Change 'hardened_ssl' paramter to simply 'hardened', this makes more

sense in general
2015-05-01 12:45:14 -04:00 · 2015-05-01 12:45:14 -04:00 · fd82841c1f
commit fd82841c1f
parent b5e16ec064
13 changed files with 18 additions and 14 deletions
--- a/README.md
+++ b/README.md
@ -4,6 +4,10 @@

 This puppet module manages OpenSSH configuration and services.

+**!! Upgrade Notice (05/2015) !!**
+
+The hardened_ssl parameter name was changed to simply 'hardened'.
+
 **!! Upgrade Notice (01/2013) !!**

 This module now uses parameterized classes, where it used global variables
@ -179,8 +183,8 @@ The following is a list of the currently available variables:
    Set this to the location of the AuthorizedKeysFile
    (e.g. `/etc/ssh/authorized_keys/%u`). Default: `AuthorizedKeysFile
    %h/.ssh/authorized_keys`
-  - `hardened_ssl`
-    Use only strong SSL ciphers and MAC.
+  - `hardened`
+    Use only strong ciphers, MAC, KexAlgorithms, etc.
    Values:
    - `no` (default)
    - `yes`
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -40,7 +40,7 @@ class sshd(
    OpenBSD => '%h/.ssh/authorized_keys',
    default => '%h/.ssh/authorized_keys %h/.ssh/authorized_keys2',
  },
-  $hardened_ssl = 'no',
+  $hardened = 'no',
  $sftp_subsystem = '',
  $head_additional_options = '',
  $tail_additional_options = '',
--- a/templates/sshd_config/CentOS_6.erb
+++ b/templates/sshd_config/CentOS_6.erb
@ -150,7 +150,7 @@ AllowUsers <%= s %>
 AllowGroups <%= s %>
 <%- end -%>

-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>
--- a/templates/sshd_config/CentOS_7.erb
+++ b/templates/sshd_config/CentOS_7.erb
@ -164,7 +164,7 @@ AllowGroups <%= s %>
 #Host *.local
 #  CheckHostIP no

-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>
--- a/templates/sshd_config/Debian_jessie.erb
+++ b/templates/sshd_config/Debian_jessie.erb
@ -111,7 +111,7 @@ AllowUsers <%= s %>
 AllowGroups <%= s %>
 <%- end -%>

-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>
--- a/templates/sshd_config/Debian_sid.erb
+++ b/templates/sshd_config/Debian_sid.erb
@ -111,7 +111,7 @@ AllowUsers <%= s %>
 AllowGroups <%= s %>
 <%- end -%>

-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>
--- a/templates/sshd_config/Debian_squeeze.erb
+++ b/templates/sshd_config/Debian_squeeze.erb
@ -115,7 +115,7 @@ AllowUsers <%= s %>
 AllowGroups <%= s %>
 <%- end -%>

-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>
--- a/templates/sshd_config/Debian_wheezy.erb
+++ b/templates/sshd_config/Debian_wheezy.erb
@ -114,7 +114,7 @@ AllowUsers <%= s %>
 AllowGroups <%= s %>
 <%- end -%>

-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>
--- a/templates/sshd_config/FreeBSD.erb
+++ b/templates/sshd_config/FreeBSD.erb
@ -152,7 +152,7 @@ AllowUsers <%= s %>
 AllowGroups <%= s %>
 <%- end -%>

-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>
--- a/templates/sshd_config/Gentoo.erb
+++ b/templates/sshd_config/Gentoo.erb
@ -147,7 +147,7 @@ AllowUsers <%= s %>
 AllowGroups <%= s %>
 <%- end -%>

-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>
--- a/templates/sshd_config/OpenBSD.erb
+++ b/templates/sshd_config/OpenBSD.erb
@ -128,7 +128,7 @@ AllowGroups <%= s %>
 #	AllowTcpForwarding no
 #	ForceCommand cvs server

-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>
--- a/templates/sshd_config/Ubuntu.erb
+++ b/templates/sshd_config/Ubuntu.erb
@ -115,7 +115,7 @@ AllowUsers <%= s %>
 AllowGroups <%= s %>
 <%- end -%>

-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>
--- a/templates/sshd_config/Ubuntu_lucid.erb
+++ b/templates/sshd_config/Ubuntu_lucid.erb
@ -118,7 +118,7 @@ AllowGroups <%= s %>

 PrintMotd <%= scope.lookupvar('sshd::print_motd') %>

-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <% end -%>