From 53cd0f073ba4af9a85a6b9bf1416fab0779d741b Mon Sep 17 00:00:00 2001 From: "Z. Cliffe Schreuders" Date: Mon, 17 Jul 2023 16:38:43 +0100 Subject: [PATCH] Cleanup placeholder module for Windows --- .../build/unix/cleanup/secgen_metadata.xml | 2 +- modules/build/windows/cleanup/cleanup.pp | 1 + .../build/windows/cleanup/manifests/init.pp | 56 +++++++++++++++++++ .../build/windows/cleanup/secgen_metadata.xml | 43 ++++++++++++++ 4 files changed, 101 insertions(+), 1 deletion(-) create mode 100644 modules/build/windows/cleanup/cleanup.pp create mode 100644 modules/build/windows/cleanup/manifests/init.pp create mode 100644 modules/build/windows/cleanup/secgen_metadata.xml diff --git a/modules/build/unix/cleanup/secgen_metadata.xml b/modules/build/unix/cleanup/secgen_metadata.xml index 9a5287739..d3cdc12ee 100644 --- a/modules/build/unix/cleanup/secgen_metadata.xml +++ b/modules/build/unix/cleanup/secgen_metadata.xml @@ -34,4 +34,4 @@ utilities/unix/system/.*/accounts - \ No newline at end of file + diff --git a/modules/build/windows/cleanup/cleanup.pp b/modules/build/windows/cleanup/cleanup.pp new file mode 100644 index 000000000..ef2da891c --- /dev/null +++ b/modules/build/windows/cleanup/cleanup.pp @@ -0,0 +1 @@ +include cleanup::init \ No newline at end of file diff --git a/modules/build/windows/cleanup/manifests/init.pp b/modules/build/windows/cleanup/manifests/init.pp new file mode 100644 index 000000000..201cfdb44 --- /dev/null +++ b/modules/build/windows/cleanup/manifests/init.pp @@ -0,0 +1,56 @@ +class cleanup::init { + $secgen_params = secgen_functions::get_parameters($::base64_inputs_file) + $remove_history = str2bool($secgen_params['remove_history'][0]) + $root_password = $secgen_params['root_password'][0] + $clobber_file_times = str2bool($secgen_params['clobber_file_times'][0]) + $disable_ssh = str2bool($secgen_params['disable_ssh'][0]) + + Exec { path => ['/bin','/sbin','/usr/bin', '/usr/sbin'] } + + # TODO: clean up Windows + + # file_line { 'comment_out_legacy_login_config1': + # line => '# NONEXISTENT', + # match => 'NONEXISTENT.*', + # path => "/etc/login.defs", + # } -> + # file_line { 'comment_out_legacy_login_config2': + # line => '# PREVENT_NO_AUTH', + # match => 'PREVENT_NO_AUTH.*', + # path => "/etc/login.defs", + # } + # + # if $root_password { + # # Set root password + # ::accounts::user { 'root': + # ensure => present, + # password => pw_hash($root_password, 'SHA-512', 'mysalt'), + # } + # ::accounts::user { 'vagrant': + # ensure => present, + # password => pw_hash($root_password, 'SHA-512', 'mysalt'), + # } + # } + # + # # Disable ssh + # if $disable_ssh { + # service { 'ssh': + # enable => false, + # } + # } + # + # # Reset all system file access times to hide our tracks + # if $clobber_file_times { + # notice 'Clobbering file access times -- This may take a while...' + # exec { 'clobber_files': + # command => "find / -exec touch -d '17 May 2006 14:16' {} \\;", + # } + # } + # + # # removes bash history + # if $remove_history { + # exec { 'remove_history': + # command => "/bin/bash -c 'history -c && history -w'" + # } + # } +} diff --git a/modules/build/windows/cleanup/secgen_metadata.xml b/modules/build/windows/cleanup/secgen_metadata.xml new file mode 100644 index 000000000..72df08549 --- /dev/null +++ b/modules/build/windows/cleanup/secgen_metadata.xml @@ -0,0 +1,43 @@ + + + Cleanup Windows Module + Thomas Shaw + MIT + Cleanup module which remove traces left on the box during setup. + + cleanup + windows + + remove_history + root_password + clobber_file_times + disable_ssh + + + true + + + + + + + + false + + + + false + + + + + bases/.* + linux + + + +