RubyGems - cloud-mu - Versions diffs - 1.9.0.pre.beta - Mend

cloud-mu 1.9.0.pre.beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (618) hide show

checksums.yaml +7 -0
data/Berksfile +56 -0
data/Berksfile.lock +250 -0
data/Jenkinsfile +184 -0
data/LICENSE.md +37 -0
data/README.md +26 -0
data/bin/mu-aws-setup +376 -0
data/bin/mu-cleanup +68 -0
data/bin/mu-configure +1133 -0
data/bin/mu-deploy +166 -0
data/bin/mu-firewall-allow-clients +30 -0
data/bin/mu-gcp-setup +200 -0
data/bin/mu-gen-docs +34 -0
data/bin/mu-gen-env +42 -0
data/bin/mu-load-config.rb +158 -0
data/bin/mu-node-manage +683 -0
data/bin/mu-self-update +228 -0
data/bin/mu-ssh +23 -0
data/bin/mu-tunnel-nagios +144 -0
data/bin/mu-upload-chef-artifacts +757 -0
data/bin/mu-user-manage +275 -0
data/cookbooks/awscli/LICENSE +37 -0
data/cookbooks/awscli/README.md +58 -0
data/cookbooks/awscli/attributes/default.rb +1 -0
data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
data/cookbooks/awscli/metadata.rb +20 -0
data/cookbooks/awscli/recipes/default.rb +56 -0
data/cookbooks/awscli/templates/default/config.erb +18 -0
data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
data/cookbooks/mu-activedirectory/LICENSE +37 -0
data/cookbooks/mu-activedirectory/README.md +6 -0
data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
data/cookbooks/mu-activedirectory/metadata.rb +17 -0
data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
data/cookbooks/mu-firewall/LICENSE +37 -0
data/cookbooks/mu-firewall/README.md +5 -0
data/cookbooks/mu-firewall/attributes/default.rb +3 -0
data/cookbooks/mu-firewall/metadata.rb +16 -0
data/cookbooks/mu-firewall/recipes/default.rb +10 -0
data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
data/cookbooks/mu-glusterfs/LICENSE +37 -0
data/cookbooks/mu-glusterfs/README.md +5 -0
data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
data/cookbooks/mu-glusterfs/metadata.rb +17 -0
data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
data/cookbooks/mu-jenkins/LICENSE +37 -0
data/cookbooks/mu-jenkins/README.md +105 -0
data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
data/cookbooks/mu-jenkins/metadata.rb +21 -0
data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
data/cookbooks/mu-master/CHANGELOG.md +13 -0
data/cookbooks/mu-master/LICENSE +37 -0
data/cookbooks/mu-master/README.md +6 -0
data/cookbooks/mu-master/attributes/default.rb +95 -0
data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
data/cookbooks/mu-master/files/default/pam_sshd +18 -0
data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-master/files/default/vimrc +19 -0
data/cookbooks/mu-master/libraries/mu.rb +29 -0
data/cookbooks/mu-master/metadata.rb +30 -0
data/cookbooks/mu-master/providers/user.rb +41 -0
data/cookbooks/mu-master/recipes/389ds.rb +164 -0
data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
data/cookbooks/mu-master/recipes/default.rb +451 -0
data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
data/cookbooks/mu-master/recipes/init.rb +542 -0
data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
data/cookbooks/mu-master/recipes/sssd.rb +89 -0
data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
data/cookbooks/mu-master/recipes/vault.rb +111 -0
data/cookbooks/mu-master/resources/user.rb +19 -0
data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
data/cookbooks/mu-mongo/LICENSE +37 -0
data/cookbooks/mu-mongo/README.md +5 -0
data/cookbooks/mu-mongo/attributes/default.rb +22 -0
data/cookbooks/mu-mongo/files/default/keyfile +16 -0
data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
data/cookbooks/mu-mongo/metadata.rb +17 -0
data/cookbooks/mu-mongo/recipes/default.rb +149 -0
data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
data/cookbooks/mu-openvpn/LICENSE +37 -0
data/cookbooks/mu-openvpn/README.md +6 -0
data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
data/cookbooks/mu-openvpn/metadata.rb +18 -0
data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
data/cookbooks/mu-php54/CHANGELOG.md +12 -0
data/cookbooks/mu-php54/LICENSE +37 -0
data/cookbooks/mu-php54/README.md +0 -0
data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
data/cookbooks/mu-php54/metadata.rb +21 -0
data/cookbooks/mu-php54/recipes/default.rb +97 -0
data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
data/cookbooks/mu-splunk/LICENSE +37 -0
data/cookbooks/mu-splunk/README.md +451 -0
data/cookbooks/mu-splunk/attributes/default.rb +95 -0
data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
data/cookbooks/mu-splunk/metadata.json +30 -0
data/cookbooks/mu-splunk/metadata.rb +17 -0
data/cookbooks/mu-splunk/recipes/client.rb +143 -0
data/cookbooks/mu-splunk/recipes/default.rb +31 -0
data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
data/cookbooks/mu-splunk/recipes/server.rb +53 -0
data/cookbooks/mu-splunk/recipes/service.rb +95 -0
data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
data/cookbooks/mu-splunk/recipes/user.rb +34 -0
data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
data/cookbooks/mu-tools/CHANGELOG.md +12 -0
data/cookbooks/mu-tools/LICENSE +37 -0
data/cookbooks/mu-tools/README.md +188 -0
data/cookbooks/mu-tools/attributes/default.rb +142 -0
data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
data/cookbooks/mu-tools/files/default/mypol.te +37 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
data/cookbooks/mu-tools/files/default/ntrights +0 -0
data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
data/cookbooks/mu-tools/libraries/helper.rb +292 -0
data/cookbooks/mu-tools/metadata.rb +28 -0
data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
data/cookbooks/mu-tools/recipes/efs.rb +70 -0
data/cookbooks/mu-tools/recipes/eks.rb +160 -0
data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
data/cookbooks/mu-tools/recipes/updates.rb +96 -0
data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
data/cookbooks/mu-tools/resources/disk.rb +88 -0
data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
