deprecated/e-smith-openssh
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit of file from CVS for e-smith-openssh on Thu Jul 13 12:50:02 AEST 2023

Browse Source
This commit is contained in:
Trevor Batley
2023-07-13 12:50:02 +10:00
parent 0990ad9bc0
commit 5b637d96ad
90 changed files with 2123 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
root/etc/e-smith/db/configuration/defaults/sshd/AutoBlock Normal file
View File

@@ -0,0 +1 @@
enabled

1
root/etc/e-smith/db/configuration/defaults/sshd/AutoBlockTime Normal file
View File

@@ -0,0 +1 @@
900

1
root/etc/e-smith/db/configuration/defaults/sshd/AutoBlockTries Normal file
View File

@@ -0,0 +1 @@
4

1
root/etc/e-smith/db/configuration/defaults/sshd/LoginGraceTime Normal file
View File

@@ -0,0 +1 @@
600

1
root/etc/e-smith/db/configuration/defaults/sshd/MaxAuthTries Normal file
View File

@@ -0,0 +1 @@
2

1
root/etc/e-smith/db/configuration/defaults/sshd/MotdStatus Normal file
View File

@@ -0,0 +1 @@
enabled

1
root/etc/e-smith/db/configuration/defaults/sshd/PasswordAuthentication Normal file
View File

@@ -0,0 +1 @@
no

1
root/etc/e-smith/db/configuration/defaults/sshd/PermitRootLogin Normal file
View File

@@ -0,0 +1 @@
no

1
root/etc/e-smith/db/configuration/defaults/sshd/TCPPort Normal file
View File

@@ -0,0 +1 @@
22

1
root/etc/e-smith/db/configuration/defaults/sshd/access Normal file
View File

@@ -0,0 +1 @@
private

1
root/etc/e-smith/db/configuration/defaults/sshd/status Normal file
View File

@@ -0,0 +1 @@
disabled

1
root/etc/e-smith/db/configuration/defaults/sshd/type Normal file
View File

@@ -0,0 +1 @@
service

97
root/etc/e-smith/events/actions/sshd-conf Normal file
View File

@@ -0,0 +1,97 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::ConfigDB;
use esmith::util;
=head1 NAME
sshd-conf - action to reconfigure sshd
=head1 SYNOPSIS
sshd-conf
=head1 DESCRIPTION
Generates the sshd host key with no passphrase. If one already
exists it simply makes sure the comment in the ssh_host_key is
correct.
=head1 FILES
The following files are affected.
/etc/ssh/ssh_host_key
=begin testing
use esmith::ConfigDB;
SKIP: {
my $db;
skip "You have to be able to read the config DB to test this", 4
unless $db = esmith::ConfigDB->open;
$Destruct_Ok = $db->get('testing')->prop('destruction');
SKIP: {
skip "sshd reconfiguration would be destructive", 7
unless $Destruct_Ok;
# Call ourself.
system $^X, $Original_File;
is( $@, '', 'ran myself ok' );
sleep 1;
foreach my $file (qw(
/etc/ssh/ssh_host_key
) )
{
cmp_ok( -M $file, '<', 0, "$file rewritten" );
cmp_ok( -s $file, '>', 0, "$file is not empty" );
}
}
}
=end testing
=cut
my $db = esmith::ConfigDB->open_ro or die "Could not open config db";
# Recomment the key in case the SystemName or DomainName changed.
my @change = (-f "/etc/ssh/ssh_host_key") ? ("-c", "-P", "")
: ("-q", "-N", "");
esmith::util::backgroundCommand (0,
"/usr/bin/ssh-keygen", @change, "-t", "rsa1",
"-f", "/etc/ssh/ssh_host_key",
"-C", "root@" . $db->get('SystemName')->value . "." . $db->get('DomainName')->value);
exit (0);

0
root/etc/e-smith/events/bootstrap-console-save/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/console-save/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/post-install/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/post-upgrade/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/remoteaccess-update/.gitignore vendored Normal file
View File

