CFEngine Help: Re: CFEngine Help: Help with coding needed

Tue, 18 Oct 2011 05:41:43 -0700 

Forum: CFEngine Help
Subject: Re: CFEngine Help: Help with coding needed
Author: robson
Link to topic: https://cfengine.com/forum/read.php?3,23760,23769#msg-23769

Thanks a million Nicolas for your help. 

For those who are interested here is the finalized tested code:

===============================================================================

bundle agent secure {

  vars:

   "pamsauth_ere[1]"  string => "\s*password\s+\S+\s*pam_cracklib\.so\s+";
  "pamsauth_ere[2]"  string => "\s*password\s+\S+\s*pam_unix\.so\s+";
  "pamsauth_ere[3]"  string => "\s*auth\s+\S+\s*pam_tally2\.so\s+";
  "pamsauth_val[1]"  string => "try_first_pass retry=3 minlen=8 lcredit=1 
ucredit=1 dcredit=1 ocredit=1 difok=3";
  "pamsauth_val[2]"  string => "shadow nullok try_first_pass use_authtok 
remember=12";
  "pamsauth_val[3]"  string => "onerr=fail deny=5 per_user";
  "pamsauth_stl[1]"  string => "\s*password\s+";
  "pamsauth_stl[2]"  string => "\s*password\s+sufficient\s+";
  "pamsauth_stl[3]"  string => "\s*auth\s+";
  "pamsauth_add[1]"  string => "password    requisite     pam_cracklib.so ";
  "pamsauth_add[2]"  string => "password    sufficient    pam_unix.so ";
  "pamsauth_add[3]"  string => "auth        required      pam_tally2.so ";
  "ind1"              slist => getindices("pamsauth_ere");

files:

    "/etc/pam.d/system-auth"

        comment         => "BC_3266,BC_3021,BC_3020,BC_3014 password complexity 
and aging",
        create          => "true",
        edit_line       => change_or_add( 
"$(pamsauth_ere[$(ind1)])","$(pamsauth_val[$(ind1)])","$(pamsauth_stl[$(ind1)])","$(pamsauth_add[$(ind1)])"
 );
}

bundle edit_line change_or_add(ere,value,lstart,addline) {

  vars:
  "lncnt" int => countlinesmatching("^$(ere).*$","$(edit.filename)");
  "tmp"   int => getfields("^$(lstart).*$","$(edit.filename)","","line");

  classes:
        "add1" expression => islessthan("$(lncnt)","1");

  replace_patterns:
        "^($(ere))(?!$(value)$)[^\n]*"
        replace_with => value("$(match.1)$(value)");

  insert_lines:
        add1::
        "$(addline)$(value)"
        location => before_line("^$(line[1])$");

}

_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine

Reply via email to