28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
# File 'manifests/rules/redhat/sec_gdm.pp', line 28
class security_baseline::rules::redhat::sec_gdm (
Boolean $enforce = true,
String $message = '',
String $log_level = ''
) {
if($facts['security_baseline']['gnome_gdm']) {
if($enforce) {
file { 'gdm':
ensure => present,
path => '/etc/dconf/profile/gdm',
content => "user-db:user\nsystem-db:gdm\nfile-db:/usr/share/gdm/greeter-dconf-defaults",
}
file { '/etc/dconf/db/gdm.d':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
file { 'banner-login':
ensure => present,
path => '/etc/dconf/db/gdm.d/01-banner-message',
content => "[org/gnome/login-screen]\nbanner-message-enable=true\nbanner-message-text=\'Authorized uses only. All activity may be monitored and reported.\'", #lint:ignore:140chars
require => File['gdm'],
notify => Exec['dconf-gdm-exec'],
}
exec { 'dconf-gdm-exec':
path => '/bin/',
command => 'dconf update',
refreshonly => true,
}
} else {
if($facts['security_baseline']['gnome_gdm_conf'] == false) {
echo { 'gdm-conf':
message => $message,
loglevel => $log_level,
withpath => false,
}
}
}
}
}
|