1

I am trying to modify a SSH configuration file to remove the arcfour, arcfour 128 and arcfour 256 algorithms in the /etc/ssh/sshd_config on 186 linux servers using puppet. Basically, I am doing a find and replace to remove those three algorithm types in the sshd_config file. I created a module called SSH_Test and am wondering what my next steps would be. I think I can use these resources, but I am unsure where to put them, and I am not sure if they are right

file_line { 'Ciphers':
  path  => '/etc/ssh/sshd_config',
  line  => 'arcfour, arcfour128, arcfour256',
  match => '',
}

New configuration from below comment

node default { 
  file { '/etc/motd':
    owner => 'root',
    group => 'root',
    mode => '0644',
    content => "\nAll hail the knife crab\n"
  }
}
Improve this question
3
  • Thanks for responding I really appreciate the help I'm circling back and trying to rebuild the puppet master and agents as they were on a older version and I've built out 3 new servers 2 agents and 1 master. I've put puppet 4.7 on all I've made a very simple site.pp file with the follow. My problem is when I try to to puppet agent -test on my agents i get a cannot parse environment production 500 error any ideas? node default { file { '/etc/motd': owner => 'root', group => 'root', mode => '0644', content => "\nAll hail the knife crab\n" } } Commented Oct 7, 2016 at 15:26
  • I will try the more advanced configuration below as soon as I am able as I am very new to puppet and trying to figure things out as a I go and any help is greatly appreciated Commented Oct 7, 2016 at 15:31
  • Turns out i just needed to add some 755 permission to the manifest directory my site.pp is working now and I will attempt to deal with ssh configuration now Commented Oct 7, 2016 at 16:52

1 Answer 1

Reset to default
1

Following the documentation for file_line provided here: https://forge.puppet.com/puppetlabs/stdlib/types

we have the following resource:

file_line { 'Ciphers':
  ensure            => absent,
  path              => '/etc/ssh/sshd_config',
  match             => '.*arcfour.*',
  multiple          => true,
  match_for_absence => true,
}

ensure to remove the line, path for the specified file, match for the lines to match with a regexp, multiple because you want this to act on multiple lines in a file, and match_for_absence so that the lines are removed when matched.

If you are using Puppet >= 4.0, or 3.8 with the future parser, then this can be made more precise and cleaner with a lambda. Let me know if you are.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.