atomaka/tc362
1
0
Fork 0
Code Releases Activity
tc362/manifests/site.pp
Andrew Tomaka e719842645 Change default ssh port 
Security through obscurity is generally questionable, but changing to a
non-default port does reduce automated scans substantially.  However, moving to
a port outside of the privelaged scope (above 1024) may have other consequences.
2014-01-22 09:02:08 -05:00

54 lines
1.2 KiB
Puppet
Raw Blame History

# USERS
user { 'atomaka':
ensure => 'present',
groups => ['sudo'],
managehome => true,
shell => '/bin/zsh',
require => Package['zsh'],
}
file { '/home/atomaka/.ssh':
ensure => directory,
owner => 'atomaka',
group => 'atomaka',
mode => '0700',
require => User['atomaka'],
}
file { '/home/atomaka/.ssh/authorized_keys':
ensure => present,
owner => 'atomaka',
group => 'atomaka',
mode => '0600',
content => file('/tmp/puppet/files/keys/atomaka'),
require => File['/home/atomaka/.ssh'],
}
# PACKAGES
package { 'mosh': }
package { 'zsh': }
# CLASSES
include augeas
include sudo
class { 'ssh::server':
require => Class['augeas'],
}
class { 'apache': }
# CONFIGURATIONS
ssh::server::configline { 'Port': value => '22984' }
ssh::server::configline { 'PermitRootLogin': value => 'no' }
ssh::server::configline { 'PasswordAuthentication': value => 'no' }
ssh::server::configline { 'AllowUsers/1': value => 'atomaka' }
sudo::conf { 'sudo':
priority => 10,
content => "%sudo ALL=(ALL) NOPASSWD: ALL\n",
}
# FILES
file { '/var/www/index.html':
ensure => present,
content => file('/tmp/puppet/files/index.html'),
require => Class['apache'],
}
View git blame Copy permalink