From 93299a6b1b9ad537f4903c30d6e2d8ab632cc941 Mon Sep 17 00:00:00 2001 From: Trey Dockendorf Date: Thu, 6 Jul 2023 13:21:40 -0400 Subject: [PATCH] Numerous updates plus remove EOL OS support Use voxpupuli testing gems to fix unit and acceptance tests Drop Debian 7, 8, 9 support Drop EL 5 and 6 support Remove EOL CentOS support so only CentOS 7 supported Drop SLES 9, 10, 11 support Drop SLED 9, 10, 11 support Drop Ubuntu 12.04, 14.04, 16.04 and 18.04 support --- .github/workflows/ci.yaml | 15 +++--- .github/workflows/release.yaml | 2 +- .sync.yml | 15 ++++-- Gemfile | 28 ++++------- Rakefile | 2 +- data/os/Debian/7.yaml | 30 ------------ data/os/Debian/8.yaml | 30 ------------ data/os/Debian/9.yaml | 33 ------------- data/os/RedHat/5.yaml | 29 ----------- data/os/RedHat/6.yaml | 49 ------------------- data/os/Suse/10.yaml | 23 --------- data/os/Suse/11.yaml | 24 --------- data/os/Suse/13.yaml | 29 ----------- data/os/Suse/9.yaml | 23 --------- data/os/Ubuntu/12.04.yaml | 31 ------------ data/os/Ubuntu/14.04.yaml | 33 ------------- data/os/Ubuntu/16.04.yaml | 32 ------------ data/os/Ubuntu/18.04.yaml | 33 ------------- metadata.json | 29 +---------- spec/acceptance/00_pam_spec.rb | 23 ++++++--- spec/acceptance/nodesets/centos-7.yml | 20 -------- spec/acceptance/nodesets/debian-11.yml | 21 ++++---- .../nodesets/{rocky-8.yml => el8.yml} | 13 +++-- .../nodesets/{centos-9.yml => el9.yml} | 14 ++++-- spec/acceptance/nodesets/ubuntu-2004.yml | 9 +++- .../{ubuntu-1804.yml => ubuntu-2204.yml} | 15 +++--- spec/classes/init_spec.rb | 20 ++++---- .../debian-7-x86_64-pam_common_account | 5 -- spec/fixtures/debian-7-x86_64-pam_common_auth | 5 -- .../debian-7-x86_64-pam_common_password | 5 -- .../debian-7-x86_64-pam_common_session | 6 --- ...7-x86_64-pam_common_session_noninteractive | 6 --- spec/fixtures/debian-7-x86_64-pam_d_login | 17 ------- spec/fixtures/debian-7-x86_64-pam_d_sshd | 12 ----- .../debian-8-x86_64-pam_common_account | 5 -- spec/fixtures/debian-8-x86_64-pam_common_auth | 5 -- .../debian-8-x86_64-pam_common_password | 5 -- .../debian-8-x86_64-pam_common_session | 6 --- ...8-x86_64-pam_common_session_noninteractive | 6 --- spec/fixtures/debian-8-x86_64-pam_d_login | 18 ------- spec/fixtures/debian-8-x86_64-pam_d_sshd | 15 ------ .../debian-9-x86_64-pam_common_account | 5 -- spec/fixtures/debian-9-x86_64-pam_common_auth | 6 --- .../debian-9-x86_64-pam_common_password | 5 -- .../debian-9-x86_64-pam_common_session | 8 --- ...9-x86_64-pam_common_session_noninteractive | 8 --- spec/fixtures/debian-9-x86_64-pam_d_login | 19 ------- spec/fixtures/debian-9-x86_64-pam_d_sshd | 13 ----- spec/fixtures/redhat-5-x86_64-pam_d_login | 15 ------ spec/fixtures/redhat-5-x86_64-pam_d_sshd | 9 ---- .../redhat-5-x86_64-pam_system_auth_ac | 23 --------- spec/fixtures/redhat-6-x86_64-pam_d_login | 17 ------- spec/fixtures/redhat-6-x86_64-pam_d_sshd | 14 ------ .../redhat-6-x86_64-pam_password_auth_ac | 25 ---------- .../redhat-6-x86_64-pam_system_auth_ac | 25 ---------- .../sles-10-x86_64-pam_common_account | 3 -- spec/fixtures/sles-10-x86_64-pam_common_auth | 4 -- .../sles-10-x86_64-pam_common_password | 4 -- .../sles-10-x86_64-pam_common_session | 4 -- spec/fixtures/sles-10-x86_64-pam_d_login | 10 ---- spec/fixtures/sles-10-x86_64-pam_d_sshd | 6 --- .../sles-11-x86_64-pam_common_account_pc | 3 -- .../sles-11-x86_64-pam_common_auth_pc | 4 -- .../sles-11-x86_64-pam_common_password_pc | 4 -- .../sles-11-x86_64-pam_common_session_pc | 5 -- spec/fixtures/sles-11-x86_64-pam_d_login | 12 ----- spec/fixtures/sles-11-x86_64-pam_d_sshd | 9 ---- .../sles-13-x86_64-pam_common_account_pc | 3 -- .../sles-13-x86_64-pam_common_auth_pc | 5 -- .../sles-13-x86_64-pam_common_password_pc | 5 -- .../sles-13-x86_64-pam_common_session_pc | 8 --- spec/fixtures/sles-13-x86_64-pam_d_login | 9 ---- spec/fixtures/sles-13-x86_64-pam_d_sshd | 9 ---- spec/fixtures/sles-9-x86_64-pam_d_login | 11 ----- spec/fixtures/sles-9-x86_64-pam_d_sshd | 10 ---- spec/fixtures/sles-9-x86_64-pam_other | 17 ------- .../ubuntu-12.04-x86_64-pam_common_account | 5 -- .../ubuntu-12.04-x86_64-pam_common_auth | 5 -- .../ubuntu-12.04-x86_64-pam_common_password | 5 -- .../ubuntu-12.04-x86_64-pam_common_session | 7 --- ...4-x86_64-pam_common_session_noninteractive | 7 --- spec/fixtures/ubuntu-12.04-x86_64-pam_d_login | 16 ------ spec/fixtures/ubuntu-12.04-x86_64-pam_d_sshd | 11 ----- .../ubuntu-14.04-x86_64-pam_common_account | 5 -- .../ubuntu-14.04-x86_64-pam_common_auth | 6 --- .../ubuntu-14.04-x86_64-pam_common_password | 5 -- .../ubuntu-14.04-x86_64-pam_common_session | 8 --- ...4-x86_64-pam_common_session_noninteractive | 8 --- spec/fixtures/ubuntu-14.04-x86_64-pam_d_login | 17 ------- spec/fixtures/ubuntu-14.04-x86_64-pam_d_sshd | 16 ------ .../ubuntu-16.04-x86_64-pam_common_account | 5 -- .../ubuntu-16.04-x86_64-pam_common_auth | 5 -- .../ubuntu-16.04-x86_64-pam_common_password | 5 -- .../ubuntu-16.04-x86_64-pam_common_session | 8 --- ...4-x86_64-pam_common_session_noninteractive | 8 --- spec/fixtures/ubuntu-16.04-x86_64-pam_d_login | 18 ------- spec/fixtures/ubuntu-16.04-x86_64-pam_d_sshd | 16 ------ .../ubuntu-18.04-x86_64-pam_common_account | 5 -- .../ubuntu-18.04-x86_64-pam_common_auth | 6 --- .../ubuntu-18.04-x86_64-pam_common_password | 5 -- .../ubuntu-18.04-x86_64-pam_common_session | 8 --- ...4-x86_64-pam_common_session_noninteractive | 8 --- spec/fixtures/ubuntu-18.04-x86_64-pam_d_login | 18 ------- spec/fixtures/ubuntu-18.04-x86_64-pam_d_sshd | 17 ------- templates/login.debian7.erb | 17 ------- templates/login.debian8.erb | 18 ------- templates/login.debian9.erb | 19 ------- templates/login.el5.erb | 23 --------- templates/login.el6.erb | 19 ------- templates/login.suse10.erb | 10 ---- templates/login.suse11.erb | 14 ------ templates/login.suse13.erb | 9 ---- templates/login.suse9.erb | 11 ----- templates/login.ubuntu12.erb | 16 ------ templates/login.ubuntu14.erb | 17 ------- templates/login.ubuntu16.erb | 18 ------- templates/login.ubuntu18.erb | 18 ------- templates/sshd.debian7.erb | 14 ------ templates/sshd.debian8.erb | 17 ------- templates/sshd.debian9.erb | 15 ------ templates/sshd.el5.erb | 11 ----- templates/sshd.el6.erb | 16 ------ templates/sshd.suse10.erb | 6 --- templates/sshd.suse11.erb | 11 ----- templates/sshd.suse13.erb | 9 ---- templates/sshd.suse9.erb | 10 ---- templates/sshd.ubuntu12.erb | 13 ----- templates/sshd.ubuntu14.erb | 18 ------- templates/sshd.ubuntu16.erb | 18 ------- templates/sshd.ubuntu18.erb | 19 ------- 130 files changed, 105 insertions(+), 1612 deletions(-) delete mode 100644 data/os/Debian/7.yaml delete mode 100644 data/os/Debian/8.yaml delete mode 100644 data/os/Debian/9.yaml delete mode 100644 data/os/RedHat/5.yaml delete mode 100644 data/os/RedHat/6.yaml delete mode 100644 data/os/Suse/10.yaml delete mode 100644 data/os/Suse/11.yaml delete mode 100644 data/os/Suse/13.yaml delete mode 100644 data/os/Suse/9.yaml delete mode 100644 data/os/Ubuntu/12.04.yaml delete mode 100644 data/os/Ubuntu/14.04.yaml delete mode 100644 data/os/Ubuntu/16.04.yaml delete mode 100644 data/os/Ubuntu/18.04.yaml delete mode 100644 spec/acceptance/nodesets/centos-7.yml rename spec/acceptance/nodesets/{rocky-8.yml => el8.yml} (61%) rename spec/acceptance/nodesets/{centos-9.yml => el9.yml} (53%) rename spec/acceptance/nodesets/{ubuntu-1804.yml => ubuntu-2204.yml} (50%) delete mode 100644 spec/fixtures/debian-7-x86_64-pam_common_account delete mode 100644 spec/fixtures/debian-7-x86_64-pam_common_auth delete mode 100644 spec/fixtures/debian-7-x86_64-pam_common_password delete mode 100644 spec/fixtures/debian-7-x86_64-pam_common_session delete mode 100644 spec/fixtures/debian-7-x86_64-pam_common_session_noninteractive delete mode 100644 spec/fixtures/debian-7-x86_64-pam_d_login delete mode 100644 spec/fixtures/debian-7-x86_64-pam_d_sshd delete mode 100644 spec/fixtures/debian-8-x86_64-pam_common_account delete mode 100644 spec/fixtures/debian-8-x86_64-pam_common_auth delete mode 100644 spec/fixtures/debian-8-x86_64-pam_common_password delete mode 100644 spec/fixtures/debian-8-x86_64-pam_common_session delete mode 100644 spec/fixtures/debian-8-x86_64-pam_common_session_noninteractive delete mode 100644 spec/fixtures/debian-8-x86_64-pam_d_login delete mode 100644 spec/fixtures/debian-8-x86_64-pam_d_sshd delete mode 100644 spec/fixtures/debian-9-x86_64-pam_common_account delete mode 100644 spec/fixtures/debian-9-x86_64-pam_common_auth delete mode 100644 spec/fixtures/debian-9-x86_64-pam_common_password delete mode 100644 spec/fixtures/debian-9-x86_64-pam_common_session delete mode 100644 spec/fixtures/debian-9-x86_64-pam_common_session_noninteractive delete mode 100644 spec/fixtures/debian-9-x86_64-pam_d_login delete mode 100644 spec/fixtures/debian-9-x86_64-pam_d_sshd delete mode 100644 spec/fixtures/redhat-5-x86_64-pam_d_login delete mode 100644 spec/fixtures/redhat-5-x86_64-pam_d_sshd delete mode 100644 spec/fixtures/redhat-5-x86_64-pam_system_auth_ac delete mode 100644 spec/fixtures/redhat-6-x86_64-pam_d_login delete mode 100644 spec/fixtures/redhat-6-x86_64-pam_d_sshd delete mode 100644 spec/fixtures/redhat-6-x86_64-pam_password_auth_ac delete mode 100644 spec/fixtures/redhat-6-x86_64-pam_system_auth_ac delete mode 100644 spec/fixtures/sles-10-x86_64-pam_common_account delete mode 100644 spec/fixtures/sles-10-x86_64-pam_common_auth delete mode 100644 spec/fixtures/sles-10-x86_64-pam_common_password delete mode 100644 spec/fixtures/sles-10-x86_64-pam_common_session delete mode 100644 spec/fixtures/sles-10-x86_64-pam_d_login delete mode 100644 spec/fixtures/sles-10-x86_64-pam_d_sshd delete mode 100644 spec/fixtures/sles-11-x86_64-pam_common_account_pc delete mode 100644 spec/fixtures/sles-11-x86_64-pam_common_auth_pc delete mode 100644 spec/fixtures/sles-11-x86_64-pam_common_password_pc delete mode 100644 spec/fixtures/sles-11-x86_64-pam_common_session_pc delete mode 100644 spec/fixtures/sles-11-x86_64-pam_d_login delete mode 100644 spec/fixtures/sles-11-x86_64-pam_d_sshd delete mode 100644 spec/fixtures/sles-13-x86_64-pam_common_account_pc delete mode 100644 spec/fixtures/sles-13-x86_64-pam_common_auth_pc delete mode 100644 spec/fixtures/sles-13-x86_64-pam_common_password_pc delete mode 100644 spec/fixtures/sles-13-x86_64-pam_common_session_pc delete mode 100644 spec/fixtures/sles-13-x86_64-pam_d_login delete mode 100644 spec/fixtures/sles-13-x86_64-pam_d_sshd delete mode 100644 spec/fixtures/sles-9-x86_64-pam_d_login delete mode 100644 spec/fixtures/sles-9-x86_64-pam_d_sshd delete mode 100644 spec/fixtures/sles-9-x86_64-pam_other delete mode 100644 spec/fixtures/ubuntu-12.04-x86_64-pam_common_account delete mode 100644 spec/fixtures/ubuntu-12.04-x86_64-pam_common_auth delete mode 100644 spec/fixtures/ubuntu-12.04-x86_64-pam_common_password delete mode 100644 spec/fixtures/ubuntu-12.04-x86_64-pam_common_session delete mode 100644 spec/fixtures/ubuntu-12.04-x86_64-pam_common_session_noninteractive delete mode 100644 spec/fixtures/ubuntu-12.04-x86_64-pam_d_login delete mode 100644 spec/fixtures/ubuntu-12.04-x86_64-pam_d_sshd delete mode 100644 spec/fixtures/ubuntu-14.04-x86_64-pam_common_account delete mode 100644 spec/fixtures/ubuntu-14.04-x86_64-pam_common_auth delete mode 100644 spec/fixtures/ubuntu-14.04-x86_64-pam_common_password delete mode 100644 spec/fixtures/ubuntu-14.04-x86_64-pam_common_session delete mode 100644 spec/fixtures/ubuntu-14.04-x86_64-pam_common_session_noninteractive delete mode 100644 spec/fixtures/ubuntu-14.04-x86_64-pam_d_login delete mode 100644 spec/fixtures/ubuntu-14.04-x86_64-pam_d_sshd delete mode 100644 spec/fixtures/ubuntu-16.04-x86_64-pam_common_account delete mode 100644 spec/fixtures/ubuntu-16.04-x86_64-pam_common_auth delete mode 100644 spec/fixtures/ubuntu-16.04-x86_64-pam_common_password delete mode 100644 spec/fixtures/ubuntu-16.04-x86_64-pam_common_session delete mode 100644 spec/fixtures/ubuntu-16.04-x86_64-pam_common_session_noninteractive delete mode 100644 spec/fixtures/ubuntu-16.04-x86_64-pam_d_login delete mode 100644 spec/fixtures/ubuntu-16.04-x86_64-pam_d_sshd delete mode 100644 spec/fixtures/ubuntu-18.04-x86_64-pam_common_account delete mode 100644 spec/fixtures/ubuntu-18.04-x86_64-pam_common_auth delete mode 100644 spec/fixtures/ubuntu-18.04-x86_64-pam_common_password delete mode 100644 spec/fixtures/ubuntu-18.04-x86_64-pam_common_session delete mode 100644 spec/fixtures/ubuntu-18.04-x86_64-pam_common_session_noninteractive delete mode 100644 spec/fixtures/ubuntu-18.04-x86_64-pam_d_login delete mode 100644 spec/fixtures/ubuntu-18.04-x86_64-pam_d_sshd delete mode 100644 templates/login.debian7.erb delete mode 100644 templates/login.debian8.erb delete mode 100644 templates/login.debian9.erb delete mode 100644 templates/login.el5.erb delete mode 100644 templates/login.el6.erb delete mode 100644 templates/login.suse10.erb delete mode 100644 templates/login.suse11.erb delete mode 100644 templates/login.suse13.erb delete mode 100644 templates/login.suse9.erb delete mode 100644 templates/login.ubuntu12.erb delete mode 100644 templates/login.ubuntu14.erb delete mode 100644 templates/login.ubuntu16.erb delete mode 100644 templates/login.ubuntu18.erb delete mode 100644 templates/sshd.debian7.erb delete