diff --git a/ash-linux/el7/STIGbyID/cat2/RHEL-07-040660.sls b/ash-linux/el7/STIGbyID/cat2/RHEL-07-040660.sls index 94968f716..3ca33d8c0 100644 --- a/ash-linux/el7/STIGbyID/cat2/RHEL-07-040660.sls +++ b/ash-linux/el7/STIGbyID/cat2/RHEL-07-040660.sls @@ -44,6 +44,9 @@ notify_{{ stig_id }}-skipSet: - cwd: /root - stateful: True {%- else %} +include: + - ash-linux.el7.STIGbyID.cat2.restart_sshd + file_{{ stig_id }}-{{ cfgFile }}: file.replace: - name: '{{ cfgFile }}' @@ -53,10 +56,6 @@ file_{{ stig_id }}-{{ cfgFile }}: - not_found_content: |- # Inserted per STIG {{ stig_id }} {{ parmName }} {{ parmValu }} - -service_{{ stig_id }}-{{ cfgFile }}: - service.running: - - name: '{{ svcName }}' - - listen: - - file: file_{{ stig_id }}-{{ cfgFile }} + - onchanges_in: + - service: service_sshd_restart {%- endif %} diff --git a/ash-linux/el7/STIGbyID/cat2/RHEL-07-040670.sls b/ash-linux/el7/STIGbyID/cat2/RHEL-07-040670.sls index e235cee19..83bc06f0e 100644 --- a/ash-linux/el7/STIGbyID/cat2/RHEL-07-040670.sls +++ b/ash-linux/el7/STIGbyID/cat2/RHEL-07-040670.sls @@ -42,6 +42,9 @@ notify_{{ stig_id }}-skipSet: - cwd: /root - stateful: True {%- else %} +include: + - ash-linux.el7.STIGbyID.cat2.restart_sshd + file_{{ stig_id }}-{{ cfgFile }}: file.replace: - name: '{{ cfgFile }}' @@ -51,10 +54,6 @@ file_{{ stig_id }}-{{ cfgFile }}: - not_found_content: |- # Inserted per STIG {{ stig_id }} {{ parmName }} {{ parmValu }} - -service_{{ stig_id }}-{{ cfgFile }}: - service.running: - - name: '{{ svcName }}' - - listen: - - file: file_{{ stig_id }}-{{ cfgFile }} + - onchanges_in: + - service: service_sshd_restart {%- endif %} diff --git a/ash-linux/el7/STIGbyID/cat2/RHEL-07-040680.sls b/ash-linux/el7/STIGbyID/cat2/RHEL-07-040680.sls index e761dbe00..47e77f985 100644 --- a/ash-linux/el7/STIGbyID/cat2/RHEL-07-040680.sls +++ b/ash-linux/el7/STIGbyID/cat2/RHEL-07-040680.sls @@ -33,6 +33,9 @@ notify_{{ stig_id }}-skipSet: - cwd: /root - stateful: True {%- else %} +include: + - ash-linux.el7.STIGbyID.cat2.restart_sshd + file_{{ stig_id }}-{{ cfgFile }}: file.replace: - name: '{{ cfgFile }}' @@ -42,10 +45,6 @@ file_{{ stig_id }}-{{ cfgFile }}: - not_found_content: |- # Inserted per STIG {{ stig_id }} {{ parmName }} {{ parmValu }} - -service_{{ stig_id }}-{{ cfgFile }}: - service.running: - - name: '{{ svcName }}' - - listen: - - file: file_{{ stig_id }}-{{ cfgFile }} + - onchanges_in: + - service: service_sshd_restart {%- endif %} diff --git a/ash-linux/el7/STIGbyID/cat2/RHEL-07-040690.sls b/ash-linux/el7/STIGbyID/cat2/RHEL-07-040690.sls index e0de13668..fca05de50 100644 --- a/ash-linux/el7/STIGbyID/cat2/RHEL-07-040690.sls +++ b/ash-linux/el7/STIGbyID/cat2/RHEL-07-040690.sls @@ -31,6 +31,9 @@ notify_{{ stig_id }}-skipSet: - name: 'printf "\nchanged=no comment=''Handler for {{ stig_id }} has been selected for skip.''