Forge Home

system_users

Audit and manage system users with puppet

12,715 downloads

6,435 latest version

2.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

  1. Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
  2. Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

  • 0.5.5 (latest)
  • 0.5.4
  • 0.5.3
  • 0.5.2
  • 0.5.1
  • 0.5.0
  • 0.4.0
  • 0.3.1
  • 0.1.4
released Aug 28th 2018

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'geoffwilliams-system_users', '0.5.5'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add geoffwilliams-system_users
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install geoffwilliams-system_users --version 0.5.5

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

geoffwilliams/system_users — version 0.5.5 Aug 28th 2018

Build Status

system_users

Table of Contents

  1. Description
  2. Usage - Configuration options and additional functionality
  3. Limitations - OS compatibility, etc.
  4. Development - Guide for contributing to the module

Description

This module provides various classes for locking down local users on a system in order to set password policies, remove invalid users, etc. The other main feature of the module is to provide a fact called user_audit that includes information about all local users, any suspicious files they possess and details of users breaking various aspects of the login system integrity such as duplicated or mismatched UIDs or GIDs.

The user_audit fact is structured as follows:

"user_audit": {
  "empty_password": [],         // array of users who have empty passwords
  "low_uids": [],               // array of 'low uid' users (UID < 500)
  "system_uids": [],            // array of 'system' users (UID < 1000) 
  "homedirs": {                 // home directory information for each user (only one shown for clarity)
    "root": {
      "path": "/root",
      "ensure": "directory",
      "owner": "root",
      "group": "root",
      "mode": "0550",
      "og_write": []            // array of other/group writable dotfiles in the top level directory
    },
  },
  "local_users": {              // user ID information for all local users (only one shown for clarity, password info on RHEL/Solaris only)
    "root": {
      "uid": "0",
      "gid": "0",
      "comment": "root",
      "home": "/root",
      "shell": "/bin/bash",
      "last_change_days": "17207",
      "change_allowed_days": "0",
      "must_change_days": "99999",
      "warning_days": "7",
      "expires_days": "",
      "disabled_days": ""
    },
  },
  "duplicate": {
    "uid": [],                // array of duplicated UIDs
    "username": [],           // array of duplicated usernames
    "gid": [],                // array of duplicated GIDs
    "groupname": [],          // array of duplicated groupnames
    "root_alias": []          // array of duplicated root users (UID==0)
  }
},

Usage

Most classes will need to be loaded using the class resource syntax in order to pass the appropriate class defaults, eg:

class { "foo:bar":
  param1 => "value1",
  param2 => "value2",
}

Parameters, where available, are documented inside the individual classes. See Reference section.

Limitations

  • AIX 6.1/7.1, RHEL 6/7, Solaris 10 only
  • Not supported by Puppet, Inc.

Development

PRs accepted :)

Testing

This module supports testing using PDQTest.

Test can be executed with:

bundle install
bundle exec pdqtest all

See .travis.yml for a working CI example