data/cookbooks/mu-utility/CHANGELOG.md +12 -0
data/cookbooks/mu-utility/LICENSE +37 -0
data/cookbooks/mu-utility/README.md +6 -0
data/cookbooks/mu-utility/attributes/default.rb +1 -0
data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
data/cookbooks/mu-utility/metadata.rb +16 -0
data/cookbooks/mu-utility/recipes/apt.rb +23 -0
data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
data/cookbooks/mu-utility/recipes/luks.rb +18 -0
data/cookbooks/mu-utility/recipes/nat.rb +104 -0
data/cookbooks/mu-utility/recipes/php.rb +33 -0
data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
data/cookbooks/mu-utility/recipes/remi.rb +44 -0
data/cookbooks/mu-utility/recipes/vim.rb +26 -0
data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
data/cookbooks/mu-utility/recipes/zip.rb +26 -0
data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
data/cookbooks/nagios/Berksfile +8 -0
data/cookbooks/nagios/CHANGELOG.md +589 -0
data/cookbooks/nagios/CONTRIBUTING.md +11 -0
data/cookbooks/nagios/LICENSE +37 -0
data/cookbooks/nagios/README.md +328 -0
data/cookbooks/nagios/TESTING.md +2 -0
data/cookbooks/nagios/attributes/config.rb +171 -0
data/cookbooks/nagios/attributes/default.rb +228 -0
data/cookbooks/nagios/chefignore +102 -0
data/cookbooks/nagios/definitions/command.rb +33 -0
data/cookbooks/nagios/definitions/contact.rb +33 -0
data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
data/cookbooks/nagios/definitions/host.rb +33 -0
data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
data/cookbooks/nagios/definitions/resource.rb +33 -0
data/cookbooks/nagios/definitions/service.rb +33 -0
data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
data/cookbooks/nagios/libraries/base.rb +314 -0
data/cookbooks/nagios/libraries/command.rb +91 -0
data/cookbooks/nagios/libraries/contact.rb +230 -0
data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
data/cookbooks/nagios/libraries/custom_option.rb +36 -0
data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
data/cookbooks/nagios/libraries/default.rb +90 -0
data/cookbooks/nagios/libraries/host.rb +412 -0
data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
data/cookbooks/nagios/libraries/nagios.rb +282 -0
data/cookbooks/nagios/libraries/resource.rb +59 -0
data/cookbooks/nagios/libraries/service.rb +455 -0
data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
data/cookbooks/nagios/libraries/users_helper.rb +54 -0
data/cookbooks/nagios/metadata.rb +25 -0
data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
data/cookbooks/nagios/recipes/apache.rb +48 -0
data/cookbooks/nagios/recipes/default.rb +204 -0
data/cookbooks/nagios/recipes/nginx.rb +82 -0
data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
data/cookbooks/nagios/recipes/server_package.rb +40 -0
data/cookbooks/nagios/recipes/server_source.rb +164 -0
data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
data/cookbooks/s3fs/CHANGELOG.md +13 -0
data/cookbooks/s3fs/LICENSE +37 -0
data/cookbooks/s3fs/README.md +6 -0
data/cookbooks/s3fs/attributes/default.rb +15 -0
data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
data/cookbooks/s3fs/metadata.rb +16 -0
data/cookbooks/s3fs/recipes/default.rb +91 -0
data/data_bags/demo/app.json +7 -0
data/data_bags/nagios_services/chef.json +6 -0
data/data_bags/nagios_services/linux_diskspace.json +5 -0
data/data_bags/nagios_services/momma_cat.json +6 -0
data/data_bags/nagios_services/mu-master-memory.json +5 -0
data/data_bags/nagios_services/nagios_ui.json +6 -0
data/data_bags/nagios_services/node_ssh.json +6 -0
data/data_bags/nagios_services/ssh.json +6 -0
data/demo/lambda_test.yaml +29 -0
data/environments/DEV.json +8 -0
data/environments/PROD.json +8 -0
data/environments/dev.json +8 -0
data/environments/development.json +8 -0
data/environments/prod.json +8 -0
data/extras/README.md +1 -0
data/extras/admin-role-binding.yaml +16 -0
data/extras/admin-user.yaml +6 -0
data/extras/aws-auth-cm.yaml.erb +12 -0
data/extras/clean-stock-amis +48 -0
data/extras/git-fix-permissions-hook +12 -0
data/extras/gitlab-eks-helper.sh.erb +20 -0
data/extras/image-generators/README.md +2 -0
data/extras/image-generators/aws/centos6.yaml +18 -0
data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
data/extras/image-generators/aws/centos7.yaml +17 -0
data/extras/image-generators/aws/rhel7.yaml +17 -0
data/extras/image-generators/aws/win2k12.yaml +16 -0
data/extras/image-generators/aws/win2k16.yaml +16 -0
data/extras/image-generators/aws/windows.yaml +18 -0
data/extras/image-generators/gcp/centos6.yaml +17 -0
data/extras/lambda_waf_domain_blacklist.py +103 -0
data/extras/platform_berksfile_base +50 -0
data/extras/ruby_rpm/build.sh +17 -0
data/extras/ruby_rpm/muby.spec +44 -0
data/extras/vault_tools/README.md +6 -0
data/extras/vault_tools/export_vaults.sh +3 -0
data/extras/vault_tools/recreate_vaults.sh +5 -0
data/extras/vault_tools/test_vaults.sh +5 -0
data/install/README.md +8 -0
data/install/cfn_create_mu_master.json +1034 -0
data/install/chef-server.rb.erb +19 -0
data/install/deprecated-bash-library.sh +1891 -0
data/install/images/Usage.png +0 -0
data/install/installer +71 -0
data/install/jenkinskeys.rb +8 -0
data/install/user-dot-murc.erb +14 -0
data/modules/html.erb +19 -0
data/modules/mommacat.ru +426 -0
data/modules/mu/cleanup.rb +339 -0
data/modules/mu/cloud.rb +1446 -0
data/modules/mu/clouds/README.md +201 -0
data/modules/mu/clouds/aws/alarm.rb +319 -0
data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
data/modules/mu/clouds/aws/collection.rb +373 -0
data/modules/mu/clouds/aws/container_cluster.rb +667 -0
data/modules/mu/clouds/aws/database.rb +1836 -0
data/modules/mu/clouds/aws/dnszone.rb +911 -0
data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
data/modules/mu/clouds/aws/folder.rb +92 -0
data/modules/mu/clouds/aws/function.rb +349 -0
data/modules/mu/clouds/aws/group.rb +251 -0
data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
data/modules/mu/clouds/aws/log.rb +363 -0
