added mail_dir attribute and moved component attributes to attributes… (#209)

* added mail_dir attribute and moved component attributes to attributes folder from recipe file

* fixed spec test

* fixed lint issues

Author: ekelson-bcove

attributes/default.rb

@@ -55,6 +55,10 @@
   default['os-hardening']['packages']['auditd'] = 'audit'
 end
 
+%w[packages limits login_defs minimize_access pam profile securetty].each do |cp|
+  node.default['os-hardening']['components'][cp] = true
+end
+
 # rhel, centos autoconf configuration
 default['os-hardening']['authconfig']['shadow']['enable'] = true
 default['os-hardening']['authconfig']['md5']['enable'] = true
@@ -71,6 +75,7 @@
 default['os-hardening']['auth']['pw_warn_age']                        = 7
 default['os-hardening']['auth']['retries']                            = 5
 default['os-hardening']['auth']['lockout_time']                       = 600 # 10min
+default['os-hardening']['auth']['maildir']                            = '/var/mail'
 default['os-hardening']['auth']['timeout']                            = 60
 default['os-hardening']['auth']['allow_homeless']                     = false
 default['os-hardening']['auth']['pam']['passwdqc']['options']           = 'min=disabled,disabled,16,12,8'

recipes/default.rb

@@ -27,11 +27,6 @@
 # override['os-hardening']['components']['sysctl'] = false
 #
 
-# generic components, include them per default
-%w[packages limits login_defs minimize_access pam profile securetty].each do |cp|
-  node.default['os-hardening']['components'][cp] = true
-end
-
 node.default['os-hardening']['components']['suid_sgid'] = node['os-hardening']['security']['suid_sgid']['enforce']
 
 # components which are not suitable for containers

recipes/login_defs.rb

@@ -39,6 +39,7 @@
     sys_uid_min: node['os-hardening']['auth']['sys_uid_min'],
     sys_uid_max: node['os-hardening']['auth']['sys_uid_max'],
     sys_gid_min: node['os-hardening']['auth']['sys_gid_min'],
-    sys_gid_max: node['os-hardening']['auth']['sys_gid_max']
+    sys_gid_max: node['os-hardening']['auth']['sys_gid_max'],
+    mail_dir: node['os-hardening']['auth']['maildir']
   )
 end

spec/recipes/login_defs_spec.rb

@@ -47,7 +47,8 @@
         sys_uid_min: 100,
         sys_uid_max: 999,
         sys_gid_min: 100,
-        sys_gid_max: 999
+        sys_gid_max: 999,
+        mail_dir: '/var/mail'
       }
     )
   end

templates/default/login.defs.erb

@@ -23,7 +23,7 @@
 # 
 # See default PAM configuration files provided for login, su, etc.
 # This is a temporary situation: setting these variables will soon move to `/etc/default/useradd` and the variables will then be no more supported
-MAIL_DIR        /var/mail
+MAIL_DIR        <%= @mail_dir %>
 #MAIL_FILE      .mail
 
 # Enable logging and display of `/var/log/faillog` login failure info. This option conflicts with the `pam_tally` PAM module.