1
root/etc/e-smith/templates.metadata/etc/ssh/ssh_config Normal file
View File

@@ -0,0 +1 @@
PERMS=0644

1
root/etc/e-smith/templates.metadata/etc/ssh/sshd_config Normal file
View File

@@ -0,0 +1 @@
PERMS=0600

4
root/etc/e-smith/templates/etc/hosts.allow/sshd Normal file
View File

@@ -0,0 +1,4 @@
{
$OUT .= $DB->hosts_allow_spec('sshd');
$OUT .= " EXCEPT /etc/hosts.deny_ssh" if ( ( -f "/etc/hosts.deny_ssh") && ($denyhosts{'status'} || 'disabled') eq "enabled" );
}

25
root/etc/e-smith/templates/etc/rc.d/init.d/masq/42CreateSSHAutoblock Normal file
View File

@@ -0,0 +1,25 @@
{
my $abtries = ${'sshd'}{'AutoBlockTries'} || "4";
my $abtime = ${'sshd'}{'AutoBlockTime'} || "900";
my $sshd_port = ${'sshd'}{'TCPPort'} || "22";
$OUT .=<<"EOF";
# Create a whitelist
/sbin/iptables --new-chain SSH_Whitelist
/sbin/iptables --new-chain SSH_Whitelist_1
/sbin/iptables --append SSH_Whitelist -j SSH_Whitelist_1
# Use recent packets match to block SSH from sites generating
# $abtries connections within $abtime seconds
# Check/clear IP block status in /proc/net/xt_recent/SSH
/sbin/iptables --new-chain SSH_Autoblock
# First check if not whitelisted
/sbin/iptables --append SSH_Autoblock --proto tcp --dport $sshd_port \\
-m state --state NEW -j SSH_Whitelist
/sbin/iptables --append SSH_Autoblock -m recent --set --name SSH
/sbin/iptables --append SSH_Autoblock -m recent --rcheck --rttl \\
--seconds $abtime --hitcount $abtries --name SSH -j denylog
EOF
}

13
root/etc/e-smith/templates/etc/rc.d/init.d/masq/90InboundTCP07FilterSSH Normal file
View File

@@ -0,0 +1,13 @@
{
my $sshd_autoblock = ${'sshd'}{'AutoBlock'} || "enabled";
my $sshd_public = ${'sshd'}{'access'} || "private";
my $sshd_port = ${'sshd'}{'TCPPort'} || "22";
if ($sshd_autoblock eq "enabled" && $sshd_public eq "public" ) {
$OUT = " # SSH autoblock enabled - send new SSH connects through recent IPs filter\n";
$OUT .= " /sbin/iptables --append \$NEW_InboundTCP --proto tcp --dport $sshd_port \\\n";
$OUT .= " -m state --state NEW -j SSH_Autoblock\n"
} else {
$OUT = " # SSH autoblock disabled or sshd access is private\n";
}
}

44
root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSSHAutoblock Normal file
View File