data/modules/mu/clouds/aws/msg_queue.rb +480 -0
data/modules/mu/clouds/aws/notification.rb +139 -0
data/modules/mu/clouds/aws/role.rb +656 -0
data/modules/mu/clouds/aws/search_domain.rb +646 -0
data/modules/mu/clouds/aws/server.rb +2294 -0
data/modules/mu/clouds/aws/server_pool.rb +1388 -0
data/modules/mu/clouds/aws/storage_pool.rb +495 -0
data/modules/mu/clouds/aws/user.rb +382 -0
data/modules/mu/clouds/aws/userdata/README.md +4 -0
data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
data/modules/mu/clouds/aws/vpc.rb +1943 -0
data/modules/mu/clouds/aws.rb +1009 -0
data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
data/modules/mu/clouds/cloudformation/collection.rb +117 -0
data/modules/mu/clouds/cloudformation/database.rb +278 -0
data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
data/modules/mu/clouds/cloudformation/log.rb +170 -0
data/modules/mu/clouds/cloudformation/server.rb +370 -0
data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
data/modules/mu/clouds/cloudformation.rb +733 -0
data/modules/mu/clouds/docker.rb +30 -0
data/modules/mu/clouds/google/container_cluster.rb +290 -0
data/modules/mu/clouds/google/database.rb +152 -0
data/modules/mu/clouds/google/firewall_rule.rb +267 -0
data/modules/mu/clouds/google/group.rb +164 -0
data/modules/mu/clouds/google/loadbalancer.rb +479 -0
data/modules/mu/clouds/google/server.rb +1510 -0
data/modules/mu/clouds/google/server_pool.rb +274 -0
data/modules/mu/clouds/google/user.rb +266 -0
data/modules/mu/clouds/google/userdata/README.md +4 -0
data/modules/mu/clouds/google/userdata/linux.erb +137 -0
data/modules/mu/clouds/google/userdata/windows.erb +275 -0
data/modules/mu/clouds/google/vpc.rb +890 -0
data/modules/mu/clouds/google.rb +811 -0
data/modules/mu/config/README.md +11 -0
data/modules/mu/config/alarm.rb +271 -0
data/modules/mu/config/cache_cluster.rb +172 -0
data/modules/mu/config/collection.rb +87 -0
data/modules/mu/config/container_cluster.rb +103 -0
data/modules/mu/config/container_cluster.yml +36 -0
data/modules/mu/config/database.rb +458 -0
data/modules/mu/config/database.yml +26 -0
data/modules/mu/config/dnszone.rb +327 -0
data/modules/mu/config/firewall_rule.rb +118 -0
data/modules/mu/config/folder.rb +70 -0
data/modules/mu/config/function.rb +140 -0
data/modules/mu/config/group.rb +64 -0
data/modules/mu/config/loadbalancer.rb +482 -0
data/modules/mu/config/log.rb +47 -0
data/modules/mu/config/log.yml +6 -0
data/modules/mu/config/msg_queue.rb +47 -0
data/modules/mu/config/msg_queue.yml +9 -0
data/modules/mu/config/notification.rb +44 -0
data/modules/mu/config/project.rb +71 -0
data/modules/mu/config/role.rb +102 -0
data/modules/mu/config/search_domain.rb +61 -0
data/modules/mu/config/search_domain.yml +25 -0
data/modules/mu/config/server.rb +587 -0
data/modules/mu/config/server.yml +8 -0
data/modules/mu/config/server_pool.rb +216 -0
data/modules/mu/config/server_pool.yml +71 -0
data/modules/mu/config/storage_pool.rb +145 -0
data/modules/mu/config/user.rb +78 -0
data/modules/mu/config/vpc.rb +743 -0
data/modules/mu/config/vpc.yml +6 -0
data/modules/mu/config.rb +2000 -0
data/modules/mu/defaults/README.md +2 -0
data/modules/mu/defaults/amazon_images.yaml +121 -0
data/modules/mu/defaults/google_images.yaml +16 -0
data/modules/mu/deploy.rb +686 -0
data/modules/mu/groomer.rb +123 -0
data/modules/mu/groomers/README.md +58 -0
data/modules/mu/groomers/chef.rb +1024 -0
data/modules/mu/kittens.rb +11319 -0
data/modules/mu/logger.rb +208 -0
data/modules/mu/master/README.md +27 -0
data/modules/mu/master/chef.rb +471 -0
data/modules/mu/master/ldap.rb +1005 -0
data/modules/mu/master.rb +415 -0
data/modules/mu/mommacat.rb +2703 -0
data/modules/mu-load-config.rb +1 -0
data/modules/mu.rb +724 -0
data/modules/scratchpad.erb +1 -0
data/modules/tests/super_complex_bok.yml +41 -0
data/modules/tests/super_simple_bok.yml +40 -0
data/mu.gemspec +62 -0
data/roles/demo-dbservice-configure.json +19 -0
data/roles/demo-portal-configure.json +19 -0
data/roles/mu-master-jenkins.json +24 -0
data/roles/mu-master-nagios-only.json +13 -0
data/roles/mu-master.json +12 -0
data/roles/mu-node.json +19 -0
data/roles/mu-splunk-server.json +13 -0
data/roles/mu-splunk.json +13 -0
data/test/clean_up.py +25 -0
data/test/demo-test-profile/README.md +3 -0
data/test/demo-test-profile/controls/flask.rb +84 -0
data/test/demo-test-profile/inspec.lock +7 -0
data/test/demo-test-profile/inspec.yml +11 -0
data/test/etco-test-profile/README.md +3 -0
data/test/etco-test-profile/controls/all-in-one.rb +182 -0
data/test/etco-test-profile/inspec.lock +7 -0
data/test/etco-test-profile/inspec.yml +11 -0
data/test/exec_inspec.py +246 -0
data/test/exec_mu_install.py +241 -0
data/test/exec_retry.py +44 -0
data/test/mu-master-test/README.md +3 -0
data/test/mu-master-test/controls/all_in_one.rb +557 -0
data/test/mu-master-test/inspec.lock +3 -0
data/test/mu-master-test/inspec.yml +11 -0
data/test/mu-tools-test/README.md +3 -0
data/test/mu-tools-test/controls/base.rb +265 -0
data/test/mu-tools-test/inspec.lock +3 -0
data/test/mu-tools-test/inspec.yml +8 -0
data/test/simple-server-php-test/README.md +3 -0
data/test/simple-server-php-test/controls/apachephp.rb +25 -0
data/test/simple-server-php-test/controls/example.rb +19 -0
data/test/simple-server-php-test/inspec.lock +7 -0
data/test/simple-server-php-test/inspec.yml +12 -0
data/test/simple-server-rails-test/README.md +3 -0
data/test/simple-server-rails-test/controls/rails.rb +188 -0
data/test/simple-server-rails-test/inspec.lock +7 -0
data/test/simple-server-rails-test/inspec.yml +11 -0
data/test/simple-windows-test/README.md +3 -0
data/test/simple-windows-test/controls/windows.rb +20 -0
data/test/simple-windows-test/inspec.lock +7 -0
data/test/simple-windows-test/inspec.yml +11 -0
data/test/smoke_test.rb +75 -0
data/test/wordpress-test/README.md +3 -0
data/test/wordpress-test/controls/wordpress.rb +97 -0
data/test/wordpress-test/inspec.lock +7 -0
data/test/wordpress-test/inspec.yml +11 -0
metadata +979 -0

