我正在尝试更新一些在RHEL机器上禁用CAD的Puppet清单.
现在我正在使用systemd上的顶级方式:masking(即链接到/ dev / null)
$ctrlaltdel_process = '/usr/bin/logger -p security.info "Control-Alt-Delete pressed"'
# Every version of RHEL has a different way of doing this! :)
case $::operatingsystemmajrelease {
'4','5': {
augeas { 'disable-inittab-ctrlaltdel':
context => '/files/etc/inittab',lens => 'inittab.lns',incl => '/etc/inittab',changes => "set *[action = 'ctrlaltdel']/process '${ctrlaltdelprocess}'",}
}
'6': {
file { '/etc/init/control-alt-delete.conf':
ensure => file,content => $ctrlaltdel_process,}
}
'7': {
file { '/etc/systemd/system/ctrl-alt-del.target':
ensure => 'link',target => '/dev/null',}
}
default: {
fail("Module ${module_name} is not supported on this ${::operatingsystemmajrelease}")
}
}
正如您所看到的,在其他系统上,我实际上正在编写一个安全日志,说CAD已被按下,但我不会用systemd机器来获取它.
我喜欢在日志中实际拥有陷阱的想法,以便我们可以追踪人们是否正在这样做.
解决方法
# ctrl-alt-del.target [Unit] DefaultDependencies=no # Do not affect the system through dependencies Requires=ctrl-alt-del.service StopWhenUneeded=yes # ctrl-alt-del.service [Service] DefaultDependencies=no # Do not affect the system through dependencies Type=oneshot ExecStart=/usr/bin/logger -p security.info "Control-Alt-Delete pressed"