mode 100644 templates/sshd.debian8.erb delete mode 100644 templates/sshd.debian9.erb delete mode 100644 templates/sshd.el5.erb delete mode 100644 templates/sshd.el6.erb delete mode 100644 templates/sshd.suse10.erb delete mode 100644 templates/sshd.suse11.erb delete mode 100644 templates/sshd.suse13.erb delete mode 100644 templates/sshd.suse9.erb delete mode 100644 templates/sshd.ubuntu12.erb delete mode 100644 templates/sshd.ubuntu14.erb delete mode 100644 templates/sshd.ubuntu16.erb delete mode 100644 templates/sshd.ubuntu18.erb diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 56e360c4..2503b6b2 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -15,22 +15,21 @@ jobs: fail-fast: false matrix: include: - - ruby: 2.7 + - ruby: 2.7.8 puppet: 7 fixtures: .fixtures.yml allow_failure: false - - ruby: 2.7 + - ruby: 2.7.8 puppet: 7 fixtures: .fixtures-latest.yml allow_failure: true env: BUNDLE_WITHOUT: system_tests:release PUPPET_GEM_VERSION: "~> ${{ matrix.puppet }}.0" - FACTER_GEM_VERSION: "< 4.0" FIXTURES_YML: ${{ matrix.fixtures }} name: Puppet ${{ matrix.puppet }} (Ruby ${{ matrix.ruby }} fixtures=${{ matrix.fixtures }}) steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Setup ruby uses: ruby/setup-ruby@v1 with: @@ -48,10 +47,12 @@ jobs: fail-fast: false matrix: set: + - "el8" + - "el9" - "debian-10" - - "rocky-8" - - "ubuntu-1804" + - "debian-11" - "ubuntu-2004" + - "ubuntu-2204" puppet: - "puppet7" env: @@ -70,7 +71,7 @@ jobs: sudo apt-get remove mysql-server --purge sudo apt-get install apparmor-profiles sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Setup ruby uses: ruby/setup-ruby@v1 with: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9b3a0d73..bed1e386 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Setup Ruby uses: ruby/setup-ruby@v1 with: diff --git a/.sync.yml b/.sync.yml index 75fcbc5a..89cb78db 100644 --- a/.sync.yml +++ b/.sync.yml @@ -7,16 +7,25 @@ # for the default values. --- .github/workflows/ci.yaml: + unit_excludes: + # TODO: nsswitch module uses legacy facts so can't test against Puppet 8 yet. + # https://github.com/trlinkin/puppet-nsswitch/pull/49 + puppet: '8' acceptance_matrix: set: - - rocky-8 + - el8 + - el9 - debian-10 - - ubuntu-1804 + - debian-11 - ubuntu-2004 + - ubuntu-2204 puppet: - puppet7 + # TODO: nsswitch module uses legacy facts so can't test against Puppet 8 yet. + # https://github.com/trlinkin/puppet-nsswitch/pull/49 + - ---puppet8 .github/workflows/release.yaml: - unmanaged: true + username: ghoneycutt spec/spec_helper.rb: coverage_report: true minimum_code_coverage_percentage: 100 diff --git a/Gemfile b/Gemfile index 0969e4f2..c5101c4a 100644 --- a/Gemfile +++ b/Gemfile @@ -17,33 +17,23 @@ ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments minor_version = ruby_version_segments[0..1].join('.') group :development do - gem "facter", '< 4.0', require: false - gem "fast_gettext", '1.1.0', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') - gem "fast_gettext", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') - gem "json_pure", '<= 2.0.1', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') - gem "json", '= 1.8.1', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9') - gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-module-posix-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] - gem "puppet-module-posix-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] - gem "puppet-module-win-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-lint-param-docs", require: false - gem "voxpupuli-puppet-lint-plugins", '>= 3.0', require: false - gem "faraday", '~> 1.0', require: false - gem "github_changelog_generator", require: false + gem "voxpupuli-test", '6.0.0', require: false + gem "rubocop-performance", '~> 1.18', require: false + gem "faraday", '~> 1.0', require: false + gem "github_changelog_generator", require: false + gem "puppet-blacksmith", require: false + gem "puppet-strings", require: false end group :system_tests do - gem "puppet-module-posix-system-r#{minor_version}", '~> 0.5', require: false, platforms: [:ruby] - gem "puppet-module-win-system-r#{minor_version}", '~> 0.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "beaker", *location_for(ENV['BEAKER_VERSION'] || '~> 4.0') + gem "beaker", *location_for(ENV['BEAKER_VERSION'] || '~> 4.29') gem "beaker-abs", *location_for(ENV['BEAKER_ABS_VERSION'] || '~> 0.1') gem "beaker-pe", require: false gem "beaker-hostgenerator" gem "beaker-rspec" gem "beaker-docker" gem "beaker-puppet" + gem "beaker-puppet_install_helper", require: false + gem "beaker-module_install_helper", require: false end puppet_version = ENV['PUPPET_GEM_VERSION'] diff --git a/Rakefile b/Rakefile index 8d0386c9..f80eb34b 100644 --- a/Rakefile +++ b/Rakefile @@ -1,7 +1,7 @@ # frozen_string_literal: true require 'bundler' -require 'puppet_litmus/rake_tasks' if Bundler.rubygems.find_name('puppet_litmus').any? +require 'beaker-rspec/rake_task' if Bundler.rubygems.find_name('beaker-rspec').any? require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-syntax/tasks/puppet-syntax' require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any? diff --git a/data/os/Debian/7.yaml b/data/os/Debian/7.yaml deleted file mode 100644 index b2872aed..00000000 --- a/data/os/Debian/7.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -pam::common_files_create_links: false -pam::common_files_suffix: ~ -pam::common_files: - - common_account - - common_auth - - common_password - - common_session - - common_session_noninteractive - -pam::pam_d_login_template: pam/login.debian7.erb -pam::pam_d_sshd_template: pam/sshd.debian7.erb -pam::package_name: libpam0g -pam::pam_auth_lines: - - 'auth [success=1 default=ignore] pam_unix.so nullok_secure' - - 'auth requisite pam_deny.so' - - 'auth required pam_permit.so' -pam::pam_account_lines: - - 'account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so' - - 'account requisite pam_deny.so' - - 'account required pam_permit.so' -pam::pam_password_lines: - - 'password [success=1 default=ignore] pam_unix.so obscure sha512' - - 'password requisite pam_deny.so' - - 'password required pam_permit.so' -pam::pam_session_lines: - - 'session [default=1] pam_permit.so' - - 'session requisite pam_deny.so' - - 'session required pam_permit.so' - - 'session required pam_unix.so' diff --git a/data/os/Debian/8.yaml b/data/os/Debian/8.yaml deleted file mode 100644 index 8c0fda5f..00000000 --- a/data/os/Debian/8.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -pam::common_files_create_links: false -pam::common_files_suffix: ~ -pam::common_files: - - common_account - - common_auth - - common_password - - common_session - - common_session_noninteractive - -pam::pam_d_login_template: pam/login.debian8.erb -pam::pam_d_sshd_template: pam/sshd.debian8.erb -pam::package_name: libpam0g -pam::pam_auth_lines: - - 'auth [success=1 default=ignore] pam_unix.so nullok_secure' - - 'auth requisite pam_deny.so' - - 'auth required pam_permit.so' -pam::pam_account_lines: - - 'account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so' - - 'account requisite pam_deny.so' - - 'account required pam_permit.so' -pam::pam_password_lines: - - 'password [success=1 default=ignore] pam_unix.so obscure sha512' - - 'password requisite pam_deny.so' - - 'password required pam_permit.so' -pam::pam_session_lines: - - 'session [default=1] pam_permit.so' - - 'session requisite pam_deny.so' - - 'session required pam_permit.so' - - 'session required pam_unix.so' diff --git a/data/os/Debian/9.yaml b/data/os/Debian/9.yaml deleted file mode 100644 index f9999c23..00000000 --- a/data/os/Debian/9.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -pam::common_files_create_links: false -pam::common_files_suffix: ~ -pam::common_files: - - common_account - - common_auth - - common_password - - common_session - - common_session_noninteractive - -pam::pam_d_login_template: pam/login.debian9.erb -pam::pam_d_sshd_template: pam/sshd.debian9.erb -pam::package_name: libpam0g -pam::pam_auth_lines: - - 'auth [success=1 default=ignore] pam_unix.so nullok_secure' - - 'auth requisite pam_deny.so' - - 'auth required pam_permit.so' - - 'auth optional pam_cap.so' -pam::pam_account_lines: - - 'account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so' - - 'account requisite pam_deny.so' - - 'account required pam_permit.so' -pam::pam_password_lines: - - 'password [success=1 default=ignore] pam_unix.so obscure sha512' - - 'password requisite pam_deny.so' - - 'password required pam_permit.so' -pam::pam_session_lines: - - 'session [default=1] pam_permit.so' - - 'session requisite pam_deny.so' - - 'session required pam_permit.so' - - 'session required pam_unix.so' - - 'session required pam_unix.so' - - 'session optional pam_systemd.so' diff --git a/data/os/RedHat/5.yaml b/data/os/RedHat/5.yaml deleted file mode 100644 index f8e908c1..00000000 --- a/data/os/RedHat/5.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -pam::common_files_create_links: true -pam::common_files_suffix: '_ac' -pam::common_files: - - system_auth - -pam::pam_d_login_template: pam/login.el5.erb -pam::pam_d_sshd_template: pam/sshd.el5.erb -pam::package_name: - - pam - - util-linux -pam::pam_auth_lines: - - 'auth required pam_env.so' - - 'auth sufficient pam_unix.so nullok try_first_pass' - - 'auth requisite pam_succeed_if.so uid >= 500 quiet' - - 'auth required pam_deny.so' -pam::pam_account_lines: - - 'account required pam_unix.so' - - 'account sufficient pam_succeed_if.so uid < 500 quiet' - - 'account required pam_permit.so' -pam::pam_password_lines: - - 'password requisite pam_cracklib.so try_first_pass retry=3' - - 'password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok' - - 'password required pam_deny.so' -pam::pam_session_lines: - - 'session optional pam_keyinit.so revoke' - - 'session required pam_limits.so' - - 'session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid' - - 'session required pam_unix.so' diff --git a/data/os/RedHat/6.yaml b/data/os/RedHat/6.yaml deleted file mode 100644 index a8fdb08e..00000000 --- a/data/os/RedHat/6.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -pam::common_files_create_links: true -pam::common_files_suffix: '_ac' -pam::common_files: - - password_auth - - system_auth - -pam::pam_d_login_template: pam/login.el6.erb -pam::pam_d_sshd_template: pam/sshd.el6.erb -pam::package_name: pam -pam::pam_auth_lines: - - 'auth required pam_env.so' - - 'auth sufficient pam_fprintd.so' - - 'auth sufficient pam_unix.so nullok try_first_pass' - - 'auth requisite pam_succeed_if.so uid >= 500 quiet' - - 'auth required pam_deny.so' -pam::pam_password_auth_lines: - - 'auth required pam_env.so' - - 'auth sufficient pam_unix.so nullok try_first_pass' - - 'auth requisite pam_succeed_if.so uid >= 500 quiet' - - 'auth required pam_deny.so' -pam::pam_account_lines: - - 'account required pam_unix.so' - - 'account sufficient pam_localuser.so' - - 'account sufficient pam_succeed_if.so uid < 500 quiet' - - 'account required pam_permit.so' -pam::pam_password_lines: - - 'password requisite pam_cracklib.so try_first_pass retry=3 type=' - - 'password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok' - - 'password required pam_deny.so' -pam::pam_session_lines: - - 'session optional pam_keyinit.so revoke' - - 'session required pam_limits.so' - - 'session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid' - - 'session required pam_unix.so' -pam::pam_password_account_lines: - - 'account required pam_unix.so' - - 'account sufficient pam_localuser.so' - - 'account sufficient pam_succeed_if.so uid < 500 quiet' - - 'account required pam_permit.so' -pam::pam_password_password_lines: - - 'password requisite pam_cracklib.so try_first_pass retry=3 type=' - - 'password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok' - - 'password required pam_deny.so' -pam::pam_password_session_lines: - - 'session optional pam_keyinit.so revoke' - - 'session required pam_limits.so' - - 'session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid' - - 'session required pam_unix.so' diff --git a/data/os/Suse/10.yaml b/data/os/Suse/10.yaml deleted file mode 100644 index 45676b9d..00000000 --- a/data/os/Suse/10.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -pam::common_files_create_links: false -pam::common_files_suffix: ~ -pam::common_files: - - common_account - - common_auth - - common_password - - common_session - -pam::pam_d_login_template: pam/login.suse10.erb -pam::pam_d_sshd_template: pam/sshd.suse10.erb -pam::package_name: pam -pam::pam_auth_lines: - - 'auth required pam_env.so' - - 'auth required pam_unix2.so' -pam::pam_account_lines: - - 'account required pam_unix2.so' -pam::pam_password_lines: - - 'password required pam_pwcheck.so nullok' - - 'password required pam_unix2.so nullok use_authtok' -pam::pam_session_lines: - - 'session required pam_limits.so' - - 'session required pam_unix2.so' diff --git a/data/os/Suse/11.yaml b/data/os/Suse/11.yaml deleted file mode 100644 index a78514cb..00000000 --- a/data/os/Suse/11.