-
Notifications
You must be signed in to change notification settings - Fork 714
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #11796 from jan-cerny/issue11753
Add Ansible remediation to sssd_enable_pam_services
- Loading branch information
Showing
3 changed files
with
67 additions
and
2 deletions.
There are no files selected for viewing
54 changes: 54 additions & 0 deletions
54
linux_os/guide/services/sssd/sssd_enable_pam_services/ansible/shared.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| # platform = multi_platform_all | ||
| # reboot = false | ||
| # strategy = configure | ||
| # complexity = low | ||
| # disruption = medium | ||
|
|
||
| - name: {{{ rule_title }}} - Find all the conf files inside the /etc/sssd/conf.d/ directory | ||
| ansible.builtin.find: | ||
| paths: | ||
| - "/etc/sssd/conf.d/" | ||
| patterns: "*.conf" | ||
| register: sssd_conf_d_files | ||
|
|
||
| - name: {{{ rule_title }}} - Modify lines in files in the /etc/sssd/conf.d/ directory | ||
| ansible.builtin.replace: | ||
| path: "{{ item }}" | ||
| regexp: '^(\s*\[sssd\].*(?:\n\s*[^[\s].*)*\n\s*services\s*=(?!.*\bpam\b).*)$' | ||
| replace: '\1,pam' | ||
| with_items: "{{ sssd_conf_d_files.files | map(attribute='path') }}" | ||
| register: modify_lines_sssd_conf_d_files | ||
|
|
||
| - name: {{{ rule_title }}} - Find /etc/sssd/sssd.conf | ||
| ansible.builtin.stat: | ||
| path: /etc/sssd/sssd.conf | ||
| register: sssd_conf_file | ||
|
|
||
| - name: {{{ rule_title }}} - Modify lines in /etc/sssd/sssd.conf | ||
| ansible.builtin.replace: | ||
| path: "/etc/sssd/sssd.conf" | ||
| regexp: '^(\s*\[sssd\].*(?:\n\s*[^[\s].*)*\n\s*services\s*=(?!.*\bpam\b).*)$' | ||
| replace: '\1,pam' | ||
| register: modify_lines_sssd_conf_file | ||
| when: sssd_conf_file.stat.exists | ||
|
|
||
| - name: {{{ rule_title }}} - Find services key in /etc/sssd/sssd.conf | ||
| ansible.builtin.replace: | ||
| path: "/etc/sssd/sssd.conf" | ||
| regexp: '^\s*\[sssd\][^\[\]]*?(?:\n(?!\[)[^\n]*?services\s*=)+' | ||
| replace: '' | ||
| changed_when: false | ||
| check_mode: true | ||
| register: sssd_conf_file_services | ||
| when: sssd_conf_file.stat.exists | ||
|
|
||
| - name: {{{ rule_title }}} - Insert entry to /etc/sssd/sssd.conf | ||
| ini_file: | ||
| path: /etc/sssd/sssd.conf | ||
| section: sssd | ||
| option: services | ||
| value: pam | ||
| when: | ||
| - not modify_lines_sssd_conf_d_files.changed | ||
| - not modify_lines_sssd_conf_file.changed | ||
| - (sssd_conf_file_services.msg is defined and "replacements" not in sssd_conf_file_services.msg) or not sssd_conf_file.stat.exists |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12 changes: 12 additions & 0 deletions
12
linux_os/guide/services/sssd/sssd_enable_pam_services/tests/sssd_pam_services_conf_d.pass.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| #!/bin/bash | ||
| # packages = sssd | ||
|
|
||
| rm -rf "/etc/sssd/conf.d/" | ||
| rm -f "/etc/sssd/sssd.conf" | ||
| mkdir -p "/etc/sssd/conf.d/" | ||
| cat <<EOF > "/etc/sssd/conf.d/sssd.conf" | ||
| [sssd] | ||
| services = nss,pam | ||
| [pam] | ||
| example1 = abc | ||
| EOF |