Merge pull request #303 from ferricoxide/Issue_297-II

ACTUALLY corrects the behavior in #297
plus3it · Mar 9, 2021 · 1f84c78 · 1f84c78
2 parents 5de3082 + becebd5
commit 1f84c78
Show file tree

Hide file tree

Showing 7 changed files with 63 additions and 30 deletions.
diff --git a/ash-linux/el7/STIGbyID/cat2/RHEL-07-040660.sls b/ash-linux/el7/STIGbyID/cat2/RHEL-07-040660.sls
@@ -44,6 +44,9 @@ notify_{{ stig_id }}-skipSet:
     - cwd: /root
     - stateful: True
 {%- else %}
+include:
+  - ash-linux.el7.STIGbyID.cat2.restart_sshd
+
 file_{{ stig_id }}-{{ cfgFile }}:
   file.replace:
     - name: '{{ cfgFile }}'
@@ -53,10 +56,6 @@ file_{{ stig_id }}-{{ cfgFile }}:
     - not_found_content: |-
         # Inserted per STIG {{ stig_id }}
         {{ parmName }} {{ parmValu }}
-
-service_{{ stig_id }}-{{ cfgFile }}:
-  service.running:
-    - name: '{{ svcName }}' 
-    - listen:
-      - file: file_{{ stig_id }}-{{ cfgFile }}
+    - onchanges_in:
+      - service: service_sshd_restart
 {%- endif %}
diff --git a/ash-linux/el7/STIGbyID/cat2/RHEL-07-040670.sls b/ash-linux/el7/STIGbyID/cat2/RHEL-07-040670.sls
@@ -42,6 +42,9 @@ notify_{{ stig_id }}-skipSet:
     - cwd: /root
     - stateful: True
 {%- else %}
+include:
+  - ash-linux.el7.STIGbyID.cat2.restart_sshd
+
 file_{{ stig_id }}-{{ cfgFile }}:
   file.replace:
     - name: '{{ cfgFile }}'
@@ -51,10 +54,6 @@ file_{{ stig_id }}-{{ cfgFile }}:
     - not_found_content: |-
         # Inserted per STIG {{ stig_id }}
         {{ parmName }} {{ parmValu }}
-
-service_{{ stig_id }}-{{ cfgFile }}:
-  service.running:
-    - name: '{{ svcName }}'
-    - listen:
-      - file: file_{{ stig_id }}-{{ cfgFile }}
+    - onchanges_in:
+      - service: service_sshd_restart
 {%- endif %}
diff --git a/ash-linux/el7/STIGbyID/cat2/RHEL-07-040680.sls b/ash-linux/el7/STIGbyID/cat2/RHEL-07-040680.sls
@@ -33,6 +33,9 @@ notify_{{ stig_id }}-skipSet:
     - cwd: /root
     - stateful: True
 {%- else %}
+include:
+  - ash-linux.el7.STIGbyID.cat2.restart_sshd
+
 file_{{ stig_id }}-{{ cfgFile }}:
   file.replace:
     - name: '{{ cfgFile }}'
@@ -42,10 +45,6 @@ file_{{ stig_id }}-{{ cfgFile }}:
     - not_found_content: |-
         # Inserted per STIG {{ stig_id }}
         {{ parmName }} {{ parmValu }}
-
-service_{{ stig_id }}-{{ cfgFile }}:
-  service.running:
-    - name: '{{ svcName }}'
-    - listen:
-      - file: file_{{ stig_id }}-{{ cfgFile }}
+    - onchanges_in:
+      - service: service_sshd_restart
 {%- endif %}
diff --git a/ash-linux/el7/STIGbyID/cat2/RHEL-07-040690.sls b/ash-linux/el7/STIGbyID/cat2/RHEL-07-040690.sls
@@ -31,6 +31,9 @@ notify_{{ stig_id }}-skipSet:
     - name: 'printf "\nchanged=no comment=''Handler for {{ stig_id }} has been selected for skip.''\n"'
     - cwd: /root
 {%- else %}
+include:
+  - ash-linux.el7.STIGbyID.cat2.restart_sshd
+
 file_{{ stig_id }}-{{ cfgFile }}:
   file.replace:
     - name: '{{ cfgFile }}'
@@ -40,10 +43,6 @@ file_{{ stig_id }}-{{ cfgFile }}:
     - not_found_content: |-
         # Inserted per STIG {{ stig_id }}
         {{ parmName }} {{ parmValu }}
-
-service_{{ stig_id }}-{{ cfgFile }}:
-  service.running:
-    - name: '{{ svcName }}'
-    - listen:
-      - file: file_{{ stig_id }}-{{ cfgFile }}
+    - onchanges_in:
+      - service: service_sshd_restart
 {%- endif %}
diff --git a/ash-linux/el7/STIGbyID/cat2/RHEL-07-040700.sls b/ash-linux/el7/STIGbyID/cat2/RHEL-07-040700.sls
@@ -33,6 +33,9 @@ notify_{{ stig_id }}-skipSet:
     - cwd: /root
     - stateful: True
 {%- else %}
+include:
+  - ash-linux.el7.STIGbyID.cat2.restart_sshd
+
 file_{{ stig_id }}-{{ cfgFile }}:
   file.replace:
     - name: '{{ cfgFile }}'
@@ -42,10 +45,6 @@ file_{{ stig_id }}-{{ cfgFile }}:
     - not_found_content: |-
         # Inserted per STIG {{ stig_id }}
         {{ parmName }} {{ parmValu }}
-
-service_{{ stig_id }}-{{ cfgFile }}:
-  service.running:
-    - name: '{{ svcName }}'
-    - listen:
-      - file: file_{{ stig_id }}-{{ cfgFile }}
+    - onchanges_in:
+      - service: service_sshd_restart
 {%- endif %}
diff --git a/ash-linux/el7/STIGbyID/cat2/files/restart_sshd.sh b/ash-linux/el7/STIGbyID/cat2/files/restart_sshd.sh
@@ -0,0 +1,21 @@
+# Restart sshd service if any of:
+# 
+# Cause changes to the /etc/ssh/sshd_config file
+#
+#################################################################
+# Standard outputter function
+diag_out() {
+   echo "${1}"
+}
+
+diag_out "----------------------------------------"
+diag_out "Service Restart: sshd"
+diag_out "   Restart the sshd service if any of:"
+diag_out "   * file_RHEL-07-040690"
+diag_out "   * file_RHEL-07-040680"
+diag_out "   * file_RHEL-07-040660"
+diag_out "   * file_RHEL-07-040700"
+diag_out "   * file_RHEL-07-040670"
+diag_out "   Change the /etc/ssh/sshd_config file"
+diag_out "----------------------------------------"
+
diff --git a/ash-linux/el7/STIGbyID/cat2/restart_sshd.sls b/ash-linux/el7/STIGbyID/cat2/restart_sshd.sls
@@ -0,0 +1,17 @@
+# Restart sshd service if any of:
+# 
+# Cause changes to the /etc/ssh/sshd_config file
+#
+#################################################################
+{%- set stig_id = 'restart_sshd' %}
+{%- set helperLoc = 'ash-linux/el7/STIGbyID/cat2/files' %}
+{%- set svcName = 'sshd' %}
+
+script_{{ stig_id }}-describe:
+  cmd.script:
+    - source: salt://{{ helperLoc }}/{{ stig_id }}.sh
+    - cwd: /root
+
+service_sshd_restart:
+  service.running:
+    - name: '{{ svcName }}'