshd");
commands:
restart_sshd.!no_restarts::
"/etc/init.d/sshd restart"
handle => "sshd_restart",
comment => "Restart sshd if the configuration file was modified";
}
bundle edit_line set_config_values(v)
{
vars:
"index" slist => getindices("$(v)");
# Be careful if the index string contains funny chars
"cindex[$(index)]" string => canonify("$(index)");
field_edits:
# If the line is there, but commented out, first uncomment it
"#+$(index)\s+.*"
edit_field => col("\s+","1","$(index)","set");
# match a line starting like the key something
"$(index)\s+.*"
edit_field => col("\s+","2","$($(v)[$(index)])","set"),
classes => if_ok("not_$(cindex[$(index)])");
insert_lines:
"$(index) $($(v)[$(index)])",
ifvarclass => "!not_$(cindex[$(index)])";
}
in this way, you can simply put the desired parameters in the sshd array, and
they will be either uncommented and set to the desired value, or added to the
file if they are not there already. set_config_values is a bundle I wrote based
on set_variable_values from cfengine_stdlib.cf.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