@@ -0,0 +1,44 @@
{
# SSH_Whitelist
my $sshd_port = ${'sshd'}{'TCPPort'} || "22";
# Find the current SSH_Whitelit_$$ chain, and create a new one.
$OUT .=<<'EOF';
OLD_SSH_Whitelist=$(get_safe_id SSH_Whitelist filter find)
NEW_SSH_Whitelist=$(get_safe_id SSH_Whitelist filter new)
/sbin/iptables --new-chain $NEW_SSH_Whitelist
EOF
# here we add the content from sshd ValidFrom
# or create a new one dedicated for sshd
my @vals = split ",", ($sshd{ValidFrom} || '');
#$OUT .="#sshd whitelist content : "
#$OUT .= join " ", @vals;
foreach my $ip ( @vals ){
$OUT .= " /sbin/iptables --append \$NEW_SSH_Whitelist -s $ip";
$OUT .= " -p tcp";
$OUT .= " --dport $sshd_port" ;
$OUT .= " -j ACCEPT\n";
}
$OUT .= " /sbin/iptables --append \$NEW_SSH_Whitelist" .
" -j RETURN\n";
# Having created a new SSH_Whitelist chain, activate it and destroy the old one.
$OUT .=<<'EOF';
/sbin/iptables --replace SSH_Whitelist 1 \
--jump $NEW_SSH_Whitelist
/sbin/iptables --flush $OLD_SSH_Whitelist
/sbin/iptables --delete-chain $OLD_SSH_Whitelist
EOF
# SSH_Autoblock
my $abtries = ${'sshd'}{'AutoBlockTries'} || "4";
my $abtime = ${'sshd'}{'AutoBlockTime'} || "900";
$OUT .=<<"EOF";
/sbin/iptables --replace SSH_Autoblock 3 -m recent --rcheck --rttl \\
--seconds $abtime --hitcount $abtries --name SSH -j denylog
# Clear SSH_Autoblock site history too
echo / > /proc/net/xt_recent/SSH
EOF
}

1
root/etc/e-smith/templates/etc/rssh.conf/10logfacility Normal file
View File

@@ -0,0 +1 @@
logfacility = LOG_USER

1
root/etc/e-smith/templates/etc/rssh.conf/10umask Normal file
View File

@@ -0,0 +1 @@
umask = 022

22
root/etc/e-smith/templates/etc/rssh.conf/40users Normal file
View File

@@ -0,0 +1,22 @@
{
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open_ro or die "Couldn't open AccountsDB\n";
$OUT = '';
for my $user ( $adb->users )
{
my %props = $user->props;
$props{AllowRSSH} ||= 'unknown';
next unless ($props{PasswordSet} eq 'yes');
next if ($props{AllowRSSH} eq 'no');
next unless ($props{AllowRSSH} eq 'yes' or
$props{VPNClientAccess} eq 'yes');
$OUT .= "user = " . $user->key . ":022:11111:" . "\n";
}
}

1
root/etc/e-smith/templates/etc/rsyslog.conf/15sshSocket Normal file
View File

@@ -0,0 +1 @@
$AddUnixListenSocket /var/empty/sshd/dev/log

6
root/etc/e-smith/templates/etc/rsyslog.conf/32sshd Normal file
View File

@@ -0,0 +1,6 @@
#sshd
if $programname == 'sshd' and $syslogfacility-text == 'authpriv' then /var/log/secure
:programname, isequal, "sshd" /var/log/sshd/sshd.log
& stop

1
root/etc/e-smith/templates/etc/ssh/ssh_config/10Host Normal file
View File

@@ -0,0 +1 @@
Host *

1
root/etc/e-smith/templates/etc/ssh/ssh_config/10Port Normal file
View File

@@ -0,0 +1 @@
Port 22

1
root/etc/e-smith/templates/etc/ssh/ssh_config/20Protocol Normal file
View File

@@ -0,0 +1 @@
Protocol 2

1
root/etc/e-smith/templates/etc/ssh/ssh_config/30Cipher Normal file
View File

@@ -0,0 +1 @@
Cipher blowfish

1
root/etc/e-smith/templates/etc/ssh/ssh_config/30Ciphers Normal file
View File

@@ -0,0 +1 @@
Ciphers chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-cbc,aes192-cbc,aes128-cbc

1
root/etc/e-smith/templates/etc/ssh/ssh_config/40HostKeyAlgorithms Normal file
View File

@@ -0,0 +1 @@
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256

1
root/etc/e-smith/templates/etc/ssh/ssh_config/50GSSAPIAuthentication Normal file
View File

@@ -0,0 +1 @@
GSSAPIAuthentication yes

5
root/etc/e-smith/templates/etc/ssh/ssh_config/50X11Forwarding Normal file
View File