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -pam::common_files_create_links: true -pam::common_files_suffix: '_pc' -pam::common_files: - - common_account - - common_auth - - common_password - - common_session - -pam::pam_d_login_template: pam/login.suse11.erb -pam::pam_d_sshd_template: pam/sshd.suse11.erb -pam::package_name: pam -pam::pam_auth_lines: - - 'auth required pam_env.so' - - 'auth required pam_unix2.so' -pam::pam_account_lines: - - 'account required pam_unix2.so' -pam::pam_password_lines: - - 'password required pam_pwcheck.so nullok cracklib' - - 'password required pam_unix2.so nullok use_authtok' -pam::pam_session_lines: - - 'session required pam_limits.so' - - 'session required pam_unix2.so' - - 'session optional pam_umask.so' diff --git a/data/os/Suse/13.yaml b/data/os/Suse/13.yaml deleted file mode 100644 index 6d07e273..00000000 --- a/data/os/Suse/13.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -pam::common_files_create_links: true -pam::common_files_suffix: '_pc' -pam::common_files: - - common_account - - common_auth - - common_password - - common_session - -pam::pam_d_login_template: pam/login.suse13.erb -pam::pam_d_sshd_template: pam/sshd.suse13.erb -pam::package_name: pam -pam::pam_auth_lines: - - 'auth required pam_env.so' - - 'auth optional pam_gnome_keyring.so' - - 'auth required pam_unix.so try_first_pass' -pam::pam_account_lines: - - 'account required pam_unix.so try_first_pass' -pam::pam_password_lines: - - 'password requisite pam_cracklib.so' - - 'password optional pam_gnome_keyring.so use_authtok' - - 'password required pam_unix.so use_authtok nullok shadow try_first_pass' -pam::pam_session_lines: - - 'session required pam_limits.so' - - 'session required pam_unix.so try_first_pass' - - 'session optional pam_umask.so' - - 'session optional pam_systemd.so' - - 'session optional pam_gnome_keyring.so auto_start only_if=gdm,gdm-password,lxdm,lightdm' - - 'session optional pam_env.so' diff --git a/data/os/Suse/9.yaml b/data/os/Suse/9.yaml deleted file mode 100644 index 3ff920f9..00000000 --- a/data/os/Suse/9.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -pam::common_files_create_links: false -pam::common_files_suffix: ~ -pam::common_files: - - other - -pam::pam_d_login_template: pam/login.suse9.erb -pam::pam_d_sshd_template: pam/sshd.suse9.erb -pam::package_name: - - pam - - pam-modules -pam::pam_auth_lines: - - 'auth required pam_warn.so' - - 'auth required pam_unix2.so' -pam::pam_account_lines: - - 'account required pam_warn.so' - - 'account required pam_unix2.so' -pam::pam_password_lines: - - 'password required pam_warn.so' - - 'password required pam_pwcheck.so use_cracklib' -pam::pam_session_lines: - - 'session required pam_warn.so' - - 'session required pam_unix2.so debug' diff --git a/data/os/Ubuntu/12.04.yaml b/data/os/Ubuntu/12.04.yaml deleted file mode 100644 index 4fd30b0f..00000000 --- a/data/os/Ubuntu/12.04.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -pam::common_files_create_links: false -pam::common_files_suffix: ~ -pam::common_files: - - common_account - - common_auth - - common_password - - common_session - - common_session_noninteractive - -pam::pam_d_login_template: pam/login.ubuntu12.erb -pam::pam_d_sshd_template: pam/sshd.ubuntu12.erb -pam::package_name: libpam0g -pam::pam_auth_lines: - - 'auth [success=1 default=ignore] pam_unix.so nullok_secure' - - 'auth requisite pam_deny.so' - - 'auth required pam_permit.so' -pam::pam_account_lines: - - 'account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so' - - 'account requisite pam_deny.so' - - 'account required pam_permit.so' -pam::pam_password_lines: - - 'password [success=1 default=ignore] pam_unix.so obscure sha512' - - 'password requisite pam_deny.so' - - 'password required pam_permit.so' -pam::pam_session_lines: - - 'session [default=1] pam_permit.so' - - 'session requisite pam_deny.so' - - 'session required pam_permit.so' - - 'session optional pam_umask.so' - - 'session required pam_unix.so' diff --git a/data/os/Ubuntu/14.04.yaml b/data/os/Ubuntu/14.04.yaml deleted file mode 100644 index 4069d74c..00000000 --- a/data/os/Ubuntu/14.04.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -pam::common_files_create_links: false -pam::common_files_suffix: ~ -pam::common_files: - - common_account - - common_auth - - common_password - - common_session - - common_session_noninteractive - -pam::pam_d_login_template: pam/login.ubuntu14.erb -pam::pam_d_sshd_template: pam/sshd.ubuntu14.erb -pam::package_name: libpam0g -pam::pam_auth_lines: - - 'auth [success=1 default=ignore] pam_unix.so nullok_secure' - - 'auth requisite pam_deny.so' - - 'auth required pam_permit.so' - - 'auth optional pam_cap.so' -pam::pam_account_lines: - - 'account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so' - - 'account requisite pam_deny.so' - - 'account required pam_permit.so' -pam::pam_password_lines: - - 'password [success=1 default=ignore] pam_unix.so obscure sha512' - - 'password requisite pam_deny.so' - - 'password required pam_permit.so' -pam::pam_session_lines: - - 'session [default=1] pam_permit.so' - - 'session requisite pam_deny.so' - - 'session required pam_permit.so' - - 'session optional pam_umask.so' - - 'session required pam_unix.so' - - 'session optional pam_systemd.so' diff --git a/data/os/Ubuntu/16.04.yaml b/data/os/Ubuntu/16.04.yaml deleted file mode 100644 index 5db60593..00000000 --- a/data/os/Ubuntu/16.04.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -pam::common_files_create_links: false -pam::common_files_suffix: ~ -pam::common_files: - - common_account - - common_auth - - common_password - - common_session - - common_session_noninteractive - -pam::pam_d_login_template: pam/login.ubuntu16.erb -pam::pam_d_sshd_template: pam/sshd.ubuntu16.erb -pam::package_name: libpam0g -pam::pam_auth_lines: - - 'auth [success=1 default=ignore] pam_unix.so nullok_secure' - - 'auth requisite pam_deny.so' - - 'auth required pam_permit.so' -pam::pam_account_lines: - - 'account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so' - - 'account requisite pam_deny.so' - - 'account required pam_permit.so' -pam::pam_password_lines: - - 'password [success=1 default=ignore] pam_unix.so obscure sha512' - - 'password requisite pam_deny.so' - - 'password required pam_permit.so' -pam::pam_session_lines: - - 'session [default=1] pam_permit.so' - - 'session requisite pam_deny.so' - - 'session required pam_permit.so' - - 'session optional pam_umask.so' - - 'session required pam_unix.so' - - 'session optional pam_systemd.so' diff --git a/data/os/Ubuntu/18.04.yaml b/data/os/Ubuntu/18.04.yaml deleted file mode 100644 index fd876032..00000000 --- a/data/os/Ubuntu/18.04.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -pam::common_files_create_links: false -pam::common_files_suffix: ~ -pam::common_files: - - common_account - - common_auth - - common_password - - common_session - - common_session_noninteractive - -pam::pam_d_login_template: pam/login.ubuntu18.erb -pam::pam_d_sshd_template: pam/sshd.ubuntu18.erb -pam::package_name: libpam0g -pam::pam_auth_lines: - - 'auth [success=1 default=ignore] pam_unix.so nullok_secure' - - 'auth requisite pam_deny.so' - - 'auth required pam_permit.so' - - 'auth optional pam_cap.so' -pam::pam_account_lines: - - 'account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so' - - 'account requisite pam_deny.so' - - 'account required pam_permit.so' -pam::pam_password_lines: - - 'password [success=1 default=ignore] pam_unix.so obscure sha512' - - 'password requisite pam_deny.so' - - 'password required pam_permit.so' -pam::pam_session_lines: - - 'session [default=1] pam_permit.so' - - 'session requisite pam_deny.so' - - 'session required pam_permit.so' - - 'session optional pam_umask.so' - - 'session required pam_unix.so' - - 'session optional pam_systemd.so' diff --git a/metadata.json b/metadata.json index 2d134e6b..d4f11986 100644 --- a/metadata.json +++ b/metadata.json @@ -27,9 +27,6 @@ { "operatingsystem": "Debian", "operatingsystemrelease": [ - "7", - "8", - "9", "10", "11" ] @@ -37,8 +34,6 @@ { "operatingsystem": "RedHat", "operatingsystemrelease": [ - "5", - "6", "7", "8", "9" @@ -47,18 +42,12 @@ { "operatingsystem": "CentOS", "operatingsystemrelease": [ - "5", - "6", - "7", - "8", - "9" + "7" ] }, { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ - "5", - "6", "7", "8", "9" @@ -67,11 +56,7 @@ { "operatingsystem": "Scientific", "operatingsystemrelease": [ - "5", - "6", - "7", - "8", - "9" + "7" ] }, { @@ -85,9 +70,6 @@ { "operatingsystem": "SLES", "operatingsystemrelease": [ - "9", - "10", - "11", "12", "15" ] @@ -95,9 +77,6 @@ { "operatingsystem": "SLED", "operatingsystemrelease": [ - "9", - "10", - "11", "12", "15" ] @@ -105,10 +84,6 @@ { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ - "12.04", - "14.04", - "16.04", - "18.04", "20.04", "22.04" ] diff --git a/spec/acceptance/00_pam_spec.rb b/spec/acceptance/00_pam_spec.rb index d72ec404..9e38a139 100644 --- a/spec/acceptance/00_pam_spec.rb +++ b/spec/acceptance/00_pam_spec.rb @@ -27,8 +27,8 @@ it { is_expected.to be_grouped_into 'root' } it { is_expected.to be_mode 644 } it { - if fact('osfamily') == 'RedHat' - if fact('operatingsystemmajrelease') == '8' + if fact('os.family') == 'RedHat' + if fact('os.release.major') =~ %r{8|9} is_expected.not_to match(%r{^account\s+required\s+pam_access.so$}) else is_expected.to match(%r{^account\s+required\s+pam_access.so$}) @@ -43,8 +43,8 @@ it { is_expected.to be_grouped_into 'root' } it { is_expected.to be_mode 644 } it { - if fact('osfamily') == 'RedHat' - if fact('operatingsystemmajrelease') == '8' + if fact('os.family') == 'RedHat' + if fact('os.release.major') =~ %r{8|9} is_expected.not_to match(%r{^account\s+required\s+pam_access.so$}) else is_expected.to match(%r{^account\s+required\s+pam_access.so$}) @@ -70,7 +70,7 @@ its(:content) { is_expected.to match(%r{^$|^#}) } end - if fact('osfamily') == 'RedHat' + if fact('os.family') == 'RedHat' && fact('os.release.major') != '9' ['password-auth', 'system-auth'].each do |f| describe file("/etc/pam.d/#{f}-ac") do it { is_expected.to be_file } @@ -85,7 +85,18 @@ end end - if fact('osfamily') == 'Debian' + if fact('os.family') == 'RedHat' && fact('os.release.major') == '9' + ['password-auth', 'system-auth'].each do |f| + describe file("/etc/pam.d/#{f}") do + it { is_expected.to be_file } + it { is_expected.to be_owned_by 'root' } + it { is_expected.to be_grouped_into 'root' } + it { is_expected.to be_mode 644 } + end + end + end + + if fact('os.family') == 'Debian' ['auth', 'account', 'password', 'session', 'session-noninteractive'].each do |f| describe file("/etc/pam.d/common-#{f}") do it { is_expected.to be_file } diff --git a/spec/acceptance/nodesets/centos-7.yml b/spec/acceptance/nodesets/centos-7.yml deleted file mode 100644 index a79d39de..00000000 --- a/spec/acceptance/nodesets/centos-7.yml +++ /dev/null @@ -1,20 +0,0 @@ -HOSTS: - centos7: - roles: - - agent - platform: el-7-x86_64 - hypervisor: docker - image: centos:7 - docker_preserve_image: true - docker_cmd: - - '/usr/sbin/init' - docker_image_commands: - - 'yum install -y wget' - docker_container_name: 'pam-el7' -CONFIG: - log_level: debug - type: foss -ssh: - password: root - auth_methods: ["password"] - diff --git a/spec/acceptance/nodesets/debian-11.yml b/spec/acceptance/nodesets/debian-11.yml index 31f96506..b79cad0d 100644 --- a/spec/acceptance/nodesets/debian-11.yml +++ b/spec/acceptance/nodesets/debian-11.yml @@ -1,21 +1,24 @@ HOSTS: debian11: roles: - - agent + - agent platform: debian-11-amd64 hypervisor: docker image: debian:11 docker_preserve_image: true docker_cmd: - - '/sbin/init' + - '/sbin/init' docker_image_commands: - - 'apt-get install -y wget net-tools systemd-sysv locales' - - 'rm -f /usr/sbin/policy-rc.d' - - 'echo "LC_ALL=en_US.UTF-8" >> /etc/environment' - - 'echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen' - - 'echo "LANG=en_US.UTF-8" > /etc/locale.conf' - - 'locale-gen en_US.UTF-8' - docker_container_name: 'pam-debian10' + - 'apt-get install -y wget net-tools systemd-sysv locales apt-transport-https ca-certificates' + - 'echo "LC_ALL=en_US.UTF-8" >> /etc/environment' + - 'echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen' + - 'echo "LANG=en_US.UTF-8" > /etc/locale.conf' + - 'locale-gen en_US.UTF-8' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 + docker_container_name: 'pam-debian11' CONFIG: log_level: debug type: foss diff --git a/spec/acceptance/nodesets/rocky-8.yml b/spec/acceptance/nodesets/el8.yml similarity index 61% rename from spec/acceptance/nodesets/rocky-8.yml rename to spec/acceptance/nodesets/el8.yml index 5b506e46..d501ac84 100644 --- a/spec/acceptance/nodesets/rocky-8.yml +++ b/spec/acceptance/nodesets/el8.yml @@ -1,17 +1,21 @@ HOSTS: - rocky-8: + el8: roles: - agent platform: el-8-x86_64 hypervisor: docker - image: rockylinux/rockylinux:8 + image: almalinux:8 docker_preserve_image: true docker_cmd: - '/usr/sbin/init' docker_image_commands: - - 'yum install -y dnf-utils' + - 'dnf install -y dnf-utils' - 'dnf config-manager --set-enabled powertools' - - 'yum install -y wget which cronie iproute initscripts' + - 'dnf install -y wget which cronie iproute initscripts' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 docker_container_name: 'pam-el8' CONFIG: log_level: debug @@ -19,4 +23,3 @@ CONFIG: ssh: password: root auth_methods: ["password"] - diff --git