From 33346b68ed7155478fd435af963c2eeaf63a5f8a Mon Sep 17 00:00:00 2001
From: Alain Lamar <alain_lamar@yahoo.de>
Date: Mon, 1 Jan 2018 12:43:23 +0100
Subject: T122: Add config nodes for user/group access controls in sshd_config

---
 templates/service/ssh/allow-groups/node.def | 11 +++++++++++
 templates/service/ssh/allow-users/node.def  | 11 +++++++++++
 templates/service/ssh/deny-groups/node.def  | 11 +++++++++++
 templates/service/ssh/deny-users/node.def   | 11 +++++++++++
 templates/service/ssh/sshd-option/node.def  |  8 ++++++++
 5 files changed, 52 insertions(+)
 create mode 100644 templates/service/ssh/allow-groups/node.def
 create mode 100644 templates/service/ssh/allow-users/node.def
 create mode 100644 templates/service/ssh/deny-groups/node.def
 create mode 100644 templates/service/ssh/deny-users/node.def
 create mode 100644 templates/service/ssh/sshd-option/node.def

diff --git a/templates/service/ssh/allow-groups/node.def b/templates/service/ssh/allow-groups/node.def
new file mode 100644
index 00000000..2d6aa75b
--- /dev/null
+++ b/templates/service/ssh/allow-groups/node.def
@@ -0,0 +1,11 @@
+type: txt
+help: Configure sshd_config access control for allowed groups.
+comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple groups can be specified as a comma-separated list.
+
+create: sudo sed -i -e '$ a \
+AllowGroups $VAR(@)' /etc/ssh/sshd_config
+
+delete: sudo sed -i -e '/^AllowGroups $VAR(@)$/d' /etc/ssh/sshd_config
+
+update: sudo sed -i -e '/^AllowGroups.*$/c \
+AllowGroups $VAR(@)' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/allow-users/node.def b/templates/service/ssh/allow-users/node.def
new file mode 100644
index 00000000..2052bf69
--- /dev/null
+++ b/templates/service/ssh/allow-users/node.def
@@ -0,0 +1,11 @@
+type: txt
+help: Configure sshd_config access control for allowed users.
+comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list.
+
+create: sudo sed -i -e '$ a \
+AllowUsers $VAR(@)' /etc/ssh/sshd_config
+
+delete: sudo sed -i -e '/^AllowUsers $VAR(@)$/d' /etc/ssh/sshd_config
+
+update: sudo sed -i -e '/^AllowUsers.*$/c \
+AllowUsers $VAR(@)' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/deny-groups/node.def b/templates/service/ssh/deny-groups/node.def
new file mode 100644
index 00000000..c2c8dcab
--- /dev/null
+++ b/templates/service/ssh/deny-groups/node.def
@@ -0,0 +1,11 @@
+type: txt
+help: Configure sshd_config access control for disallowed groups.
+comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple groups can be specified as a comma-separated list.
+
+create: sudo sed -i -e '$ a \
+DenyGroups $VAR(@)' /etc/ssh/sshd_config
+
+delete: sudo sed -i -e '/^DenyGroups $VAR(@)$/d' /etc/ssh/sshd_config
+
+update: sudo sed -i -e '/^DenyGroups.*$/c \
+DenyGroups $VAR(@)' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/deny-users/node.def b/templates/service/ssh/deny-users/node.def
new file mode 100644
index 00000000..a6426f90
--- /dev/null
+++ b/templates/service/ssh/deny-users/node.def
@@ -0,0 +1,11 @@
+type: txt
+help: Configure sshd_config access control for disallowed users.
+comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list.
+
+create: sudo sed -i -e '$ a \
+DenyUsers $VAR(@)' /etc/ssh/sshd_config
+
+delete: sudo sed -i -e '/^DenyUsers $VAR(@)$/d' /etc/ssh/sshd_config
+
+update: sudo sed -i -e '/^DenyUsers.*$/c \
+DenyUsers $VAR(@)' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/sshd-option/node.def b/templates/service/ssh/sshd-option/node.def
new file mode 100644
index 00000000..7f6ec7ec
--- /dev/null
+++ b/templates/service/ssh/sshd-option/node.def
@@ -0,0 +1,8 @@
+multi:
+type: txt
+help: Additional options for sshd_config
+
+create: sudo sed -i -e '$ a \
+$VAR(@)' /etc/ssh/sshd_config
+
+delete: sudo sed -i -e '/^$VAR(@)$/d' /etc/ssh/sshd_config
-- 
cgit v1.2.3