@@ -0,0 +1,5 @@
#ForwardX11 no
# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
ForwardX11Trusted yes

5
root/etc/e-smith/templates/etc/ssh/ssh_config/60Locale Normal file
View File

@@ -0,0 +1,5 @@
# Send locale-related environment variables
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL

5
root/etc/e-smith/templates/etc/ssh/sshd_config/10Port Normal file
View File

@@ -0,0 +1,5 @@
{
my $ssh_port = $sshd{'TCPPort'} || 22;
$OUT = "Port $ssh_port";
}

10
root/etc/e-smith/templates/etc/ssh/sshd_config/15ListenAddress Normal file
View File

@@ -0,0 +1,10 @@
{
my $access = $sshd{'access'} || 'private';
my $address = ($access eq "public") ? "0.0.0.0" : "$LocalIP";
$OUT .= "ListenAddress $address";
# Another alternative is: "ListenAddress ::"
}

1
root/etc/e-smith/templates/etc/ssh/sshd_config/20HostKey Normal file
View File

@@ -0,0 +1 @@
HostKey /etc/ssh/ssh_host_key

1
root/etc/e-smith/templates/etc/ssh/sshd_config/20HostKeyDSA Normal file
View File

@@ -0,0 +1 @@
HostKey /etc/ssh/ssh_host_dsa_key

1
root/etc/e-smith/templates/etc/ssh/sshd_config/20HostKeyECDSA Normal file
View File

@@ -0,0 +1 @@
HostKey /etc/ssh/ssh_host_ecdsa_key

2
root/etc/e-smith/templates/etc/ssh/sshd_config/20HostKeyED25519 Normal file
View File

@@ -0,0 +1,2 @@
HostKey /etc/ssh/ssh_host_ed25519_key

1
root/etc/e-smith/templates/etc/ssh/sshd_config/20HostKeyRSA Normal file
View File

@@ -0,0 +1 @@
HostKey /etc/ssh/ssh_host_rsa_key

4
root/etc/e-smith/templates/etc/ssh/sshd_config/20LoginGraceTime Normal file
View File

@@ -0,0 +1,4 @@
{
my $LoginGraceTime = $sshd{LoginGraceTime} || "600";
$OUT = "LoginGraceTime $LoginGraceTime";
}

1
root/etc/e-smith/templates/etc/ssh/sshd_config/20Protocol Normal file
View File

@@ -0,0 +1 @@
Protocol 2

4
root/etc/e-smith/templates/etc/ssh/sshd_config/20UsePAM Normal file
View File

@@ -0,0 +1,4 @@
{
my $pam = $sshd{UsePAM} || "no";
$OUT = "UsePAM $pam";
}

1
root/etc/e-smith/templates/etc/ssh/sshd_config/30KexAlgorithms Normal file
View File

@@ -0,0 +1 @@
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256

1
root/etc/e-smith/templates/etc/ssh/sshd_config/32Ciphers Normal file
View File

@@ -0,0 +1 @@
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

1
root/etc/e-smith/templates/etc/ssh/sshd_config/33MACs Normal file
View File

@@ -0,0 +1 @@
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

1
root/etc/e-smith/templates/etc/ssh/sshd_config/40ChallengeResponseAuthentication Normal file
View File

@@ -0,0 +1 @@
ChallengeResponseAuthentication no

1
root/etc/e-smith/templates/etc/ssh/sshd_config/40Compression Normal file
View File

@@ -0,0 +1 @@
Compression yes

4
root/etc/e-smith/templates/etc/ssh/sshd_config/40IgnoreRhosts Normal file
View File

@@ -0,0 +1,4 @@
{ #
# Don't read ~/.rhosts and ~/.shosts files
}
IgnoreRhosts yes

4
root/etc/e-smith/templates/etc/ssh/sshd_config/40IgnoreUserKnownHosts Normal file
View File

@@ -0,0 +1,4 @@
{
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
}

1
root/etc/e-smith/templates/etc/ssh/sshd_config/40KbdInteractiveAuthentication Normal file
View File