a/spec/acceptance/nodesets/centos-9.yml b/spec/acceptance/nodesets/el9.yml similarity index 53% rename from spec/acceptance/nodesets/centos-9.yml rename to spec/acceptance/nodesets/el9.yml index 09fc7c87..80ce74bb 100644 --- a/spec/acceptance/nodesets/centos-9.yml +++ b/spec/acceptance/nodesets/el9.yml @@ -1,17 +1,21 @@ HOSTS: - centos9: + el9: roles: - agent platform: el-9-x86_64 hypervisor: docker - image: centos:9 + image: almalinux:9 docker_preserve_image: true docker_cmd: - '/usr/sbin/init' docker_image_commands: - - 'yum install -y dnf-utils' - - 'dnf config-manager --set-enabled PowerTools' - - 'dnf install -y wget which initscripts iproute langpacks-en glibc-all-langpacks' + - 'dnf install -y dnf-utils' + - 'dnf config-manager --set-enabled crb' + - 'dnf install -y wget which cronie iproute initscripts' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 docker_container_name: 'pam-el9' CONFIG: log_level: debug diff --git a/spec/acceptance/nodesets/ubuntu-2004.yml b/spec/acceptance/nodesets/ubuntu-2004.yml index 0aea371e..85a6a33c 100644 --- a/spec/acceptance/nodesets/ubuntu-2004.yml +++ b/spec/acceptance/nodesets/ubuntu-2004.yml @@ -8,12 +8,17 @@ HOSTS: docker_preserve_image: true docker_cmd: '["/sbin/init"]' docker_image_commands: - - 'apt-get install -y -q net-tools wget locales' + - "rm -f /etc/dpkg/dpkg.cfg.d/excludes" + - 'apt-get install -y wget net-tools iproute2 locales apt-transport-https ca-certificates' - 'locale-gen en_US.UTF-8' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 docker_container_name: 'pam-ubuntu2004' CONFIG: - type: foss log_level: debug + type: foss ssh: password: root auth_methods: ["password"] diff --git a/spec/acceptance/nodesets/ubuntu-1804.yml b/spec/acceptance/nodesets/ubuntu-2204.yml similarity index 50% rename from spec/acceptance/nodesets/ubuntu-1804.yml rename to spec/acceptance/nodesets/ubuntu-2204.yml index c88143e6..3e706530 100644 --- a/spec/acceptance/nodesets/ubuntu-1804.yml +++ b/spec/acceptance/nodesets/ubuntu-2204.yml @@ -1,21 +1,24 @@ HOSTS: - ubuntu1804: + ubuntu2204: roles: - agent - platform: ubuntu-18.04-amd64 + platform: ubuntu-22.04-amd64 hypervisor : docker - image: ubuntu:18.04 + image: ubuntu:22.04 docker_preserve_image: true docker_cmd: '["/sbin/init"]' docker_image_commands: - "rm -f /etc/dpkg/dpkg.cfg.d/excludes" - - 'apt-get install -y wget net-tools locales apt-transport-https ca-certificates' + - 'apt-get install -y wget net-tools iproute2 locales apt-transport-https ca-certificates' - 'locale-gen en_US.UTF-8' - docker_container_name: 'pam-ubuntu1804' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 + docker_container_name: 'pam-ubuntu2204' CONFIG: log_level: debug type: foss ssh: password: root auth_methods: ["password"] - diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 83699cf4..40591fa2 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -61,7 +61,7 @@ end end - if %r{solaris}.match?(os_id) + if os_id.include?('solaris') it { is_expected.not_to contain_file('pam_d_login') } it { is_expected.not_to contain_file('pam_d_sshd') } else @@ -88,7 +88,7 @@ end end - unless %r{solaris}.match?(os_id) + unless os_id.include?('solaris') it { is_expected.to contain_class('pam::accesslogin') } it { is_expected.to contain_class('pam::limits') } end @@ -135,7 +135,7 @@ |-:ALL:ALL END - if %r{solaris}.match?(os_id) + if os_id.include?('solaris') it { is_expected.not_to contain_file('access_conf') } else it { is_expected.to contain_file('access_conf').with_content(file_header + content) } @@ -168,7 +168,7 @@ |session_line2 END - if %r{solaris}.match?(os_id) + if os_id.include?('solaris') it { is_expected.not_to contain_file('pam_d_sshd') } else it { is_expected.to contain_file('pam_d_sshd').with_content(sshd_custom_content) } @@ -196,7 +196,7 @@ context 'with login_pam_access => absent' do let(:params) { { login_pam_access: 'absent' } } - unless %r{solaris}.match?(os_id) + unless os_id.include?('solaris') it { is_expected.to contain_file('pam_d_login').without_content(%r{^account.*pam_access.so$}) } end end @@ -204,19 +204,19 @@ context 'with sshd_pam_access => absent' do let(:params) { { sshd_pam_access: 'absent' } } - unless %r{solaris}.match?(os_id) + unless os_id.include?('solaris') it { is_expected.to contain_file('pam_d_sshd').without_content(%r{^account.*pam_access.so$}) } end end context 'with password_auth_ac => path' do - if %r{redhat-5}.match?(os_id) + if os_id.include?('redhat-5') it { is_expected.not_to contain_file('password_auth_ac') } end end context 'with password_auth_ac_file => path' do - if %r{redhat-5}.match?(os_id) + if os_id.include?('redhat-5') it { is_expected.not_to contain_file('password_auth_ac_file') } end end @@ -224,9 +224,9 @@ context 'with pam_d_login_oracle_options set to valid array' do let(:params) { { pam_d_login_oracle_options: [ 'session required pam_spectest.so', 'session optional pam_spectest.so' ] } } - if %r{redhat-5}.match?(os_id) + if os_id.include?('redhat-5') it { is_expected.to contain_file('pam_d_login').with_content(%r{^# oracle options\nsession required pam_spectest.so\nsession optional pam_spectest.so$}) } - elsif %r{solaris}.match?(os_id) + elsif os_id.include?('solaris') it { is_expected.not_to contain_file('pam_d_login') } else it { is_expected.to contain_file('pam_d_login').without_content(%r{^# oracle options\nsession required pam_spectest.so\nsession optional pam_spectest.so$}) } diff --git a/spec/fixtures/debian-7-x86_64-pam_common_account b/spec/fixtures/debian-7-x86_64-pam_common_account deleted file mode 100644 index 9d331866..00000000 --- a/spec/fixtures/debian-7-x86_64-pam_common_account +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so -account requisite pam_deny.so -account required pam_permit.so diff --git a/spec/fixtures/debian-7-x86_64-pam_common_auth b/spec/fixtures/debian-7-x86_64-pam_common_auth deleted file mode 100644 index f629ec0b..00000000 --- a/spec/fixtures/debian-7-x86_64-pam_common_auth +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -auth [success=1 default=ignore] pam_unix.so nullok_secure -auth requisite pam_deny.so -auth required pam_permit.so diff --git a/spec/fixtures/debian-7-x86_64-pam_common_password b/spec/fixtures/debian-7-x86_64-pam_common_password deleted file mode 100644 index 7f278d0e..00000000 --- a/spec/fixtures/debian-7-x86_64-pam_common_password +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -password [success=1 default=ignore] pam_unix.so obscure sha512 -password requisite pam_deny.so -password required pam_permit.so diff --git a/spec/fixtures/debian-7-x86_64-pam_common_session b/spec/fixtures/debian-7-x86_64-pam_common_session deleted file mode 100644 index 9f3c1591..00000000 --- a/spec/fixtures/debian-7-x86_64-pam_common_session +++ /dev/null @@ -1,6 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -session [default=1] pam_permit.so -session requisite pam_deny.so -session required pam_permit.so -session required pam_unix.so diff --git a/spec/fixtures/debian-7-x86_64-pam_common_session_noninteractive b/spec/fixtures/debian-7-x86_64-pam_common_session_noninteractive deleted file mode 100644 index 9f3c1591..00000000 --- a/spec/fixtures/debian-7-x86_64-pam_common_session_noninteractive +++ /dev/null @@ -1,6 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -session [default=1] pam_permit.so -session requisite pam_deny.so -session required pam_permit.so -session required pam_unix.so diff --git a/spec/fixtures/debian-7-x86_64-pam_d_login b/spec/fixtures/debian-7-x86_64-pam_d_login deleted file mode 100644 index 82fdf469..00000000 --- a/spec/fixtures/debian-7-x86_64-pam_d_login +++ /dev/null @@ -1,17 +0,0 @@ -auth optional pam_faildelay.so delay=3000000 -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so -auth requisite pam_nologin.so -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_env.so readenv=1 -session required pam_env.so readenv=1 envfile=/etc/default/locale -@include common-auth -auth optional pam_group.so -session required pam_limits.so -session optional pam_lastlog.so -session optional pam_motd.so motd=/run/motd.dynamic -session optional pam_motd.so -session optional pam_mail.so standard -@include common-account -@include common-session -@include common-password -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open diff --git a/spec/fixtures/debian-7-x86_64-pam_d_sshd b/spec/fixtures/debian-7-x86_64-pam_d_sshd deleted file mode 100644 index 224a3ced..00000000 --- a/spec/fixtures/debian-7-x86_64-pam_d_sshd +++ /dev/null @@ -1,12 +0,0 @@ -auth required pam_env.so # [1] -auth required pam_env.so envfile=/etc/default/locale -@include common-auth -account required pam_nologin.so -account required pam_access.so -@include common-account -@include common-session -session optional pam_motd.so motd=/run/motd.dynamic noupdate -session optional pam_motd.so # [1] -session optional pam_mail.so standard noenv # [1] -session required pam_limits.so -@include common-password diff --git a/spec/fixtures/debian-8-x86_64-pam_common_account b/spec/fixtures/debian-8-x86_64-pam_common_account deleted file mode 100644 index 9d331866..00000000 --- a/spec/fixtures/debian-8-x86_64-pam_common_account +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so -account requisite pam_deny.so -account required pam_permit.so diff --git a/spec/fixtures/debian-8-x86_64-pam_common_auth b/spec/fixtures/debian-8-x86_64-pam_common_auth deleted file mode 100644 index f629ec0b..00000000 --- a/spec/fixtures/debian-8-x86_64-pam_common_auth +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -auth [success=1 default=ignore] pam_unix.so nullok_secure -auth requisite pam_deny.so -auth required pam_permit.so diff --git a/spec/fixtures/debian-8-x86_64-pam_common_password b/spec/fixtures/debian-8-x86_64-pam_common_password deleted file mode 100644 index 7f278d0e..00000000 --- a/spec/fixtures/debian-8-x86_64-pam_common_password +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -password [success=1 default=ignore] pam_unix.so obscure sha512 -password requisite pam_deny.so -password required pam_permit.so diff --git a/spec/fixtures/debian-8-x86_64-pam_common_session b/spec/fixtures/debian-8-x86_64-pam_common_session deleted file mode 100644 index 9f3c1591..00000000 --- a/spec/fixtures/debian-8-x86_64-pam_common_session +++ /dev/null @@ -1,6 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -session [default=1] pam_permit.so -session requisite pam_deny.so -session required pam_permit.so -session required pam_unix.so diff --git a/spec/fixtures/debian-8-x86_64-pam_common_session_noninteractive b/spec/fixtures/debian-8-x86_64-pam_common_session_noninteractive deleted file mode 100644 index 9f3c1591..00000000 --- a/spec/fixtures/debian-8-x86_64-pam_common_session_noninteractive +++ /dev/null @@ -1,6 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -session [default=1] pam_permit.so -session requisite pam_deny.so -session required pam_permit.so -session required pam_unix.so diff --git a/spec/fixtures/debian-8-x86_64-pam_d_login b/spec/fixtures/debian-8-x86_64-pam_d_login deleted file mode 100644 index 3e2397b8..00000000 --- a/spec/fixtures/debian-8-x86_64-pam_d_login +++ /dev/null @@ -1,18 +0,0 @@ -auth optional pam_faildelay.so delay=3000000 -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so -auth requisite pam_nologin.so -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_env.so readenv=1 -session required pam_env.so readenv=1 envfile=/etc/default/locale -@include common-auth -auth optional pam_group.so -session required pam_limits.so -session optional pam_lastlog.so -session optional pam_exec.so type=open_session stdout /bin/uname -snrvm -session optional pam_motd.so -session optional pam_mail.so standard -session required pam_loginuid.so -@include common-account -@include common-session -@include common-password -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open diff --git a/spec/fixtures/debian-8-x86_64-pam_d_sshd b/spec/fixtures/debian-8-x86_64-pam_d_sshd deleted file mode 100644 index d80d9e32..00000000 --- a/spec/fixtures/debian-8-x86_64-pam_d_sshd +++ /dev/null @@ -1,15 +0,0 @@ -@include common-auth -account required pam_nologin.so -account required pam_access.so -@include common-account -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_loginuid.so -session optional pam_keyinit.so force revoke -@include common-session -session optional pam_motd.so motd=/run/motd.dynamic -session optional pam_motd.so noupdate # [1] -session required pam_limits.so -session required pam_env.so # [1] -session required pam_env.so user_readenv=1 envfile=/etc/default/locale -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -@include common-password diff --git a/spec/fixtures/debian-9-x86_64-pam_common_account b/spec/fixtures/debian-9-x86_64-pam_common_account deleted file mode 100644 index 9d331866..00000000 --- a/spec/fixtures/debian-9-x86_64-pam_common_account +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so -account requisite pam_deny.so -account required pam_permit.so diff --git a/spec/fixtures/debian-9-x86_64-pam_common_auth b/spec/fixtures/debian-9-x86_64-pam_common_auth deleted file mode 100644 index 9800d8c4..00000000 --- a/spec/fixtures/debian-9-x86_64-pam_common_auth +++ /dev/null @@ -1,6 