data/cookbooks/mu-activedirectory/providers/domain_node.rb ADDED Viewed

@@ -0,0 +1,275 @@
+#
+# Cookbook Name:: mu-activedirectory
+# Provider:: domain_node
+#
+# Copyright 2015, eGlobalTech,
+#
+# All rights reserved - Do Not Redistribute
+#
+require 'chef/mixin/shell_out'
+include Chef::Mixin::ShellOut
+include Chef::Mixin::PowershellOut
+def whyrun_supported?
+  true
+end
+action :add do
+  case node['platform']
+    when "windows"
+      set_client_dns
+      elevate_remote_access
+      join_domain_windows
+#      set_computer_name(join_domain_creds)
+    when platform_family?('rhel')
+      install_ad_client_packages
+      join_domain_linux
+    else
+      Chef::Log.info("Unsupported platform #{node['platform']}")
+  end
+end
+action :remove do
+  case node['platform']
+    when "windows"
+      unjoin_domain_windows
+    when platform_family?('rhel')
+      unjoin_domain_linux
+    else
+      Chef::Log.info("Unsupported platform #{node['platform']}")
+  end
+end
+# def load_current_resource
+# @current_resource = @new_resource.dup
+# end
+def join_domain_creds
+  "(New-Object System.Management.Automation.PSCredential('#{new_resource.netbios_name}\\#{new_resource.join_user}', (ConvertTo-SecureString '#{new_resource.join_password}' -AsPlainText -Force)))"
+end
+def join_domain_windows
+  unless in_domain?
+    # This will allow us to add a new computer account to the correct OU so the right group policy is applied
+    new_name = nil
+    new_name = "-NewName #{new_resource.computer_name}" if node['hostname'].downcase != new_resource.computer_name.downcase
+    if new_resource.computer_ou
+      code = "Add-Computer -DomainName #{new_resource.dns_name} -Credential#{join_domain_creds} #{new_name} -OUPath '#{new_resource.computer_ou}' -PassThru -Verbose -Force"
+    else
+      code = "Add-Computer -DomainName #{new_resource.dns_name} -Credential#{join_domain_creds} #{new_name} -PassThru -Verbose -Force"
+    end
+    Chef::Log.info("Joining #{new_resource.computer_name} node to #{new_resource.dns_name} domain")
+    cmd = powershell_out(code)
+    if cmd.stdout.include?("HasSucceeded") && cmd.stdout.include?("True")
+      Chef::Log.info("Domain Join was successful")
+      execute "kill ssh for reboot" do
+        command "Taskkill /im sshd.exe /f /t"
+        returns [0, 128]
+        action :nothing
+      end
+      reboot "Successfully joined #{new_resource.computer_name} to #{new_resource.dns_name} domain" do
+        action :reboot_now
+        reason "Successfully joined #{new_resource.computer_name} to #{new_resource.dns_name} domain"
+        notifies :run, "execute[kill ssh for reboot]", :immediately
+      end
+      kill_ssh
+    elsif cmd.stdout.include?("HasSucceeded") && cmd.stdout.include?("False")
+      Chef::Log.fatal("Domain Join was NOT successful")
+      Chef::Log.fatal("Domain join stderr #{cmd.stderr}")
+      Chef::Application.fatal!("Failed to join #{new_resource.computer_name} to #{new_resource.dns_name} domain")
+    else
+      Chef::Log.fatal("Something went wrong during domain join. Command to join domain was: #{code}")
+      Chef::Log.fatal("Domain join stderr #{cmd.stderr}")
+      Chef::Application.fatal!("Failed to join #{new_resource.computer_name} to #{new_resource.dns_name} domain")
+    end
+  end
+end
+def set_client_dns
+  cmd = powershell_out("Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses #{new_resource.dc_ips.join(", ")}")
+  Chef::Log.info("Set DNS addresses to #{new_resource.dc_ips.join(", ")}")
+end
+def unjoin_domain_windows
+  if in_domain?
+    Chef::Log.info("Removing #{new_resource.computer_name} node from #{new_resource.dns_name} domain")
+    cmd = powershell_out("Remove-Computer -UnjoinDomaincredential #{join_domain_creds} -Passthru -Verbose -Restart -Force")
+    Chef::Application.fatal!("Failed to remove #{new_resource.computer_name} from #{new_resource.dns_name} domain") unless cmd.exitstatus == 0
+    reboot "Removed #{new_resource.computer_name} from #{new_resource.dns_name} domain" do
+      action :reboot_now
+      reason "Removed #{new_resource.computer_name} from #{new_resource.dns_name} domain"
+    end
+    kill_ssh
+  end
+end
+def join_domain_linux
+  set_selinux_policies
+  config_ssh_ntp_dns
+  create_pam_winbind_directories
+  pam_winbind_lib
+  configure_winbind_kerberos_authentication
+  directory "#{node['ad']['samba_conf_dir']}/includes" do
+    mode 0755
+  end
+  template "#{node['ad']['samba_conf_dir']}/smb.conf" do
+    source "smb.conf.erb"