@@ -0,0 +1 @@
KbdInteractiveAuthentication no

7
root/etc/e-smith/templates/etc/ssh/sshd_config/40KerberosAuthentication Normal file
View File

@@ -0,0 +1,7 @@
{
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
}

4
root/etc/e-smith/templates/etc/ssh/sshd_config/40KerberosTgtPassing Normal file
View File

@@ -0,0 +1,4 @@
{
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
}

8
root/etc/e-smith/templates/etc/ssh/sshd_config/40MaxAuthTries Normal file
View File

@@ -0,0 +1,8 @@
{
# MaxAuthTries specifies the maximum number of authentication
# attempts permitted per connection. Once the number of failures
# reaches half this value, additional failures are logged. The
# sshd default is 6 - we consider that too many.
my $MaxAuthTries = $sshd{MaxAuthTries} || "2";
$OUT = "MaxAuthTries $MaxAuthTries";
}

9
root/etc/e-smith/templates/etc/ssh/sshd_config/40MaxStartups Normal file
View File

@@ -0,0 +1,9 @@
{
# Maximum number of concurrent unauthenticated connections
# The values are start:rate:full - start is when the rate limiter
# will kick in, rate is the percentage of new connections dropped and
# full is when all new connections are refused
# See sshd(1) for more details.
my $MaxStartups = $sshd{MaxStartups} || "10:30:60";
$OUT = "MaxStartups $MaxStartups";
}

6
root/etc/e-smith/templates/etc/ssh/sshd_config/40PasswordAuthentication Normal file
View File

@@ -0,0 +1,6 @@
{ # To disable tunneled clear text passwords, change to no here!
my $PasswordAuthentication = $sshd{'PasswordAuthentication'} || 'no';
$OUT = "PasswordAuthentication ";
$OUT .= ($PasswordAuthentication eq "yes") ? "yes" : "no";
}

1
root/etc/e-smith/templates/etc/ssh/sshd_config/40PermitEmptyPasswords Normal file
View File

@@ -0,0 +1 @@
PermitEmptyPasswords no

14
root/etc/e-smith/templates/etc/ssh/sshd_config/40PermitRootLogin Normal file
View File

@@ -0,0 +1,14 @@
{
my $PermitRootLogin = $sshd{'PermitRootLogin'} || "no";
my $status = $sshd{'status'} || 'disabled';
$OUT .= "PermitRootLogin ";
if ( $status ne 'enabled' ) {
$OUT .= 'no';
} elsif ( $PermitRootLogin eq 'yes' ) {
$OUT .= 'yes';
} elsif ( $PermitRootLogin eq 'key' || $PermitRootLogin eq 'nopass' ) {
$OUT .= 'without-password';
} else {
$OUT .= 'no';
}
}

5
root/etc/e-smith/templates/etc/ssh/sshd_config/40SkeyAuthentication Normal file
View File

@@ -0,0 +1,5 @@
{
# Uncomment to disable s/key passwords
#SkeyAuthentication no
#KbdInteractiveAuthentication yes
}

1
root/etc/e-smith/templates/etc/ssh/sshd_config/40StrictModes Normal file
View File

@@ -0,0 +1 @@
StrictModes yes

1
root/etc/e-smith/templates/etc/ssh/sshd_config/40UsePrivilegeSeparation Normal file
View File

@@ -0,0 +1 @@
UsePrivilegeSeparation yes

11
root/etc/e-smith/templates/etc/ssh/sshd_config/50SubsystemSftp Normal file
View File

@@ -0,0 +1,11 @@
{
# NOTE: This just provides a path independent way to access the sftp server
# With this disabled, you can still specify a path to the sftp client
# so we default to enabling sftp
my $SubsystemSftp = $sshd{"SubsystemSftp"} || "yes";
$OUT = ($SubsystemSftp eq "yes") ?
"Subsystem sftp /usr/libexec/openssh/sftp-server" :
"# The sftp Subsystem is disabled in the configuration database";
}

