28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
# File 'manifests/rules/debian/sec_gdm.pp', line 28
class security_baseline::rules::debian::sec_gdm (
Boolean $enforce = true,
String $message = '',
String $log_level = ''
) {
if($facts['security_baseline']['gnome_gdm']) {
if($enforce) {
if($facts['security_baseline']['packages_installed']['gdm3']) {
file { 'gdm':
ensure => present,
path => '/etc/gdm3/greeter.dconf-defaults',
content => "[org/gnome/login-screen]\nbanner-message-enable=true\nbanner-message-text=\'Authorized uses only. All activity may be monitored and reported.\'", #lint:ignore:140chars
}
file { 'banner-login':
ensure => present,
path => '/etc/dconf/db/gdm.d/01-banner-message',
content => "[org/gnome/login-screen]\nbanner-message-enable=true\nbanner-message-text=\'Authorized uses only. All activity may be monitored and reported.\'", #lint:ignore:140chars
require => File['gdm'],
notify => Exec['dconf-gdm-exec'],
}
}
exec { 'dconf-gdm-exec':
path => '/bin/',
command => 'dconf update',
refreshonly => true,
}
} else {
if($facts['security_baseline']['gnome_gdm_conf'] == false) and ($facts['security_baseline']['packages_installed']['gdm3']) {
echo { 'gdm-conf':
message => $message,
loglevel => $log_level,
withpath => false,
}
}
}
}
}
|