+    owner "root"
+    group "root"
+    mode 0644
+    notifies :restart, "service[smb]", :delayed
+    notifies :restart, "service[winbind]", :delayed
+    variables(
+        :domain_name => new_resource.dns_name,
+        :dcs => new_resource.dc_names,
+        :computer_name => new_resource.computer_name,
+        :netbios_name => new_resource.netbios_name,
+        :include_file => "#{node['ad']['samba_conf_dir']}/includes/#{node['ad']['samba_include_file']}"
+    )
+  end
+  # We no longer user Winbind to integrate with AD, but Samba relies on it, so
+  # we run it on top of adcli's Kerberos creds so that you can still use SMB.
+  execute "Join Winbind to domain #{new_resource.dns_name}" do
+    command "( echo '#{new_resource.join_password}' | kinit #{new_resource.join_user} ) ; net ads join #{new_resource.dns_name.downcase} -k -d 4"
+    sensitive true
+    not_if "net ads testjoin -k | grep OK"
+    notifies :restart, "service[winbind]", :delayed
+  end
+end
+def install_ad_client_packages
+  %w{samba4-winbind authconfig krb5-workstation pam_krb5 samba4-common oddjob-mkhomedir samba4-winbind-clients samba4-winbind-krb5-locator krb5-devel}.each { |pkg|
+    package pkg
+  }
+  if %w{centos redhat}.include?(node['platform']) && node['platform_version'].to_i == 7
+    # execute "systemctl enable smb.service "
+    package "samba"
+    service "smb" do
+      action :enable
+    end
+  end
+end
+def set_selinux_policies
+  # Disable SELinux. Need to test if existing policies below work without having to disabling SELinux.
+  execute "setenforce 0"
+  # Add Policies to SELinux to allow winbind and ssh to work correctly. TO DO - TEST THIS
+  %w{winbindpol sshd_pol}.each { |policy_file|
+    %w{te pp}.each { |ext|
+      cookbook_file "#{Chef::Config[:file_cache_path]}/#{policy_file}.#{ext}" do
+        source "#{policy_file}.#{ext}"
+      end
+    }
+    execute "semodule -i #{policy_file}.pp" do
+      cwd Chef::Config[:file_cache_path]
+      not_if "semodule -l | grep #{policy_file}"
+      notifies :restart, "service[winbind]", :immediately
+      notifies :restart, "service[sshd]", :immediately
+    end
+  }
+  execute "setsebool -P ssh_chroot_rw_homedirs 1" do
+    not_if "grep ssh_chroot_rw_homedirs=1 /etc/selinux/targeted/modules/active/booleans.local"
+  end
+end
+def config_ssh_ntp_dns
+  template "mu-activedirectory /etc/ntp.conf" do
+    path "/etc/ntp.conf"
+    source "ntp.conf.erb"
+    owner "root"
+    group "root"
+    mode 0644
+    variables(
+      :dcs => new_resource.dc_names
+    )
+  end
+  template "mu-activedirectory /etc/ssh/sshd_config" do
+    path "/etc/ssh/sshd_config"
+    source "sshd_config.erb"
+    owner "root"
+    group "root"
+    cookbook "mu-tools"
+    mode 0600
+    notifies :restart, "service[sshd]", :immediately
+    # variables(
+    # :allow_password_auth => new_resource.allow_password_auth,
+    # :allow_groups => new_resource.allow_groups,
+    # :sftp_only_group => new_resource.sftp_only_group,
+    # :sftp_chroot => new_resource.sftp_chroot
+    # )
+  end
+end
+def create_pam_winbind_directories
+  directory "/home/#{new_resource.dns_name}" do
+    owner "root"
+    group "root"
+    mode 0755
+    not_if { ::File.exists?("/home/#{new_resource.dns_name}") or ::File.symlink?("/home/#{new_resource.dns_name}")}
+  end
+  %w[/run /run/samba /run/samba/winbindd].each { |path|
+    directory path do
+      owner "root"
+      group "root"
+      mode 0755
+    end
+  }
+  directory "/etc/skel" do
+    owner "root"
+    group "root"
+    mode 0700
+  end
+  %w{.bashrc .bash_profile .bash_logout}.each { |file|
+    file "/etc/skel/#{file}" do
+      owner "root"
+      group "root"
+      mode 0600
+    end
+  }
+end
+def pam_winbind_lib
+  link "/lib64/security/pam_winbind.so" do
+    to "/usr/lib64/security/pam_winbind.so"
+  end
+  execute "echo 'session optional pam_umask.so umask=0077' >> /etc/pam.d/sshd" do
+    not_if "grep pam_umask.so /etc/pam.d/sshd"
+  end
+end
+def configure_winbind_kerberos_authentication
+  # Because authconfig doesn't always update those
+#  %w{password-auth system-auth}.each { |file|
+#    cookbook_file "/etc/pam.d/#{file}" do
+#      source file
+#      manage_symlink_source true
+#    end
+#  }
+end
+def unjoin_domain_linux
+  execute "Unjoin domain #{new_resource.dns_name}" do
+    command "net ads leave -U #{new_resource.join_user}%#{new_resource.join_password}"
+    sensitive true
+    only_if "net ads testjoin | grep OK"
+  end
+end