1
root/etc/e-smith/templates/etc/ssh/sshd_config/50X11DisplayOffset Normal file
View File

@@ -0,0 +1 @@
X11DisplayOffset 10

1
root/etc/e-smith/templates/etc/ssh/sshd_config/50X11Forwarding Normal file
View File

@@ -0,0 +1 @@
X11Forwarding no

5
root/etc/e-smith/templates/etc/ssh/sshd_config/60ClientAliveCountMax Normal file
View File

@@ -0,0 +1,5 @@
{
my $count = $sshd{ClientAliveCountMax} || 3;
$OUT = "ClientAliveCountMax $count\n";
}

5
root/etc/e-smith/templates/etc/ssh/sshd_config/60ClientAliveInterval Normal file
View File

@@ -0,0 +1,5 @@
{
my $interval = $sshd{ClientAliveInterval} || 15;
$OUT = "ClientAliveInterval $interval\n";
}

13
root/etc/e-smith/templates/etc/ssh/sshd_config/60PrintMotd Normal file
View File

@@ -0,0 +1,13 @@
{
my $MotdStatus = $sshd{'MotdStatus'} || 'enabled';
if ( $MotdStatus eq 'disabled' )
{
$OUT .= "PrintMotd no\n";
}
else
{
$OUT .= "PrintMotd yes\n";
}
}

3
root/etc/e-smith/templates/etc/ssh/sshd_config/60UseLogin Normal file
View File

@@ -0,0 +1,3 @@
{
#UseLogin no
}

4
root/etc/e-smith/templates/etc/ssh/sshd_config/80Logging Normal file
View File

@@ -0,0 +1,4 @@
{ # Logging }
SyslogFacility AUTH
LogLevel INFO
{ #obsoletes QuietMode and FascistLogging }

48
root/etc/e-smith/tests/e-smith-openssh/lib/reload_overrides.pm Normal file
View File

@@ -0,0 +1,48 @@
# Welcome to the Wonderful World of Glassbox Testing.
#
# Load up esmith::util/system and override them with testing stubs.
use Test::More 'no_plan';
# Here we tell the test to not use any numbers (because there were
# probably tests output'd before us) and to not do end-of-test
# checks.
my $TB = Test::More->builder;
$TB->use_numbers(0);
$TB->no_ending(1);
use esmith::util;
use esmith::util::system;
package esmith::util;
::can_ok('esmith::util', 'serviceControl');
no warnings 'redefine';
sub serviceControl {
my(%params) = @_;
::pass('service control called');
::is( $params{NAME}, 'sshd', 'serviceControl NAME == sshd' );
::is( $params{ACTION}, 'stop', ' ACTION == stop' );
return 1;
}
package esmith::util::system;
::can_ok('esmith::util::system', 'killall');
no warnings 'redefine';
sub killall {
my($sig, @commands) = @_;
::pass('killall called');
::is( $sig, 'HUP', ' with a HUP' );
::is( @commands, 1, ' one command' );
::is( $commands[0], 'sshd', ' for sshd' );
return 1;
}

1
root/etc/e-smith/tests/e-smith-openssh/nostatus.conf Normal file
View File

@@ -0,0 +1 @@
sshd=service|InitscriptOrder|85|PasswordAuthentication|yes|PermitRootLogin|yes|access|private

1
root/etc/e-smith/tests/e-smith-openssh/stop.conf Normal file
View File

@@ -0,0 +1 @@
sshd=service|InitscriptOrder|85|PasswordAuthentication|yes|PermitRootLogin|yes|access|private|status|disabled

13
root/etc/logrotate.d/sshd Normal file
View File

@@ -0,0 +1,13 @@
/var/log/sshd/sshd.log
{
missingok
notifempty
sharedscripts
delaycompress
su root root
create 600 root root
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}