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -auth [success=1 default=ignore] pam_unix.so nullok_secure -auth requisite pam_deny.so -auth required pam_permit.so -auth optional pam_cap.so diff --git a/spec/fixtures/debian-9-x86_64-pam_common_password b/spec/fixtures/debian-9-x86_64-pam_common_password deleted file mode 100644 index 7f278d0e..00000000 --- a/spec/fixtures/debian-9-x86_64-pam_common_password +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -password [success=1 default=ignore] pam_unix.so obscure sha512 -password requisite pam_deny.so -password required pam_permit.so diff --git a/spec/fixtures/debian-9-x86_64-pam_common_session b/spec/fixtures/debian-9-x86_64-pam_common_session deleted file mode 100644 index fd4e3db6..00000000 --- a/spec/fixtures/debian-9-x86_64-pam_common_session +++ /dev/null @@ -1,8 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -session [default=1] pam_permit.so -session requisite pam_deny.so -session required pam_permit.so -session required pam_unix.so -session required pam_unix.so -session optional pam_systemd.so diff --git a/spec/fixtures/debian-9-x86_64-pam_common_session_noninteractive b/spec/fixtures/debian-9-x86_64-pam_common_session_noninteractive deleted file mode 100644 index fd4e3db6..00000000 --- a/spec/fixtures/debian-9-x86_64-pam_common_session_noninteractive +++ /dev/null @@ -1,8 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -session [default=1] pam_permit.so -session requisite pam_deny.so -session required pam_permit.so -session required pam_unix.so -session required pam_unix.so -session optional pam_systemd.so diff --git a/spec/fixtures/debian-9-x86_64-pam_d_login b/spec/fixtures/debian-9-x86_64-pam_d_login deleted file mode 100644 index dcd6327f..00000000 --- a/spec/fixtures/debian-9-x86_64-pam_d_login +++ /dev/null @@ -1,19 +0,0 @@ -auth optional pam_faildelay.so delay=3000000 -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so -auth requisite pam_nologin.so -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_loginuid.so -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -session required pam_env.so readenv=1 -session required pam_env.so readenv=1 envfile=/etc/default/locale -@include common-auth -auth optional pam_group.so -session required pam_limits.so -session optional pam_lastlog.so -session optional pam_motd.so motd=/run/motd.dynamic -session optional pam_motd.so noupdate -session optional pam_mail.so standard -session optional pam_keyinit.so force revoke -@include common-account -@include common-session -@include common-password diff --git a/spec/fixtures/debian-9-x86_64-pam_d_sshd b/spec/fixtures/debian-9-x86_64-pam_d_sshd deleted file mode 100644 index 9d7c460c..00000000 --- a/spec/fixtures/debian-9-x86_64-pam_d_sshd +++ /dev/null @@ -1,13 +0,0 @@ -@include common-auth -account required pam_nologin.so -account required pam_access.so -@include common-account -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_loginuid.so -session optional pam_keyinit.so force revoke -@include common-session -session optional pam_motd.so motd=/run/motd.dynamic -session optional pam_motd.so noupdate -session required pam_limits.so -session required pam_env.so user_readenv=1 envfile=/etc/default/locale -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open diff --git a/spec/fixtures/redhat-5-x86_64-pam_d_login b/spec/fixtures/redhat-5-x86_64-pam_d_login deleted file mode 100644 index 9bd0992c..00000000 --- a/spec/fixtures/redhat-5-x86_64-pam_d_login +++ /dev/null @@ -1,15 +0,0 @@ -#%PAM-1.0 -auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so -auth include system-auth -account required pam_nologin.so -account include system-auth -account required pam_access.so -password include system-auth -# pam_selinux.so close should be the first session rule -session required pam_selinux.so close -session optional pam_keyinit.so force revoke -session required pam_loginuid.so -session include system-auth -session optional pam_console.so -# pam_selinux.so open should only be followed by sessions to be executed in the user context -session required pam_selinux.so open diff --git a/spec/fixtures/redhat-5-x86_64-pam_d_sshd b/spec/fixtures/redhat-5-x86_64-pam_d_sshd deleted file mode 100644 index 954c9418..00000000 --- a/spec/fixtures/redhat-5-x86_64-pam_d_sshd +++ /dev/null @@ -1,9 +0,0 @@ -#%PAM-1.0 -auth include system-auth -account required pam_nologin.so -account include system-auth -account required pam_access.so -password include system-auth -session optional pam_keyinit.so force revoke -session include system-auth -session required pam_loginuid.so diff --git a/spec/fixtures/redhat-5-x86_64-pam_system_auth_ac b/spec/fixtures/redhat-5-x86_64-pam_system_auth_ac deleted file mode 100644 index 59043a0e..00000000 --- a/spec/fixtures/redhat-5-x86_64-pam_system_auth_ac +++ /dev/null @@ -1,23 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -# Auth -auth required pam_env.so -auth sufficient pam_unix.so nullok try_first_pass -auth requisite pam_succeed_if.so uid >= 500 quiet -auth required pam_deny.so - -# Account -account required pam_unix.so -account sufficient pam_succeed_if.so uid < 500 quiet -account required pam_permit.so - -# Password -password requisite pam_cracklib.so try_first_pass retry=3 -password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok -password required pam_deny.so - -# Session -session optional pam_keyinit.so revoke -session required pam_limits.so -session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid -session required pam_unix.so diff --git a/spec/fixtures/redhat-6-x86_64-pam_d_login b/spec/fixtures/redhat-6-x86_64-pam_d_login deleted file mode 100644 index 5223575f..00000000 --- a/spec/fixtures/redhat-6-x86_64-pam_d_login +++ /dev/null @@ -1,17 +0,0 @@ -#%PAM-1.0 -auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so -auth include system-auth -account required pam_nologin.so -account include system-auth -account required pam_access.so -password include system-auth -# pam_selinux.so close should be the first session rule -session required pam_selinux.so close -session required pam_loginuid.so -session optional pam_console.so -# pam_selinux.so open should only be followed by sessions to be executed in the user context -session required pam_selinux.so open -session required pam_namespace.so -session optional pam_keyinit.so force revoke -session include system-auth --session optional pam_ck_connector.so diff --git a/spec/fixtures/redhat-6-x86_64-pam_d_sshd b/spec/fixtures/redhat-6-x86_64-pam_d_sshd deleted file mode 100644 index 0f5a66d0..00000000 --- a/spec/fixtures/redhat-6-x86_64-pam_d_sshd +++ /dev/null @@ -1,14 +0,0 @@ -#%PAM-1.0 -auth required pam_sepermit.so -auth include password-auth -account required pam_access.so -account required pam_nologin.so -account include password-auth -password include password-auth -# pam_selinux.so close should be the first session rule -session required pam_selinux.so close -session required pam_loginuid.so -# pam_selinux.so open should only be followed by sessions to be executed in the user context -session required pam_selinux.so open env_params -session optional pam_keyinit.so force revoke -session include password-auth diff --git a/spec/fixtures/redhat-6-x86_64-pam_password_auth_ac b/spec/fixtures/redhat-6-x86_64-pam_password_auth_ac deleted file mode 100644 index 85898b97..00000000 --- a/spec/fixtures/redhat-6-x86_64-pam_password_auth_ac +++ /dev/null @@ -1,25 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -# -# Auth -auth required pam_env.so -auth sufficient pam_unix.so nullok try_first_pass -auth requisite pam_succeed_if.so uid >= 500 quiet -auth required pam_deny.so - -# Account -account required pam_unix.so -account sufficient pam_localuser.so -account sufficient pam_succeed_if.so uid < 500 quiet -account required pam_permit.so - -# Password -password requisite pam_cracklib.so try_first_pass retry=3 type= -password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok -password required pam_deny.so - -# Session -session optional pam_keyinit.so revoke -session required pam_limits.so -session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid -session required pam_unix.so diff --git a/spec/fixtures/redhat-6-x86_64-pam_system_auth_ac b/spec/fixtures/redhat-6-x86_64-pam_system_auth_ac deleted file mode 100644 index b4faf961..00000000 --- a/spec/fixtures/redhat-6-x86_64-pam_system_auth_ac +++ /dev/null @@ -1,25 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -# Auth -auth required pam_env.so -auth sufficient pam_fprintd.so -auth sufficient pam_unix.so nullok try_first_pass -auth requisite pam_succeed_if.so uid >= 500 quiet -auth required pam_deny.so - -# Account -account required pam_unix.so -account sufficient pam_localuser.so -account sufficient pam_succeed_if.so uid < 500 quiet -account required pam_permit.so - -# Password -password requisite pam_cracklib.so try_first_pass retry=3 type= -password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok -password required pam_deny.so - -# Session -session optional pam_keyinit.so revoke -session required pam_limits.so -session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid -session required pam_unix.so diff --git a/spec/fixtures/sles-10-x86_64-pam_common_account b/spec/fixtures/sles-10-x86_64-pam_common_account deleted file mode 100644 index 98517d80..00000000 --- a/spec/fixtures/sles-10-x86_64-pam_common_account +++ /dev/null @@ -1,3 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -account required pam_unix2.so diff --git a/spec/fixtures/sles-10-x86_64-pam_common_auth b/spec/fixtures/sles-10-x86_64-pam_common_auth deleted file mode 100644 index 475d561d..00000000 --- a/spec/fixtures/sles-10-x86_64-pam_common_auth +++ /dev/null @@ -1,4 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -auth required pam_env.so -auth required pam_unix2.so diff --git a/spec/fixtures/sles-10-x86_64-pam_common_password b/spec/fixtures/sles-10-x86_64-pam_common_password deleted file mode 100644 index 2753f801..00000000 --- a/spec/fixtures/sles-10-x86_64-pam_common_password +++ /dev/null @@ -1,4 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -password required pam_pwcheck.so nullok -password required pam_unix2.so nullok use_authtok diff --git a/spec/fixtures/sles-10-x86_64-pam_common_session b/spec/fixtures/sles-10-x86_64-pam_common_session deleted file mode 100644 index 77dfd8c2..00000000 --- a/spec/fixtures/sles-10-x86_64-pam_common_session +++ /dev/null @@ -1,4 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -session required pam_limits.so -session required pam_unix2.so diff --git a/spec/fixtures/sles-10-x86_64-pam_d_login b/spec/fixtures/sles-10-x86_64-pam_d_login deleted file mode 100644 index 45f5d8ad..00000000 --- a/spec/fixtures/sles-10-x86_64-pam_d_login +++ /dev/null @@ -1,10 +0,0 @@ -#%PAM-1.0 -auth required pam_securetty.so -auth include common-auth -auth required pam_nologin.so -account include common-account -password include common-password -session include common-session -session required pam_lastlog.so nowtmp -session required pam_resmgr.so -session optional pam_mail.so standard diff --git a/spec/fixtures/sles-10-x86_64-pam_d_sshd b/spec/fixtures/sles-10-x86_64-pam_d_sshd deleted file mode 100644 index 185f43ec..00000000 --- a/spec/fixtures/sles-10-x86_64-pam_d_sshd +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth include common-auth -auth required pam_nologin.so -account include common-account -password include common-password -session include common-session diff --git a/spec/fixtures/sles-11-x86_64-pam_common_account_pc b/spec/fixtures/sles-11-x86_64-pam_common_account_pc deleted file mode 100644 index 98517d80..00000000 --- a/spec/fixtures/sles-11-x86_64-pam_common_account_pc +++ /dev/null @@ -1,3 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -account required pam_unix2.so diff --git a/spec/fixtures/sles-11-x86_64-pam_common_auth_pc b/spec/fixtures/sles-11-x86_64-pam_common_auth_pc deleted file mode 100644 index 475d561d..00000000 --- a/spec/fixtures/sles-11-x86_64-pam_common_auth_pc +++ /dev/null @@ -1,4 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -auth required pam_env.so -auth required pam_unix2.so diff --git a/spec/fixtures/sles-11-x86_64-pam_common_password_pc b/spec/fixtures/sles-11-x86_64-pam_common_password_pc deleted file mode 100644 index 4a50a380..00000000 --- a/spec/fixtures/sles-11-x86_64-pam_common_password_pc +++ /dev/null @@ -1,4 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -password required pam_pwcheck.so nullok cracklib -password required pam_unix2.so nullok use_authtok diff --git a/spec/fixtures/sles-11-x86_64-pam_common_session_pc b/spec/fixtures/sles-11-x86_64-pam_common_session_pc deleted file mode 100644 index 19759495..00000000 --- a/spec/fixtures/sles-11-x86_64-pam_common_session_pc +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -session required pam_limits.so -session required pam_unix2.so -session optional pam_umask.so diff --git a/spec/fixtures/sles-11-x86_64-pam_d_login b/spec/fixtures/sles-11-x86_64-pam_d_login deleted file mode 100644 index 33cbd957..00000000 --- a/spec/fixtures/sles-11-x86_64-pam_d_login +++ /dev/null @@ -1,12 +0,0 @@ -#%PAM-1.0 -auth requisite pam_nologin.so -auth [user_unknown=ignore