data/cookbooks/mu-activedirectory/recipes/default.rb ADDED Viewed

@@ -0,0 +1,8 @@
+#
+# Cookbook Name:: mu-activedirectory
+# Recipe:: default
+#
+# Copyright 2015, eGlobalTech,
+#
+# All rights reserved - Do Not Redistribute
+#

data/cookbooks/mu-activedirectory/recipes/domain-controller.rb ADDED Viewed

@@ -0,0 +1,44 @@
+#
+# Cookbook Name:: mu-activedirectory
+# Recipe:: domain-controller
+#
+# Copyright 2015, eGlobalTech,
+#
+# All rights reserved - Do Not Redistribute
+#
+include_recipe 'chef-vault'
+domain_admin = chef_vault_item(node['ad']['admin_auth']['vault'], node['ad']['admin_auth']['item'])
+can_add_controller = false
+case node['platform']
+  when "windows"
+    ::Chef::Recipe.send(:include, Chef::Mixin::PowershellOut)
+    require 'chef/win32/version'
+    version = Chef::ReservedNames::Win32::Version.new
+    if version.windows_server_2012? || version.windows_server_2012_r2?
+      can_add_controller = true
+    else
+      Chef::Log.info "Requires Windows Server 2012 or 2012R2, current version is #{version})"
+    end
+  when platform_family?('rhel')
+    # To do: Active Directory on Linux
+  else
+    Chef::Log.info("Unsupported platform #{node['platform']}")
+end
+if can_add_controller
+  mu_activedirectory_domain_controller node['ad']['domain_name'] do
+    netbios_name node['ad']['netbios_name']
+    domain_admin_user domain_admin[node['ad']['admin_auth']['username_field']]
+    domain_admin_password domain_admin[node['ad']['admin_auth']['password_field']]
+    restore_mode_password domain_admin[node['ad']['admin_auth']['password_field']]
+    site_name node['ad']['site_name']
+    computer_name node['ad']['computer_name']
+    sites node['ad']['sites']
+    existing_dc_ips node['ad']['dc_ips']
+  end
+end

data/cookbooks/mu-activedirectory/recipes/domain-node.rb ADDED Viewed

@@ -0,0 +1,50 @@
+#
+# Cookbook Name:: mu-activedirectory
+# Recipe:: domain-node
+#
+# Copyright 2015, eGlobalTech,
+#
+# All rights reserved - Do Not Redistribute
+#
+include_recipe 'chef-vault'
+domain_creds = nil
+if node.has_key?('ad') and node['ad'].has_key?('join_auth') and node['ad']['join_auth'].has_key?('vault') and node['ad']['join_auth'].has_key?('item') and !node['ad']['join_auth']['vault'].nil? and !node['ad']['join_auth']['item'].nil?
+  domain_creds = chef_vault_item(node['ad']['join_auth']['vault'], node['ad']['join_auth']['item'])
+end
+can_join_domain = false
+case node['platform']
+  when "windows"
+    ::Chef::Recipe.send(:include, Chef::Mixin::PowershellOut)
+    require 'chef/win32/version'
+    version = Chef::ReservedNames::Win32::Version.new
+    if version.windows_server_2012? || version.windows_server_2012_r2? || version.windows_server_2016?
+      can_join_domain = true
+    else
+      Chef::Log.info "Requires Windows Server 2012, 2012R2 or windows_server_2016"
+    end
+  when platform_family?('rhel')
+    if node['platform_version'].to_i >= 6
+      can_join_domain = true # just winbind, really
+      include_recipe "mu-activedirectory::sssd"
+    else
+      Chef::Log.info "Requires CentOS/RedHat 6/7. Current version is #{node['platform']} #{node['platform_version'].to_i}"
+    end
+  else
+    Chef::Log.info("Unsupported platform #{node['platform']}")
+end
+if can_join_domain and !domain_creds.nil?
+  mu_activedirectory_domain_node node['ad']['domain_name'] do
+    netbios_name node['ad']['netbios_name']
+    computer_name node['ad']['computer_name']
+    join_user domain_creds[node['ad']['join_auth']['username_field']]
+    join_password domain_creds[node['ad']['join_auth']['password_field']]
+    computer_ou node['ad']['computer_ou'] if node['ad']['computer_ou']
+    dc_ips node['ad']['dc_ips']
+    dc_names node['ad']['dcs']
+  end
+end