\n"' - cwd: /root {%- else %} +include: + - ash-linux.el7.STIGbyID.cat2.restart_sshd + file_{{ stig_id }}-{{ cfgFile }}: file.replace: - name: '{{ cfgFile }}' @@ -40,10 +43,6 @@ file_{{ stig_id }}-{{ cfgFile }}: - not_found_content: |- # Inserted per STIG {{ stig_id }} {{ parmName }} {{ parmValu }} - -service_{{ stig_id }}-{{ cfgFile }}: - service.running: - - name: '{{ svcName }}' - - listen: - - file: file_{{ stig_id }}-{{ cfgFile }} + - onchanges_in: + - service: service_sshd_restart {%- endif %} diff --git a/ash-linux/el7/STIGbyID/cat2/RHEL-07-040700.sls b/ash-linux/el7/STIGbyID/cat2/RHEL-07-040700.sls index e0e1f9a99..59506535f 100644 --- a/ash-linux/el7/STIGbyID/cat2/RHEL-07-040700.sls +++ b/ash-linux/el7/STIGbyID/cat2/RHEL-07-040700.sls @@ -33,6 +33,9 @@ notify_{{ stig_id }}-skipSet: - cwd: /root - stateful: True {%- else %} +include: + - ash-linux.el7.STIGbyID.cat2.restart_sshd + file_{{ stig_id }}-{{ cfgFile }}: file.replace: - name: '{{ cfgFile }}' @@ -42,10 +45,6 @@ file_{{ stig_id }}-{{ cfgFile }}: - not_found_content: |- # Inserted per STIG {{ stig_id }} {{ parmName }} {{ parmValu }} - -service_{{ stig_id }}-{{ cfgFile }}: - service.running: - - name: '{{ svcName }}' - - listen: - - file: file_{{ stig_id }}-{{ cfgFile }} + - onchanges_in: + - service: service_sshd_restart {%- endif %} diff --git a/ash-linux/el7/STIGbyID/cat2/files/restart_sshd.sh b/ash-linux/el7/STIGbyID/cat2/files/restart_sshd.sh new file mode 100644 index 000000000..957170812 --- /dev/null +++ b/ash-linux/el7/STIGbyID/cat2/files/restart_sshd.sh @@ -0,0 +1,21 @@ +# Restart sshd service if any of: +# +# Cause changes to the /etc/ssh/sshd_config file +# +################################################################# +# Standard outputter function +diag_out() { + echo "${1}" +} + +diag_out "----------------------------------------" +diag_out "Service Restart: sshd" +diag_out " Restart the sshd service if any of:" +diag_out " * file_RHEL-07-040690" +diag_out " * file_RHEL-07-040680" +diag_out " * file_RHEL-07-040660" +diag_out " * file_RHEL-07-040700" +diag_out " * file_RHEL-07-040670" +diag_out " Change the /etc/ssh/sshd_config file" +diag_out "----------------------------------------" + diff --git a/ash-linux/el7/STIGbyID/cat2/restart_sshd.sls b/ash-linux/el7/STIGbyID/cat2/restart_sshd.sls new file mode 100644 index 000000000..7e05a527c --- /dev/null +++ b/ash-linux/el7/STIGbyID/cat2/restart_sshd.sls @@ -0,0 +1,17 @@ +# Restart sshd service if any of: +# +# Cause changes to the /etc/ssh/sshd_config file +# +################################################################# +{%- set stig_id = 'restart_sshd' %} +{%- set helperLoc = 'ash-linux/el7/STIGbyID/cat2/files' %} +{%- set svcName = 'sshd' %} + +script_{{ stig_id }}-describe: + cmd.script: + - source: salt://{{ helperLoc }}/{{ stig_id }}.sh + - cwd: /root + +service_sshd_restart: + service.running: + - name: '{{ svcName }}'