Skip to content
This repository was archived by the owner on Feb 21, 2018. It is now read-only.

Add support for AWS Linux 2015.03 #13

Open
wants to merge 11 commits into
base: master
Choose a base branch
from
Open

Add support for AWS Linux 2015.03 #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
f77b1b6
Add support for AWS Linux 2015.03
dstockman Apr 29, 2015
62bb70b
bump version in conditional for 2015.03
dstockman Apr 29, 2015
8bb8b7b
Force AWS Linux to map always to RHEL
dstockman Apr 29, 2015
241d817
Bump module version
dstockman Apr 29, 2015
d53eac4
The pam_unix_control setting is hard-coded to 'sufficient'. When
May 13, 2015
fecaba6
INFRA-334: this should work to allow duo to work with other auths oth…
Jul 10, 2015
538a563
INFRA-334: stupid typo. Missed a brace.
Jul 10, 2015
f5fbb05
Realized that I accidently dropped the $pam_unix_control needed for b…
Jul 13, 2015
9aab35c
INFRA-1285: update OS matching
dstockman Feb 17, 2016
68e2111
INFRA-1532 add support for 2016 aws linux
dstockman Oct 10, 2016
fa84f44
INFRA-6222 - Duo needs to support 2017.xx
tkwilliams Apr 24, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Modulefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name 'duosecurity-duo_unix'
version '0.3.1'
version '0.3.2'
source 'git://github.com/duosecurity/puppet-duo_unix'
author 'Duo Security'
license 'GPLv2'
Expand Down
1 change: 0 additions & 1 deletion manifests/generic.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,5 +29,4 @@
enable => true;
}
}

}
44 changes: 9 additions & 35 deletions manifests/init.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,59 +21,33 @@
$accept_env_factor = 'no',
$manage_ssh = true,
$pam_unix_control = 'requisite',
$pam_primary_module = 'pam_unix.so',
$package_version = 'installed',
) {
if $ikey == '' or $skey == '' or $host == '' {
fail('ikey, skey, and host must all be defined.')
}

if $usage != 'login' and $usage != 'pam' {
fail('You must configure a usage of duo_unix, either login or pam.')
}

case $::osfamily {
'RedHat': {
case $::operatingsystem {
'Amazon': {
$duo_package = 'duo_unix'
$ssh_service = 'sshd'
$gpg_file = '/etc/pki/rpm-gpg/RPM-GPG-KEY-DUO'

$pam_file = $::operatingsystemrelease ? {
/^5/ => '/etc/pam.d/system-auth',
/^(6|7|2014)/ => '/etc/pam.d/password-auth'
}

$pam_module = $::architecture ? {
i386 => '/lib/security/pam_duo.so',
i686 => '/lib/security/pam_duo.so',
x86_64 => '/lib64/security/pam_duo.so'
}
$gpg_file = '/etc/pki/rpm-gpg/RPM-GPG-KEY-DUO'
$pam_file = '/etc/pam.d/password-auth'
$pam_module = '/lib64/security/pam_duo.so'

include duo_unix::yum
include duo_unix::generic
}
'Debian': {
$duo_package = 'duo-unix'
$ssh_service = 'ssh'
$gpg_file = '/etc/apt/DEB-GPG-KEY-DUO'
$pam_file = '/etc/pam.d/common-auth'

$pam_module = $::architecture ? {
i386 => '/lib/security/pam_duo.so',
i686 => '/lib/security/pam_duo.so',
amd64 => '/lib64/security/pam_duo.so'
}

include duo_unix::apt
include duo_unix::generic
}
default: {
fail("Module ${module_name} does not support ${::operatingsystem}")
}
}

if $usage == 'login' {
include duo_unix::login
} else {
} elsif $usage == 'pam' {
include duo_unix::pam
} else {
fail('You must configure a usage of duo_unix, either login or pam.')
}
}
1 change: 0 additions & 1 deletion manifests/login.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,5 +28,4 @@
notify => Service[$duo_unix::ssh_service];
}
}

}
5 changes: 2 additions & 3 deletions manifests/pam.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,8 @@
if $::osfamily == 'RedHat' {
augeas { 'PAM Configuration':
changes => [
"set ${aug_pam_path}/2/control ${duo_unix::pam_unix_control}",
"ins 100 after ${aug_pam_path}/2",
"set ${aug_pam_path}/*[type = 'auth'][module = '${duo_unix::pam_primary_module}'][last()]/control ${duo_unix::pam_unix_control}",
"ins 100 after ${aug_pam_path}/*[type = 'auth'][module = '${duo_unix::pam_primary_module}']",
"set ${aug_pam_path}/100/type auth",
"set ${aug_pam_path}/100/control sufficient",
"set ${aug_pam_path}/100/module ${duo_unix::pam_module}"
Expand All @@ -57,5 +57,4 @@
onlyif => "match ${aug_match} size == 0";
}
}

}
26 changes: 5 additions & 21 deletions manifests/yum.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,23 +8,9 @@
#
class duo_unix::yum {
$repo_uri = 'http://pkg.duosecurity.com'
$package_state = $::duo_unix::package_version

# Map Amazon Linux to RedHat equivalent releases
# Map RedHat 5 to CentOS 5 equivalent releases
if $::operatingsystem == 'Amazon' {
$releasever = $::operatingsystemmajrelease ? {
'2014' => '6Server',
default => undef,
}
$os = $::operatingsystem
} elsif ( $::operatingsystem == 'RedHat' and $::operatingsystemmajrelease == 5 ) {
$os = 'CentOS'
$releasever = '$releasever'
} else {
$os = $::operatingsystem
$releasever = '$releasever'
}
$version = $::duo_unix::package_version
$releasever = '6Server'
$os = 'RedHat'

yumrepo { 'duosecurity':
descr => 'Duo Security Repository',
Expand All @@ -40,15 +26,13 @@
}
}

package { $duo_unix::duo_package:
ensure => $package_state,
package { $duo_unix::duo_package:
ensure => $version,
require => [ Yumrepo['duosecurity'], Exec['Duo Security GPG Import'] ];
}

exec { 'Duo Security GPG Import':
command => '/bin/rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-DUO',
unless => '/bin/rpm -qi gpg-pubkey | grep Duo > /dev/null 2>&1'
}

}