data/cookbooks/mu-activedirectory/recipes/domain.rb ADDED Viewed

@@ -0,0 +1,43 @@
+#
+# Cookbook Name:: mu-activedirectory
+# Recipe:: domain
+#
+# Copyright 2015, eGlobalTech,
+#
+# All rights reserved - Do Not Redistribute
+#
+include_recipe 'chef-vault'
+domain_admin = chef_vault_item(node['ad']['admin_auth']['vault'], node['ad']['admin_auth']['item'])
+can_create_domain = false
+case node['platform']
+  when "windows"
+    ::Chef::Recipe.send(:include, Chef::Mixin::PowershellOut)
+    require 'chef/win32/version'
+    version = Chef::ReservedNames::Win32::Version.new
+    if version.windows_server_2012? || version.windows_server_2012_r2?
+      can_create_domain = true
+    else
+      Chef::Log.info "Requires Windows Server 2012 or 2012R2, current version is #{version})"
+    end
+  when platform_family?('rhel')
+    # To do: Active Directory on Linux
+  else
+    Chef::Log.info("Unsupported platform #{node['platform']}")
+end
+if can_create_domain
+  mu_activedirectory_domain node['ad']['domain_name'] do
+    netbios_name node['ad']['netbios_name']
+    domain_admin_user domain_admin[node['ad']['admin_auth']['username_field']]
+    domain_admin_password domain_admin[node['ad']['admin_auth']['password_field']]
+    restore_mode_password domain_admin[node['ad']['admin_auth']['password_field']]
+    site_name node['ad']['site_name']
+    computer_name node['ad']['computer_name']
+    sites node['ad']['sites']
+    existing_dc_ips node['ad']['dc_ips']
+  end
+end

data/cookbooks/mu-activedirectory/recipes/sssd.rb ADDED Viewed

@@ -0,0 +1,185 @@
+#
+# Cookbook Name:: mu-activedirectory
+# Recipe:: sssd
+#
+# Copyright:: Copyright (c) 2016 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+case node['platform_family']
+  when "rhel"
+    %w{sshd winbind smb messagebus}.each { |svc|
+      begin
+        resources('service['+svc+']')
+      rescue Chef::Exceptions::ResourceNotFound
+        service svc do
+          action [:enable, :start]
+          only_if { ::File.exists?("/etc/init.d/#{svc}") }
+        end
+      end
+    }
+    begin
+      resources('service[network]')
+    rescue Chef::Exceptions::ResourceNotFound
+      service "network" do
+        only_if { ::File.exists?("/etc/init.d/network") }
+      end
+    end
+    packages = %w(epel-release dbus sssd sssd-ldap sssd-ad authconfig nscd oddjob-mkhomedir krb5-devel)
+    package packages
+    packages_uninstall = %w(nss-pam-ldapd pam_ldap)
+    package packages_uninstall do
+      action :remove
+    end
+    case elversion
+    when 7
+      package "adcli"
+      # trying to make sure Chef doesn’t try to start the service if it's already started
+      execute "sed -i 's/--nopidfile//' /usr/lib/systemd/system/messagebus.service && systemctl daemon-reload" do
+        only_if "grep '\--nopidfile' /usr/lib/systemd/system/messagebus.service"
+      end
+    end
+    service "nscd" do
+      action [:disable, :stop]
+    end
+    execute "restorecon -r /usr/sbin"
+    # SELinux Policy for oddjobd and its interaction with syslogd
+    cookbook_file "syslogd_oddjobd.pp" do
+      path "#{Chef::Config[:file_cache_path]}/syslogd_oddjobd.pp"
+    end
+    execute "Add oddjobd and syslogd interaction to SELinux allow list" do
+      command "/usr/sbin/semodule -i syslogd_oddjobd.pp"
+      cwd Chef::Config[:file_cache_path]
+      not_if "/usr/sbin/semodule -l | grep syslogd_oddjobd"
+      notifies :restart, "service[oddjobd]", :delayed
+    end
+    case elversion
+    when 6
+      service "oddjobd" do
+        start_command "sh -x /etc/init.d/oddjobd start" # seems to actually work
+        action [:enable, :start]
+      end
+      package %w(git automake libtool openldap-devel libxslt-devel)
+      git 'Clone ADCLI' do
+        repository 'git clone git://anongit.freedesktop.org/realmd/adcli'
+        revision 'master'
+        destination '/root'
+        action :sync
+      end
+      # execute "git clone git://anongit.freedesktop.org/realmd/adcli" do
+      #   cwd "/root"
+      #   not_if { ::Dir.exists?("/root/adcli") }
+      # end
+      # execute "git fetch && git pull" do
+      #   cwd "/root/adcli"
+      # end
+      build_essential 'name' do
+        compile_time  True
+      end
+      # This is our workaround until the RPM makes it way back into a repo
+      # somewhere. It was removed from EPEL after it became part of mainstream
+      # RHEL 6.8, but CentOS doesn't have it yet.
+      execute "compile adcli" do
+        cwd "/root/adcli"
+        command "./autogen.sh --disable-doc --prefix=/usr && make && make install"
+        not_if { ::File.exists?("/usr/sbin/adcli") }
+      end
+    when 7
+      # Seems to work on CentOS7
+      service "oddjobd" do
+        action [:enable, :start]
+      end
+    end
+    execute "/usr/sbin/authconfig --disablenis --disablecache --disablewinbind --disablewinbindauth --enablemkhomedir --disablekrb5 --enablesssd --enablesssdauth --enablelocauthorize --disableforcelegacy --disableldap --disableldapauth --updateall" do
+      notifies :restart, "service[oddjobd]", :immediately
+      notifies :reload, "service[sshd]", :delayed
+      not_if "grep pam_sss.so /etc/pam.d/password-auth"
+    end
+    include_recipe 'chef-vault'
+    domain_creds = chef_vault_item(node['ad']['join_auth']['vault'], node['ad']['join_auth']['item'])
+    service "sssd" do
+      action :nothing
+      notifies :restart, "service[sshd]", :immediately
+      only_if { ::File.exists?("/etc/krb5.keytab") }
+    end
+    directory "/etc/sssd"
+    template "/etc/sssd/sssd.conf" do
+      source "sssd.conf.erb"
+      mode 0600
+      cookbook "mu-activedirectory"
+      notifies :restart, "service[sssd]", :immediately
+      variables(
+        :domain => node['ad']['domain_name'],
+        'homedir' => node['ad']['homedir'],
+        :krb5keytabuser => node['ad']['computer_name'],
+        :short_domain => node['ad']['netbios_name'],
+        :base_dn => node['ad']['domain_name'].split(/\./).map { |x| "dc=#{x}" }.join(","),
+        :dcs => node['ad']['dc_ips']
+      )
+    end
+    template "/etc/dhcp/dhclient-eth0.conf" do
+      source "dhclient-eth0.conf.erb"
+      mode 0644
+      variables(
+        :domain => node['ad']['domain_name'],
+        'dc_ips' => node['ad']['dc_ips']
+      )
+      notifies :restart, "service[network]", :immediately unless %w{redhat centos}.include?(node['platform']) && node['platform_version'].to_i == 7
+    end
+    # If adcli fails mysteriously, look for bogus /etc/hosts entries pointing
+    # to your DCs. It seems to dumbly trust any reverse mapping it sees,
+    # whether or not the name matches the actual Kerberos tickets you et.
+    execute "Run ADCLI" do
+      not_if { ::File.exists?("/etc/krb5.keytab") }
+      command "echo -n '#{domain_creds[node['ad']['join_auth']['password_field']]}' | /usr/sbin/adcli join #{node['ad']['domain_name']} --domain-realm=#{node['ad']['domain_name'].upcase} -U #{domain_creds[node['ad']['join_auth']['username_field']]} --stdin-password"
+      notifies :restart, "service[sssd]", :immediately
+#      sensitive true
+    end
+    template "/etc/krb5.conf" do
+      source "krb5.conf.erb"
+      mode 0444
+      cookbook "mu-activedirectory"
+      notifies :restart, "service[sssd]", :immediately
+      variables(
+        'domain_name' => node['ad']['domain_name'],
+        :dcs => node['ad']['dc_ips']
+      )
+    end
+  else
+    Chef::Log.info("Unsupported platform #{node['platform']}")
+end

