Puppet Class: pam::faillock

Defined in:

manifests/faillock.pp

Summary

Manage faillock.conf

Overview

Parameters:

• config_file (Stdlib::Absolutepath) (defaults to: '/etc/security/faillock.conf') —

  The faillock config path

• config_file_owner (String[1]) (defaults to: 'root') —

  The faillock config owner

• config_file_group (String[1]) (defaults to: 'root') —

  The faillock config group

• config_file_mode (Stdlib::Filemode) (defaults to: '0644') —

  The faillock config mode

• config_file_template (String[1]) (defaults to: 'pam/faillock.conf.erb') —

  The faillock config template

• config_file_source (Optional[Stdlib::Filesource]) (defaults to: undef) —

  The faillock config source

• dir (Stdlib::Absolutepath) (defaults to: '/var/run/faillock') —

  The faillock ‘dir’ config option

• audit_enabled (Optional[Boolean]) (defaults to: undef) —

  The faillock ‘audit’ config option

• silent (Optional[Boolean]) (defaults to: undef) —

  The faillock ‘silent’ config option

• no_log_info (Optional[Boolean]) (defaults to: undef) —

  The faillock ‘no_log_info’ config option

• local_users_only (Optional[Boolean]) (defaults to: undef) —

  The faillock ‘local_users_only’ config option

• deny (Integer[0]) (defaults to: 3) —

  The faillock ‘deny’ config option

• fail_interval (Integer[0]) (defaults to: 900) —

  The faillock ‘fail_interval’ config option

• unlock_time (Integer[0]) (defaults to: 600) —

  The faillock ‘unlock_time’ config option

• even_deny_root (Optional[Boolean]) (defaults to: undef) —

  The faillock ‘even_deny_root’ config option

• root_unlock_time (Integer[0]) (defaults to: $unlock_time) —

  The faillock ‘root_unlock_time’ config option

• admin_group (Optional[String[1]]) (defaults to: undef) —

  The faillock ‘admin_group’ config option

# File 'manifests/faillock.pp', line 38

class pam::faillock (
  Stdlib::Absolutepath $config_file = '/etc/security/faillock.conf',
  String[1] $config_file_owner = 'root',
  String[1] $config_file_group = 'root',
  Stdlib::Filemode $config_file_mode = '0644',
  String[1] $config_file_template = 'pam/faillock.conf.erb',
  Optional[Stdlib::Filesource] $config_file_source = undef,
  Stdlib::Absolutepath $dir = '/var/run/faillock',
  Optional[Boolean] $audit_enabled = undef,
  Optional[Boolean] $silent = undef,
  Optional[Boolean] $no_log_info = undef,
  Optional[Boolean] $local_users_only = undef,
  Integer[0] $deny = 3,
  Integer[0] $fail_interval = 900,
  Integer[0] $unlock_time = 600,
  Optional[Boolean] $even_deny_root = undef,
  Integer[0] $root_unlock_time = $unlock_time,
  Optional[String[1]] $admin_group = undef,
) {
  include pam

  if $config_file_source {
    $_config_file_content = undef
  } else {
    $_config_file_content = template($config_file_template)
  }

  file { 'faillock.conf':
    ensure  => 'file',
    path    => $config_file,
    owner   => $config_file_owner,
    group   => $config_file_group,
    mode    => $config_file_mode,
    content => $_config_file_content,
    source  => $config_file_source,
    require => Package[$pam::package_name],
  }
}