Cleanup placeholder module for Windows

2026-02-21 11:18:06 +00:00 · 2023-07-17 16:38:43 +01:00
parent 9c3b11e7be
commit 53cd0f073b
4 changed files with 101 additions and 1 deletions
--- a/modules/build/unix/cleanup/secgen_metadata.xml
+++ b/modules/build/unix/cleanup/secgen_metadata.xml
@@ -34,4 +34,4 @@
  <requires>
    <module_path>utilities/unix/system/.*/accounts</module_path>
  </requires>
-</build>
+</build>
--- a/modules/build/windows/cleanup/cleanup.pp
+++ b/modules/build/windows/cleanup/cleanup.pp
@@ -0,0 +1 @@
+include cleanup::init
--- a/modules/build/windows/cleanup/manifests/init.pp
+++ b/modules/build/windows/cleanup/manifests/init.pp
@@ -0,0 +1,56 @@
+class cleanup::init {
+  $secgen_params = secgen_functions::get_parameters($::base64_inputs_file)
+  $remove_history = str2bool($secgen_params['remove_history'][0])
+  $root_password = $secgen_params['root_password'][0]
+  $clobber_file_times = str2bool($secgen_params['clobber_file_times'][0])
+  $disable_ssh = str2bool($secgen_params['disable_ssh'][0])
+
+  Exec { path => ['/bin','/sbin','/usr/bin', '/usr/sbin'] }
+
+  # TODO: clean up Windows
+  
+  # file_line { 'comment_out_legacy_login_config1':
+  #   line   => '# NONEXISTENT',
+  #   match  => 'NONEXISTENT.*',
+  #   path => "/etc/login.defs",
+  # } ->
+  # file_line { 'comment_out_legacy_login_config2':
+  #   line   => '# PREVENT_NO_AUTH',
+  #   match  => 'PREVENT_NO_AUTH.*',
+  #   path => "/etc/login.defs",
+  # }
+  #
+  # if $root_password {
+  #   # Set root password
+  #   ::accounts::user { 'root':
+  #     ensure => present,
+  #     password   => pw_hash($root_password, 'SHA-512', 'mysalt'),
+  #   }
+  #   ::accounts::user { 'vagrant':
+  #     ensure => present,
+  #     password   => pw_hash($root_password, 'SHA-512', 'mysalt'),
+  #   }
+  # }
+  #
+  # # Disable ssh
+  # if $disable_ssh {
+  #   service { 'ssh':
+  #     enable => false,
+  #   }
+  # }
+  #
+  # # Reset all system file access times to hide our tracks
+  # if $clobber_file_times {
+  #   notice 'Clobbering file access times -- This may take a while...'
+  #   exec { 'clobber_files':
+  #     command => "find / -exec touch -d '17 May 2006 14:16' {} \\;",
+  #   }
+  # }
+  #
+  # # removes bash history
+  # if $remove_history {
+  #   exec { 'remove_history':
+  #     command => "/bin/bash -c 'history -c && history -w'"
+  #   }
+  # }
+}
--- a/modules/build/windows/cleanup/secgen_metadata.xml
+++ b/modules/build/windows/cleanup/secgen_metadata.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0"?>
+<build xmlns="http://www.github/cliffe/SecGen/build"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://www.github/cliffe/SecGen/build">
+  <name>Cleanup Windows Module</name>
+  <author>Thomas Shaw</author>
+  <module_license>MIT</module_license>
+  <description>Cleanup module which remove traces left on the box during setup. </description>
+
+  <type>cleanup</type>
+  <platform>windows</platform>
+
+  <read_fact>remove_history</read_fact>
+  <read_fact>root_password</read_fact>
+  <read_fact>clobber_file_times</read_fact>
+  <read_fact>disable_ssh</read_fact>
+
+  <default_input into="remove_history">
+    <value>true</value>
+  </default_input>
+
+  <default_input into="root_password">
+    <generator module_path=".*strong_password.*"/>
+  </default_input>
+
+  <default_input into="clobber_file_times">
+    <value>false</value>
+  </default_input>
+
+  <default_input into="disable_ssh">
+    <value>false</value>
+  </default_input>
+
+  <!-- for now we just make all windows modules conflict with linux bases -->
+  <conflict>
+    <module_path>bases/.*</module_path>
+    <platform>linux</platform>
+  </conflict>
+
+  <!-- <requires>
+    <module_path>utilities/windows/system/.*/accounts</module_path>
+  </requires> -->
+</build>