data/cookbooks/mu-activedirectory/resources/domain.rb ADDED Viewed

@@ -0,0 +1,25 @@
+#
+# Cookbook Name:: mu-activedirectory
+# Resource:: domain
+#
+# Copyright 2015, eGlobalTech,
+#
+# All rights reserved - Do Not Redistribute
+#
+actions :create, :delete
+default_action :create
+attribute :dns_name, :kind_of => String, :name_attribute => true, :required => true
+attribute :sites, :kind_of => Array, :required => false
+attribute :existing_dc_ips, :kind_of => Array, :required => false
+attribute :netbios_name, :kind_of => String, :required => true
+attribute :domain_admin_user, :kind_of => String, :required => true
+attribute :domain_admin_password, :kind_of => String, :required => true
+attribute :restore_mode_password, :kind_of => String, :required => true
+attribute :site_name, :kind_of => String, :default => node['ad']['site_name'], :required => false
+attribute :computer_name, :kind_of => String, :default => node['ad']['computer_name']
+attribute :ntds_static_port, :kind_of => Fixnum, :default => node['ad']['ntds_static_port']
+attribute :ntfrs_static_port, :kind_of => Fixnum, :default => node['ad']['ntfrs_static_port']
+attribute :dfsr_static_port, :kind_of => Fixnum, :default => node['ad']['dfsr_static_port']
+attribute :netlogon_static_port, :kind_of => Fixnum, :default => node['ad']['netlogon_static_port']

data/cookbooks/mu-activedirectory/resources/domain_controller.rb ADDED Viewed

@@ -0,0 +1,25 @@
+#
+# Cookbook Name:: mu-activedirectory
+# Resource:: domain_controller
+#
+# Copyright 2015, eGlobalTech,
+#
+# All rights reserved - Do Not Redistribute
+#
+actions :add, :remove
+default_action :add
+attribute :dns_name, :kind_of => String, :name_attribute => true, :required => true
+attribute :sites, :kind_of => Array, :required => false
+attribute :existing_dc_ips, :kind_of => Array, :required => false
+attribute :netbios_name, :kind_of => String, :required => true
+attribute :domain_admin_user, :kind_of => String, :required => true
+attribute :domain_admin_password, :kind_of => String, :required => true
+attribute :restore_mode_password, :kind_of => String, :required => true
+attribute :site_name, :kind_of => String, :default => node['ad']['site_name'], :required => false
+attribute :computer_name, :kind_of => String, :default => node['ad']['computer_name']
+attribute :ntds_static_port, :kind_of => Fixnum, :default => node['ad']['ntds_static_port']
+attribute :ntfrs_static_port, :kind_of => Fixnum, :default => node['ad']['ntfrs_static_port']
+attribute :dfsr_static_port, :kind_of => Fixnum, :default => node['ad']['dfsr_static_port']
+attribute :netlogon_static_port, :kind_of => Fixnum, :default => node['ad']['netlogon_static_port']

data/cookbooks/mu-activedirectory/resources/domain_node.rb ADDED Viewed

@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: mu-activedirectory
+# Resource:: domain_node
+#
+# Copyright 2015, eGlobalTech,
+#
+# All rights reserved - Do Not Redistribute
+#
+actions :add, :remove
+default_action :add
+attribute :dns_name, :kind_of => String, :name_attribute => true, :required => true
+attribute :dc_ips, :kind_of => Array, :required => true
+attribute :dc_names, :kind_of => Array, :required => true
+attribute :computer_name, :kind_of => String, :required => true
+attribute :netbios_name, :kind_of => String, :required => true
+attribute :join_user, :kind_of => String, :required => true
+attribute :join_password, :kind_of => String, :required => true
+attribute :computer_ou, :kind_of => String, :required => false

data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb ADDED Viewed

@@ -0,0 +1,4 @@
+interface "eth0" {
+  prepend domain-search "<%= @domain %>";
+  prepend domain-name-servers <%= @dc_ips.join(", ") %>;
+}