success=ok ignore=ignore auth_err=die default=bad] pam_securetty.so -auth include common-auth -account include common-account -account required pam_access.so -password include common-password -session required pam_loginuid.so -session include common-session -session required pam_lastlog.so nowtmp -session optional pam_mail.so standard -session optional pam_ck_connector.so diff --git a/spec/fixtures/sles-11-x86_64-pam_d_sshd b/spec/fixtures/sles-11-x86_64-pam_d_sshd deleted file mode 100644 index 0333284e..00000000 --- a/spec/fixtures/sles-11-x86_64-pam_d_sshd +++ /dev/null @@ -1,9 +0,0 @@ -#%PAM-1.0 -auth requisite pam_nologin.so -auth include common-auth -account required pam_access.so -account requisite pam_nologin.so -account include common-account -password include common-password -session required pam_loginuid.so -session include common-session diff --git a/spec/fixtures/sles-13-x86_64-pam_common_account_pc b/spec/fixtures/sles-13-x86_64-pam_common_account_pc deleted file mode 100644 index 9bda2bfa..00000000 --- a/spec/fixtures/sles-13-x86_64-pam_common_account_pc +++ /dev/null @@ -1,3 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -account required pam_unix.so try_first_pass diff --git a/spec/fixtures/sles-13-x86_64-pam_common_auth_pc b/spec/fixtures/sles-13-x86_64-pam_common_auth_pc deleted file mode 100644 index 414f68dd..00000000 --- a/spec/fixtures/sles-13-x86_64-pam_common_auth_pc +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -auth required pam_env.so -auth optional pam_gnome_keyring.so -auth required pam_unix.so try_first_pass diff --git a/spec/fixtures/sles-13-x86_64-pam_common_password_pc b/spec/fixtures/sles-13-x86_64-pam_common_password_pc deleted file mode 100644 index 16cc09db..00000000 --- a/spec/fixtures/sles-13-x86_64-pam_common_password_pc +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -password requisite pam_cracklib.so -password optional pam_gnome_keyring.so use_authtok -password required pam_unix.so use_authtok nullok shadow try_first_pass diff --git a/spec/fixtures/sles-13-x86_64-pam_common_session_pc b/spec/fixtures/sles-13-x86_64-pam_common_session_pc deleted file mode 100644 index 1f270f52..00000000 --- a/spec/fixtures/sles-13-x86_64-pam_common_session_pc +++ /dev/null @@ -1,8 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -session required pam_limits.so -session required pam_unix.so try_first_pass -session optional pam_umask.so -session optional pam_systemd.so -session optional pam_gnome_keyring.so auto_start only_if=gdm,gdm-password,lxdm,lightdm -session optional pam_env.so diff --git a/spec/fixtures/sles-13-x86_64-pam_d_login b/spec/fixtures/sles-13-x86_64-pam_d_login deleted file mode 100644 index a2a050f6..00000000 --- a/spec/fixtures/sles-13-x86_64-pam_d_login +++ /dev/null @@ -1,9 +0,0 @@ -#%PAM-1.0 -auth requisite pam_nologin.so -auth [user_unknown=ignore success=ok ignore=ignore auth_err=die default=bad] pam_securetty.so -auth include common-auth -account include common-account -password include common-password -session required pam_loginuid.so -session include common-session -session optional pam_mail.so standard diff --git a/spec/fixtures/sles-13-x86_64-pam_d_sshd b/spec/fixtures/sles-13-x86_64-pam_d_sshd deleted file mode 100644 index 5fe05937..00000000 --- a/spec/fixtures/sles-13-x86_64-pam_d_sshd +++ /dev/null @@ -1,9 +0,0 @@ -#%PAM-1.0 -auth requisite pam_nologin.so -auth include common-auth -account requisite pam_nologin.so -account include common-account -password include common-password -session required pam_loginuid.so -session include common-session -session optional pam_lastlog.so silent noupdate showfailed diff --git a/spec/fixtures/sles-9-x86_64-pam_d_login b/spec/fixtures/sles-9-x86_64-pam_d_login deleted file mode 100644 index 91e566cb..00000000 --- a/spec/fixtures/sles-9-x86_64-pam_d_login +++ /dev/null @@ -1,11 +0,0 @@ -#%PAM-1.0 -auth requisite pam_unix2.so nullok -auth required pam_securetty.so -auth required pam_nologin.so -auth required pam_env.so -auth required pam_mail.so -account required pam_unix2.so -password required pam_pwcheck.so nullok -password required pam_unix2.so nullok use_first_pass use_authtok -session required pam_unix2.so none -session required pam_limits.so diff --git a/spec/fixtures/sles-9-x86_64-pam_d_sshd b/spec/fixtures/sles-9-x86_64-pam_d_sshd deleted file mode 100644 index c8e925cb..00000000 --- a/spec/fixtures/sles-9-x86_64-pam_d_sshd +++ /dev/null @@ -1,10 +0,0 @@ -#%PAM-1.0 -auth required pam_unix2.so # set_secrpc -auth required pam_nologin.so -auth required pam_env.so -account required pam_unix2.so -account required pam_nologin.so -password required pam_pwcheck.so -password required pam_unix2.so use_first_pass use_authtok -session required pam_unix2.so none # trace or debug -session required pam_limits.so diff --git a/spec/fixtures/sles-9-x86_64-pam_other b/spec/fixtures/sles-9-x86_64-pam_other deleted file mode 100644 index 6e37c390..00000000 --- a/spec/fixtures/sles-9-x86_64-pam_other +++ /dev/null @@ -1,17 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -# Auth -auth required pam_warn.so -auth required pam_unix2.so - -# Account -account required pam_warn.so -account required pam_unix2.so - -# Password -password required pam_warn.so -password required pam_pwcheck.so use_cracklib - -# Session -session required pam_warn.so -session required pam_unix2.so debug diff --git a/spec/fixtures/ubuntu-12.04-x86_64-pam_common_account b/spec/fixtures/ubuntu-12.04-x86_64-pam_common_account deleted file mode 100644 index 9d331866..00000000 --- a/spec/fixtures/ubuntu-12.04-x86_64-pam_common_account +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so -account requisite pam_deny.so -account required pam_permit.so diff --git a/spec/fixtures/ubuntu-12.04-x86_64-pam_common_auth b/spec/fixtures/ubuntu-12.04-x86_64-pam_common_auth deleted file mode 100644 index f629ec0b..00000000 --- a/spec/fixtures/ubuntu-12.04-x86_64-pam_common_auth +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -auth [success=1 default=ignore] pam_unix.so nullok_secure -auth requisite pam_deny.so -auth required pam_permit.so diff --git a/spec/fixtures/ubuntu-12.04-x86_64-pam_common_password b/spec/fixtures/ubuntu-12.04-x86_64-pam_common_password deleted file mode 100644 index 7f278d0e..00000000 --- a/spec/fixtures/ubuntu-12.04-x86_64-pam_common_password +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -password [success=1 default=ignore] pam_unix.so obscure sha512 -password requisite pam_deny.so -password required pam_permit.so diff --git a/spec/fixtures/ubuntu-12.04-x86_64-pam_common_session b/spec/fixtures/ubuntu-12.04-x86_64-pam_common_session deleted file mode 100644 index 5893e675..00000000 --- a/spec/fixtures/ubuntu-12.04-x86_64-pam_common_session +++ /dev/null @@ -1,7 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -session [default=1] pam_permit.so -session requisite pam_deny.so -session required pam_permit.so -session optional pam_umask.so -session required pam_unix.so diff --git a/spec/fixtures/ubuntu-12.04-x86_64-pam_common_session_noninteractive b/spec/fixtures/ubuntu-12.04-x86_64-pam_common_session_noninteractive deleted file mode 100644 index 5893e675..00000000 --- a/spec/fixtures/ubuntu-12.04-x86_64-pam_common_session_noninteractive +++ /dev/null @@ -1,7 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -session [default=1] pam_permit.so -session requisite pam_deny.so -session required pam_permit.so -session optional pam_umask.so -session required pam_unix.so diff --git a/spec/fixtures/ubuntu-12.04-x86_64-pam_d_login b/spec/fixtures/ubuntu-12.04-x86_64-pam_d_login deleted file mode 100644 index 980ff7d6..00000000 --- a/spec/fixtures/ubuntu-12.04-x86_64-pam_d_login +++ /dev/null @@ -1,16 +0,0 @@ -auth optional pam_faildelay.so delay=3000000 -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so -auth requisite pam_nologin.so -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_env.so readenv=1 -session required pam_env.so readenv=1 envfile=/etc/default/locale -@include common-auth -auth optional pam_group.so -session required pam_limits.so -session optional pam_lastlog.so -session optional pam_motd.so -session optional pam_mail.so standard -@include common-account -@include common-session -@include common-password -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open diff --git a/spec/fixtures/ubuntu-12.04-x86_64-pam_d_sshd b/spec/fixtures/ubuntu-12.04-x86_64-pam_d_sshd deleted file mode 100644 index 50c77640..00000000 --- a/spec/fixtures/ubuntu-12.04-x86_64-pam_d_sshd +++ /dev/null @@ -1,11 +0,0 @@ -auth required pam_env.so # [1] -auth required pam_env.so envfile=/etc/default/locale -@include common-auth -account required pam_nologin.so -account required pam_access.so -@include common-account -@include common-session -session optional pam_motd.so # [1] -session optional pam_mail.so standard noenv # [1] -session required pam_limits.so -@include common-password diff --git a/spec/fixtures/ubuntu-14.04-x86_64-pam_common_account b/spec/fixtures/ubuntu-14.04-x86_64-pam_common_account deleted file mode 100644 index 9d331866..00000000 --- a/spec/fixtures/ubuntu-14.04-x86_64-pam_common_account +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so -account requisite pam_deny.so -account required pam_permit.so diff --git a/spec/fixtures/ubuntu-14.04-x86_64-pam_common_auth b/spec/fixtures/ubuntu-14.04-x86_64-pam_common_auth deleted file mode 100644 index 9800d8c4..00000000 --- a/spec/fixtures/ubuntu-14.04-x86_64-pam_common_auth +++ /dev/null @@ -1,6 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -auth [success=1 default=ignore] pam_unix.so nullok_secure -auth requisite pam_deny.so -auth required pam_permit.so -auth optional pam_cap.so diff --git a/spec/fixtures/ubuntu-14.04-x86_64-pam_common_password b/spec/fixtures/ubuntu-14.04-x86_64-pam_common_password deleted file mode 100644 index 7f278d0e..00000000 --- a/spec/fixtures/ubuntu-14.04-x86_64-pam_common_password +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -password [success=1 default=ignore] pam_unix.so obscure sha512 -password requisite pam_deny.so -password required pam_permit.so diff --git a/spec/fixtures/ubuntu-14.04-x86_64-pam_common_session b/spec/fixtures/ubuntu-14.04-x86_64-pam_common_session deleted file mode 100644 index 0eb89d03..00000000 --- a/spec/fixtures/ubuntu-14.04-x86_64-pam_common_session +++ /dev/null @@ -1,8 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -session [default=1] pam_permit.so -session requisite pam_deny.so -session required pam_permit.so -session optional pam_umask.so -session required pam_unix.so -session optional pam_systemd.so diff --git a/spec/fixtures/ubuntu-14.04-x86_64-pam_common_session_noninteractive b/spec/fixtures/ubuntu-14.04-x86_64-pam_common_session_noninteractive deleted file mode 100644 index 0eb89d03..00000000 --- a/spec/fixtures/ubuntu-14.04-x86_64-pam_common_session_noninteractive +++ /dev/null @@ -1,8 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -session [default=1] pam_permit.so -session requisite pam_deny.so -session required pam_permit.so -session optional pam_umask.so -session required pam_unix.so -session optional pam_systemd.so diff --git a/spec/fixtures/ubuntu-14.04-x86_64-pam_d_login b/spec/fixtures/ubuntu-14.04-x86_64-pam_d_login deleted file mode 100644 index 8bf0fcaa..00000000 --- a/spec/fixtures/ubuntu-14.04-x86_64-pam_d_login +++ /dev/null @@ -1,17 +0,0 @@ -auth optional pam_faildelay.so delay=3000000 -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so -auth requisite pam_nologin.so -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_env.so readenv=1 -session required pam_env.so readenv=1 envfile=/etc/default/locale -@include common-auth -auth optional pam_group.so -session required pam_limits.so -session optional pam_lastlog.so -session optional pam_motd.so motd=/run/motd.dynamic noupdate -session optional pam_motd.so -session optional pam_mail.so standard -@include common-account -@include common-session -@include common-password -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open diff --git a/spec/fixtures/ubuntu-14.04-x86_64-pam_d_sshd b/spec/fixtures/ubuntu-14.04-x86_64-pam_d_sshd deleted file mode 100644 index 8be2993d..00000000 --- a/spec/fixtures/ubuntu-14.04-x86_64-pam_d_sshd +++ /dev/null @@ -1,16 +0,0 @@ -@include common-auth -account required pam_nologin.so -account required pam_access.so -@include common-account -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_loginuid.so -session optional pam_keyinit.so force revoke -@include common-session -session optional pam_motd.so motd=/run/motd.dynamic noupdate -session optional pam_motd.so # [1] -session optional pam_mail.so standard noenv # [1] -session required pam_limits.so -session required pam_env.so # [1] -session required pam_env.so user_readenv=1 envfile=/etc/default/locale -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -@include common-password diff --git a/spec/fixtures/ubuntu-16.04-x86_64-pam_common_account b/spec/fixtures/ubuntu-16.04-x86_64-pam_common_account deleted file mode 100644 index 9d331866..00000000 --- a/spec/fixtures/ubuntu-16.04-x86_64-pam_common_account +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so -account requisite