How to modify a SSH configuration file using a puppet module
Question
I am trying to modify a SSH configuration file to remove the arcfour , arcfour 128 and arcfour 256 algorithms in the /etc/ssh/sshd_config on 186 linux servers using puppet. Basically, I am doing a find and replace to remove those three algorithm types in the sshd_config file. I created a module called SSH_Test and am wondering what my next steps would be. I think I can use these resources, but I am unsure where to put them, and I am not sure if they are right
file_line { 'Ciphers':
path => '/etc/ssh/sshd_config',
line => 'arcfour, arcfour128, arcfour256',
match => '',
}
New configuration from below comment
node default {
file { '/etc/motd':
owner => 'root',
group => 'root',
mode => '0644',
content => "\nAll hail the knife crab\n"
}
}
1 answers
solution1
1 2016-10-05 20:50:06
Following the documentation for file_line provided here: https://forge.puppet.com/puppetlabs/stdlib/types
we have the following resource:
file_line { 'Ciphers':
ensure => absent,
path => '/etc/ssh/sshd_config',
match => '.*arcfour.*',
multiple => true,
match_for_absence => true,
}
ensure to remove the line, path for the specified file, match for the lines to match with a regexp, multiple because you want this to act on multiple lines in a file, and match_for_absence so that the lines are removed when matched.
If you are using Puppet >= 4.0, or 3.8 with the future parser, then this can be made more precise and cleaner with a lambda. Let me know if you are.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.