Hi You can try setm - I'm not expert but have managed to use setm to do
what you need:
# Enable audit prior to daemon
augeas { 'set_audit':
incl => '/boot/grub/grub.conf',
lens => 'grub.lns',
changes => [
'setm title[*]/kernel/ audit 1',
],
}
and
# Ensure selinux=1 and enforcing=1 are set in grub.conf
augeas{ "grub-set-kernel-selinux":
incl => "/etc/grub.conf",
lens => "grub.lns",
changes => [
"setm title[*]/kernel/ selinux 1",
"setm title[*]/kernel/ enforcing 1",
],
}
On Thursday, 15 July 2010 09:23:21 UTC+12, Erinn Looney-Triggs wrote:
>
> I hope that the answer to this isn't posted up somewhere else, I have
> looked around and I haven't found much of anything, augeas documentation
> seems to be thin. Is there even full documentation for all the augeas
> function and language syntax? What I am trying to do is edit the
> grub.conf file and modify some parameters for each kernel line, remove
> rhgb, add audit = 1. I would like for this to happen on all kernels
> listed in /etc/grub.conf, so for audit I have:
>
> #Set audit=1 for grub.conf
> augeas {"kernel_audit":
> context => "/files/etc/grub.conf",
> changes => "set title[*]/kernel/audit 1",
> onlyif => "get title[*]/kernel/audit != 1",
> }
>
> This suprisingly works, but only for the first entry in grub.conf I say
> surprisingly because running the set command via augtool fails, so this
> behaviour is a bit different for the ruby bindings. Does anyone with
> some wicked augeas skill know how to express what I am trying to express
> here? Is it even possible?
>
> Second problem, rhgb. This is an empty node, as in it comes back rhgb =
> (none) in augtool, I am trying to write an onlyif rule but how do you
> match none?
>
> #Remove rhgb from kernel lines if it exists
> augeas {"kernel_rhgb":
> context => "/files/etc/grub.conf",
> changes => "remove title[*]/kernel/rhgb",
> onlyif => "match title[1]/kernel/rhgb == ['none']",
> }
>
> Now again I would really like it to match all, and remove from all,
> removal from all seems to work, but the match, as I said, fails. I have
> tried a lot of variants to the point where I don't think it is a text
> match, but I am not sure how to match it. Again I am just getting
> started with this stuff, my apologies if the answer is glaringly
> obvious, but please at least point me in the right direction.
>
> -Erinn
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/b797788a-169d-458a-8544-916e8966a6aa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