pam_deny.so -account required pam_permit.so diff --git a/spec/fixtures/ubuntu-16.04-x86_64-pam_common_auth b/spec/fixtures/ubuntu-16.04-x86_64-pam_common_auth deleted file mode 100644 index f629ec0b..00000000 --- a/spec/fixtures/ubuntu-16.04-x86_64-pam_common_auth +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -auth [success=1 default=ignore] pam_unix.so nullok_secure -auth requisite pam_deny.so -auth required pam_permit.so diff --git a/spec/fixtures/ubuntu-16.04-x86_64-pam_common_password b/spec/fixtures/ubuntu-16.04-x86_64-pam_common_password deleted file mode 100644 index 7f278d0e..00000000 --- a/spec/fixtures/ubuntu-16.04-x86_64-pam_common_password +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -password [success=1 default=ignore] pam_unix.so obscure sha512 -password requisite pam_deny.so -password required pam_permit.so diff --git a/spec/fixtures/ubuntu-16.04-x86_64-pam_common_session b/spec/fixtures/ubuntu-16.04-x86_64-pam_common_session deleted file mode 100644 index 0eb89d03..00000000 --- a/spec/fixtures/ubuntu-16.04-x86_64-pam_common_session +++ /dev/null @@ -1,8 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -session [default=1] pam_permit.so -session requisite pam_deny.so -session required pam_permit.so -session optional pam_umask.so -session required pam_unix.so -session optional pam_systemd.so diff --git a/spec/fixtures/ubuntu-16.04-x86_64-pam_common_session_noninteractive b/spec/fixtures/ubuntu-16.04-x86_64-pam_common_session_noninteractive deleted file mode 100644 index 0eb89d03..00000000 --- a/spec/fixtures/ubuntu-16.04-x86_64-pam_common_session_noninteractive +++ /dev/null @@ -1,8 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -session [default=1] pam_permit.so -session requisite pam_deny.so -session required pam_permit.so -session optional pam_umask.so -session required pam_unix.so -session optional pam_systemd.so diff --git a/spec/fixtures/ubuntu-16.04-x86_64-pam_d_login b/spec/fixtures/ubuntu-16.04-x86_64-pam_d_login deleted file mode 100644 index fbd797b3..00000000 --- a/spec/fixtures/ubuntu-16.04-x86_64-pam_d_login +++ /dev/null @@ -1,18 +0,0 @@ -auth optional pam_faildelay.so delay=3000000 -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so -auth requisite pam_nologin.so -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_env.so readenv=1 -session required pam_env.so readenv=1 envfile=/etc/default/locale -@include common-auth -auth optional pam_group.so -session required pam_limits.so -session optional pam_lastlog.so -session optional pam_motd.so motd=/run/motd.dynamic -session optional pam_motd.so noupdate -session optional pam_mail.so standard -session required pam_loginuid.so -@include common-account -@include common-session -@include common-password -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open diff --git a/spec/fixtures/ubuntu-16.04-x86_64-pam_d_sshd b/spec/fixtures/ubuntu-16.04-x86_64-pam_d_sshd deleted file mode 100644 index b7abed03..00000000 --- a/spec/fixtures/ubuntu-16.04-x86_64-pam_d_sshd +++ /dev/null @@ -1,16 +0,0 @@ -@include common-auth -account required pam_nologin.so -account required pam_access.so -@include common-account -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_loginuid.so -session optional pam_keyinit.so force revoke -@include common-session -session optional pam_motd.so motd=/run/motd.dynamic -session optional pam_motd.so noupdate -session optional pam_mail.so standard noenv # [1] -session required pam_limits.so -session required pam_env.so # [1] -session required pam_env.so user_readenv=1 envfile=/etc/default/locale -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -@include common-password diff --git a/spec/fixtures/ubuntu-18.04-x86_64-pam_common_account b/spec/fixtures/ubuntu-18.04-x86_64-pam_common_account deleted file mode 100644 index 9d331866..00000000 --- a/spec/fixtures/ubuntu-18.04-x86_64-pam_common_account +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so -account requisite pam_deny.so -account required pam_permit.so diff --git a/spec/fixtures/ubuntu-18.04-x86_64-pam_common_auth b/spec/fixtures/ubuntu-18.04-x86_64-pam_common_auth deleted file mode 100644 index 9800d8c4..00000000 --- a/spec/fixtures/ubuntu-18.04-x86_64-pam_common_auth +++ /dev/null @@ -1,6 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -auth [success=1 default=ignore] pam_unix.so nullok_secure -auth requisite pam_deny.so -auth required pam_permit.so -auth optional pam_cap.so diff --git a/spec/fixtures/ubuntu-18.04-x86_64-pam_common_password b/spec/fixtures/ubuntu-18.04-x86_64-pam_common_password deleted file mode 100644 index 7f278d0e..00000000 --- a/spec/fixtures/ubuntu-18.04-x86_64-pam_common_password +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -password [success=1 default=ignore] pam_unix.so obscure sha512 -password requisite pam_deny.so -password required pam_permit.so diff --git a/spec/fixtures/ubuntu-18.04-x86_64-pam_common_session b/spec/fixtures/ubuntu-18.04-x86_64-pam_common_session deleted file mode 100644 index 0eb89d03..00000000 --- a/spec/fixtures/ubuntu-18.04-x86_64-pam_common_session +++ /dev/null @@ -1,8 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -session [default=1] pam_permit.so -session requisite pam_deny.so -session required pam_permit.so -session optional pam_umask.so -session required pam_unix.so -session optional pam_systemd.so diff --git a/spec/fixtures/ubuntu-18.04-x86_64-pam_common_session_noninteractive b/spec/fixtures/ubuntu-18.04-x86_64-pam_common_session_noninteractive deleted file mode 100644 index 0eb89d03..00000000 --- a/spec/fixtures/ubuntu-18.04-x86_64-pam_common_session_noninteractive +++ /dev/null @@ -1,8 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -session [default=1] pam_permit.so -session requisite pam_deny.so -session required pam_permit.so -session optional pam_umask.so -session required pam_unix.so -session optional pam_systemd.so diff --git a/spec/fixtures/ubuntu-18.04-x86_64-pam_d_login b/spec/fixtures/ubuntu-18.04-x86_64-pam_d_login deleted file mode 100644 index 11910a49..00000000 --- a/spec/fixtures/ubuntu-18.04-x86_64-pam_d_login +++ /dev/null @@ -1,18 +0,0 @@ -auth optional pam_faildelay.so delay=3000000 -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so -auth requisite pam_nologin.so -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_loginuid.so -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -session required pam_env.so readenv=1 -session required pam_env.so readenv=1 envfile=/etc/default/locale -@include common-auth -auth optional pam_group.so -session required pam_limits.so -session optional pam_lastlog.so -session optional pam_motd.so motd=/run/motd.dynamic -session optional pam_motd.so noupdate -session optional pam_mail.so standard -@include common-account -@include common-session -@include common-password diff --git a/spec/fixtures/ubuntu-18.04-x86_64-pam_d_sshd b/spec/fixtures/ubuntu-18.04-x86_64-pam_d_sshd deleted file mode 100644 index efd02efa..00000000 --- a/spec/fixtures/ubuntu-18.04-x86_64-pam_d_sshd +++ /dev/null @@ -1,17 +0,0 @@ -@include common-auth -account required pam_nologin.so -account required pam_access.so -@include common-account -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_loginuid.so -session optional pam_keyinit.so force revoke -@include common-session -session optional pam_motd.so motd=/run/motd.dynamic -session optional pam_motd.so noupdate -session optional pam_mail.so standard noenv # [1] -session required pam_limits.so -session required pam_env.so # [1] -session required pam_env.so user_readenv=1 envfile=/etc/default/locale -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -@include common-password - diff --git a/templates/login.debian7.erb b/templates/login.debian7.erb deleted file mode 100644 index 82fdf469..00000000 --- a/templates/login.debian7.erb +++ /dev/null @@ -1,17 +0,0 @@ -auth optional pam_faildelay.so delay=3000000 -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so -auth requisite pam_nologin.so -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_env.so readenv=1 -session required pam_env.so readenv=1 envfile=/etc/default/locale -@include common-auth -auth optional pam_group.so -session required pam_limits.so -session optional pam_lastlog.so -session optional pam_motd.so motd=/run/motd.dynamic -session optional pam_motd.so -session optional pam_mail.so standard -@include common-account -@include common-session -@include common-password -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open diff --git a/templates/login.debian8.erb b/templates/login.debian8.erb deleted file mode 100644 index 3e2397b8..00000000 --- a/templates/login.debian8.erb +++ /dev/null @@ -1,18 +0,0 @@ -auth optional pam_faildelay.so delay=3000000 -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so -auth requisite pam_nologin.so -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_env.so readenv=1 -session required pam_env.so readenv=1 envfile=/etc/default/locale -@include common-auth -auth optional pam_group.so -session required pam_limits.so -session optional pam_lastlog.so -session optional pam_exec.so type=open_session stdout /bin/uname -snrvm -session optional pam_motd.so -session optional pam_mail.so standard -session required pam_loginuid.so -@include common-account -@include common-session -@include common-password -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open diff --git a/templates/login.debian9.erb b/templates/login.debian9.erb deleted file mode 100644 index dcd6327f..00000000 --- a/templates/login.debian9.erb +++ /dev/null @@ -1,19 +0,0 @@ -auth optional pam_faildelay.so delay=3000000 -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so -auth requisite pam_nologin.so -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_loginuid.so -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -session required pam_env.so readenv=1 -session required pam_env.so readenv=1 envfile=/etc/default/locale -@include common-auth -auth optional pam_group.so -session required pam_limits.so -session optional pam_lastlog.so -session optional pam_motd.so motd=/run/motd.dynamic -session optional pam_motd.so noupdate -session optional pam_mail.so standard -session optional pam_keyinit.so force revoke -@include common-account -@include common-session -@include common-password diff --git a/templates/login.el5.erb b/templates/login.el5.erb deleted file mode 100644 index baa45857..00000000 --- a/templates/login.el5.erb +++ /dev/null @@ -1,23 +0,0 @@ -#%PAM-1.0 -auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so -auth include system-auth -account required pam_nologin.so -account include system-auth -<% if @login_pam_access != 'absent' -%> -account <%= @login_pam_access %> pam_access.so -<% end -%> -password include system-auth -# pam_selinux.so close should be the first session rule -session required pam_selinux.so close -session optional pam_keyinit.so force revoke -session required pam_loginuid.so -session include system-auth -session optional pam_console.so -# pam_selinux.so open should only be followed by sessions to be executed in the user context -session required pam_selinux.so open -<% if @pam_d_login_oracle_options != [] -%> -# oracle options -<% @pam_d_login_oracle_options.each do |option| -%> -<%= option %> -<% end -%> -<% end -%> diff --git a/templates/login.el6.erb b/templates/login.el6.erb deleted file mode 100644 index cb2be104..00000000 --- a/templates/login.el6.erb +++ /dev/null @@ -1,19 +0,0 @@ -#%PAM-1.0 -auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so -auth include system-auth -account required pam_nologin.so -account include system-auth -<% if @login_pam_access != 'absent' -%> -account <%= @login_pam_access %> pam_access.so -<% end -%> -password include system-auth -# pam_selinux.so close should be the first session rule -session required pam_selinux.so close -session required pam_loginuid.so -session optional pam_console.so -# pam_selinux.so open should only be followed by sessions to be executed in the user context -session required pam_selinux.so open -session required pam_namespace.so -session optional pam_keyinit.so force revoke -session include system-auth --session optional pam_ck_connector.so diff --git a/templates/login.suse10.erb b/templates/login.suse10.erb deleted file mode 100644 index 45f5d8ad..00000000 --- a/templates/login.suse10.erb +++ /dev/null @@ -1,10 +0,0 @@ -#%PAM-1.0 -auth required pam_securetty.so -auth include common-auth -auth required pam_nologin.so -account include common-account -password include common-password -session include common-session -session required pam_lastlog.so nowtmp -session required pam_resmgr.so -session optional pam_mail.so standard diff --git a/templates/login.suse11.erb b/templates/login.suse11.erb deleted file mode 100644 index 81d8bf31..00000000 --- a/templates/login.suse11.erb +++ /dev/null @@ -1,14 +0,0 @@ -#%PAM-1.0 -auth requisite pam_nologin.so -auth [user_unknown=ignore success=ok ignore=ignore auth_err=die default=bad] pam_securetty.so -auth include common-auth -account include common-account -<% if @login_pam_access != 'absent' -%> -account <%= @login_pam_access %> pam_access.so -<% end -%> -password include common-password -session required pam_loginuid.so -session include common-session -session required pam_lastlog.so nowtmp -session optional pam_mail.so standard -session optional pam_ck_connector.so diff --git a/templates/login.suse13.erb b/templates/login.suse13.erb deleted file mode 100644 index a2a050f6..00000000 --- a/templates/login.suse13.erb +++ /dev/null @@ -1,9 +0,0 @@ -#%PAM-1.0 -auth requisite pam_nologin.so -auth [user_unknown=ignore success=ok ignore=ignore auth_err=die default=bad] pam_securetty.so -auth include common-auth -account include common-account -password include common-password -session required pam_loginuid.so -session include common-session -session optional pam_mail.so standard diff --git a/templates/login.suse9.erb b/templates/login.suse9.erb deleted file mode 100644 index 91e566cb..00000000 --- a/templates/login.suse9.erb +++ /dev/null @@ -1,11 +0,0 @@ -#%PAM-1.0 -auth requisite pam_unix2.so nullok -auth required pam_securetty.so -auth required pam_nologin.so -auth required pam_env.so -auth required pam_mail.so -account required pam_unix2.so -password required pam_pwcheck.so nullok -password required pam_unix2.so nullok use_first_pass use_authtok -session required pam_unix2.so none -session required pam_limits.so diff --git a/templates/login.ubuntu12.erb b/templates/login.ubuntu12.erb deleted file mode 100644 index 980ff7d6..00000000 --- a/templates/login.ubuntu12.erb +++ /dev/null @@ -1,16 +0,0 @@ -auth optional pam_faildelay.so delay=3000000 -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so -auth requisite pam_nologin.so -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_env.so readenv=1 -session required pam_env.so readenv=1 envfile=/etc/default/locale -@include common-auth -auth optional pam_group.so -session required pam_limits.so -session optional pam_lastlog.so -session optional pam_motd.so -session optional pam_mail.so standard -@include common-account -@include common-session -@include common-password -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open diff --git a/templates/login.ubuntu14.erb b/templates/login.ubuntu14.erb deleted file mode 100644 index 8bf0fcaa..00000000 --- a/templates/login.ubuntu14.erb +++ /dev/null @@ -1,17 +0,0 @@ -auth optional pam_faildelay.so delay=3000000 -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so -auth requisite pam_nologin.so -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_env.so readenv=1 -session required pam_env.so readenv=1 envfile=/etc/default/locale -@include common-auth -auth optional pam_group.so -session required pam_limits.so -session optional pam_lastlog.so -session optional pam_motd.so motd=/run/motd.dynamic noupdate -session optional pam_motd.so -session optional pam_mail.so standard -@include common-account -@include common-session -@include common-password -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open diff --git a/templates/login.ubuntu16.erb b/templates/login.ubuntu16.erb deleted file mode 100644 index fbd797b3..00000000 --- a/templates/login.ubuntu16.erb +++ /dev/null @@ -1,18 +0,0 @@ -auth optional pam_faildelay.so delay=3000000 -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so -auth requisite pam_nologin.so -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_env.so readenv=1 -session required pam_env.so readenv=1 envfile=/etc/default/locale -@include common-auth -auth optional pam_group.so -session required pam_limits.so -session optional pam_lastlog.so -session optional pam_motd.so motd=/run/motd.dynamic -session optional pam_motd.so noupdate -session optional pam_mail.so standard -session required pam_loginuid.so -@include common-account -@include common-session -@include common-password -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open diff --git a/templates/login.ubuntu18.erb b/templates/login.ubuntu18.erb deleted file mode 100644 index 11910a49..00000000 --- a/templates/login.ubuntu18.erb +++ /dev/null @@ -1,18 +0,0 @@ -auth optional pam_faildelay.so delay=3000000 -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so -auth requisite pam_nologin.so -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_loginuid.so -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -session required pam_env.so readenv=1 -session required pam_env.so readenv=1 envfile=/etc/default/locale -@include common-auth -auth optional pam_group.so -session required pam_limits.so -session optional pam_lastlog.so -session optional pam_motd.so motd=/run/motd.dynamic -session optional pam_motd.so noupdate -session optional pam_mail.so standard -@include common-account -@include common-session -@include common-password diff --git a/templates/sshd.debian7.erb b/templates/sshd.debian7.erb deleted file mode 100644 index df0bd081..00000000 --- a/templates/sshd.debian7.erb +++ /dev/null @@ -1,14 +0,0 @@ -auth required pam_env.so # [1] -auth required pam_env.so envfile=/etc/default/locale -@include common-auth -account required pam_nologin.so -<% if @sshd_pam_access != 'absent' -%> -account <%= @sshd_pam_access %> pam_access.so -<% end -%> -@include common-account -@include common-session -session optional pam_motd.so motd=/run/motd.dynamic noupdate -session optional pam_motd.so # [1] -session optional pam_mail.so standard noenv # [1] -session required pam_limits.so -@include common-password diff --git a/templates/sshd.debian8.erb b/templates/sshd.debian8.erb deleted file mode 100644 index 565c0864..00000000 --- a/templates/sshd.debian8.erb +++ /dev/null @@ -1,17 +0,0 @@ -@include common-auth -account required pam_nologin.so -<% if @sshd_pam_access != 'absent' -%> -account <%= @sshd_pam_access %> pam_access.so -<% end -%> -@include common-account -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_loginuid.so -session optional pam_keyinit.so force revoke -@include common-session -session optional pam_motd.so motd=/run/motd.dynamic -session optional pam_motd.so noupdate # [1] -session required pam_limits.so -session required pam_env.so # [1] -session required pam_env.so user_readenv=1 envfile=/etc/default/locale -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -@include common-password diff --git a/templates/sshd.debian9.erb b/templates/sshd.debian9.erb deleted file mode 100644 index 650bf6ac..00000000 --- a/templates/sshd.debian9.erb +++ /dev/null @@ -1,15 +0,0 @@ -@include common-auth -account required pam_nologin.so -<% if @sshd_pam_access != 'absent' -%> -account <%= @sshd_pam_access %> pam_access.so -<% end -%> -@include common-account -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_loginuid.so -session optional pam_keyinit.so force revoke -@include common-session -session optional pam_motd.so motd=/run/motd.dynamic -session optional pam_motd.so noupdate -session required pam_limits.so -session required pam_env.so user_readenv=1 envfile=/etc/default/locale -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open diff --git a/templates/sshd.el5.erb b/templates/sshd.el5.erb deleted file mode 100644 index 12d64395..00000000 --- a/templates/sshd.el5.erb +++ /dev/null @@ -1,11 +0,0 @@ -#%PAM-1.0 -auth include system-auth -account required pam_nologin.so -account include system-auth -<% if @sshd_pam_access != 'absent' -%> -account <%= @sshd_pam_access %> pam_access.so -<% end -%> -password include system-auth -session optional pam_keyinit.so force revoke -session include system-auth -session required pam_loginuid.so diff --git a/templates/sshd.el6.erb b/templates/sshd.el6.erb deleted file mode 100644 index 1999b258..00000000 --- a/templates/sshd.el6.erb +++ /dev/null @@ -1,16 +0,0 @@ -#%PAM-1.0 -auth required pam_sepermit.so -auth include password-auth -<% if @sshd_pam_access != 'absent' -%> -account <%= @sshd_pam_access %> pam_access.so -<% end -%> -account required pam_nologin.so -account include password-auth -password include password-auth -# pam_selinux.so close should be the first session rule -session required pam_selinux.so close -session required pam_loginuid.so -# pam_selinux.so open should only be followed by sessions to be executed in the user context -session required pam_selinux.so open env_params -session optional pam_keyinit.so force revoke -session include password-auth diff --git a/templates/sshd.suse10.erb b/templates/sshd.suse10.erb deleted file mode 100644 index 185f43ec..00000000 --- a/templates/sshd.suse10.erb +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth include common-auth -auth required pam_nologin.so -account include common-account -password include common-password -session include common-session diff --git a/templates/sshd.suse11.erb b/templates/sshd.suse11.erb deleted file mode 100644 index 10040b2e..00000000 --- a/templates/sshd.suse11.erb +++ /dev/null @@ -1,11 +0,0 @@ -#%PAM-1.0 -auth requisite pam_nologin.so -auth include common-auth -<% if @sshd_pam_access != 'absent' -%> -account <%= @sshd_pam_access %> pam_access.so -<% end -%> -account requisite pam_nologin.so -account include common-account -password include common-password -session required pam_loginuid.so -session include common-session diff --git a/templates/sshd.suse13.erb b/templates/sshd.suse13.erb deleted file mode 100644 index 5fe05937..00000000 --- a/templates/sshd.suse13.erb +++ /dev/null @@ -1,9 +0,0 @@ -#%PAM-1.0 -auth requisite pam_nologin.so -auth include common-auth -account requisite pam_nologin.so -account include common-account -password include common-password -session required pam_loginuid.so -session include common-session -session optional pam_lastlog.so silent noupdate showfailed diff --git a/templates/sshd.suse9.erb b/templates/sshd.suse9.erb deleted file mode 100644 index c8e925cb..00000000 --- a/templates/sshd.suse9.erb +++ /dev/null @@ -1,10 +0,0 @@ -#%PAM-1.0 -auth required pam_unix2.so # set_secrpc -auth required pam_nologin.so -auth required pam_env.so -account required pam_unix2.so -account required pam_nologin.so -password required pam_pwcheck.so -password required pam_unix2.so use_first_pass use_authtok -session required pam_unix2.so none # trace or debug -session required pam_limits.so diff --git a/templates/sshd.ubuntu12.erb b/templates/sshd.ubuntu12.erb deleted file mode 100644 index f65793e6..00000000 --- a/templates/sshd.ubuntu12.erb +++ /dev/null @@ -1,13 +0,0 @@ -auth required pam_env.so # [1] -auth required pam_env.so envfile=/etc/default/locale -@include common-auth -account required pam_nologin.so -<% if @sshd_pam_access != 'absent' -%> -account <%= @sshd_pam_access %> pam_access.so -<% end -%> -@include common-account -@include common-session -session optional pam_motd.so # [1] -session optional pam_mail.so standard noenv # [1] -session required pam_limits.so -@include common-password diff --git a/templates/sshd.ubuntu14.erb b/templates/sshd.ubuntu14.erb deleted file mode 100644 index 6070fc5b..00000000 --- a/templates/sshd.ubuntu14.erb +++ /dev/null @@ -1,18 +0,0 @@ -@include common-auth -account required pam_nologin.so -<% if @sshd_pam_access != 'absent' -%> -account <%= @sshd_pam_access %> pam_access.so -<% end -%> -@include common-account -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_loginuid.so -session optional pam_keyinit.so force revoke -@include common-session -session optional pam_motd.so motd=/run/motd.dynamic noupdate -session optional pam_motd.so # [1] -session optional pam_mail.so standard noenv # [1] -session required pam_limits.so -session required pam_env.so # [1] -session required pam_env.so user_readenv=1 envfile=/etc/default/locale -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -@include common-password diff --git a/templates/sshd.ubuntu16.erb b/templates/sshd.ubuntu16.erb deleted file mode 100644 index 4995c2a8..00000000 --- a/templates/sshd.ubuntu16.erb +++ /dev/null @@ -1,18 +0,0 @@ -@include common-auth -account required pam_nologin.so -<% if @sshd_pam_access != 'absent' -%> -account <%= @sshd_pam_access %> pam_access.so -<% end -%> -@include common-account -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_loginuid.so -session optional pam_keyinit.so force revoke -@include common-session -session optional pam_motd.so motd=/run/motd.dynamic -session optional pam_motd.so noupdate -session optional pam_mail.so standard noenv # [1] -session required pam_limits.so -session required pam_env.so # [1] -session required pam_env.so user_readenv=1 envfile=/etc/default/locale -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -@include common-password diff --git a/templates/sshd.ubuntu18.erb b/templates/sshd.ubuntu18.erb deleted file mode 100644 index ceaecf04..00000000 --- a/templates/sshd.ubuntu18.erb +++ /dev/null @@ -1,19 +0,0 @@ -@include common-auth -account required pam_nologin.so -<% if @sshd_pam_access != 'absent' -%> -account <%= @sshd_pam_access %> pam_access.so -<% end -%> -@include common-account -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session required pam_loginuid.so -session optional pam_keyinit.so force revoke -@include common-session -session optional pam_motd.so motd=/run/motd.dynamic -session optional pam_motd.so noupdate -session optional pam_mail.so standard noenv # [1] -session required pam_limits.so -session required pam_env.so # [1] -session required pam_env.so user_readenv=1 envfile=/etc/default/locale -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -@include common-password -