RubyGems - cloud-mu - Versions diffs - 1.9.0.pre.beta - Mend

cloud-mu 1.9.0.pre.beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (618) hide show

checksums.yaml +7 -0
data/Berksfile +56 -0
data/Berksfile.lock +250 -0
data/Jenkinsfile +184 -0
data/LICENSE.md +37 -0
data/README.md +26 -0
data/bin/mu-aws-setup +376 -0
data/bin/mu-cleanup +68 -0
data/bin/mu-configure +1133 -0
data/bin/mu-deploy +166 -0
data/bin/mu-firewall-allow-clients +30 -0
data/bin/mu-gcp-setup +200 -0
data/bin/mu-gen-docs +34 -0
data/bin/mu-gen-env +42 -0
data/bin/mu-load-config.rb +158 -0
data/bin/mu-node-manage +683 -0
data/bin/mu-self-update +228 -0
data/bin/mu-ssh +23 -0
data/bin/mu-tunnel-nagios +144 -0
data/bin/mu-upload-chef-artifacts +757 -0
data/bin/mu-user-manage +275 -0
data/cookbooks/awscli/LICENSE +37 -0
data/cookbooks/awscli/README.md +58 -0
data/cookbooks/awscli/attributes/default.rb +1 -0
data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
data/cookbooks/awscli/metadata.rb +20 -0
data/cookbooks/awscli/recipes/default.rb +56 -0
data/cookbooks/awscli/templates/default/config.erb +18 -0
data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
data/cookbooks/mu-activedirectory/LICENSE +37 -0
data/cookbooks/mu-activedirectory/README.md +6 -0
data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
data/cookbooks/mu-activedirectory/metadata.rb +17 -0
data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
data/cookbooks/mu-firewall/LICENSE +37 -0
data/cookbooks/mu-firewall/README.md +5 -0
data/cookbooks/mu-firewall/attributes/default.rb +3 -0
data/cookbooks/mu-firewall/metadata.rb +16 -0
data/cookbooks/mu-firewall/recipes/default.rb +10 -0
data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
data/cookbooks/mu-glusterfs/LICENSE +37 -0
data/cookbooks/mu-glusterfs/README.md +5 -0
data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
data/cookbooks/mu-glusterfs/metadata.rb +17 -0
data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
data/cookbooks/mu-jenkins/LICENSE +37 -0
data/cookbooks/mu-jenkins/README.md +105 -0
data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
data/cookbooks/mu-jenkins/metadata.rb +21 -0
data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
data/cookbooks/mu-master/CHANGELOG.md +13 -0
data/cookbooks/mu-master/LICENSE +37 -0
data/cookbooks/mu-master/README.md +6 -0
data/cookbooks/mu-master/attributes/default.rb +95 -0
data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
data/cookbooks/mu-master/files/default/pam_sshd +18 -0
data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-master/files/default/vimrc +19 -0
data/cookbooks/mu-master/libraries/mu.rb +29 -0
data/cookbooks/mu-master/metadata.rb +30 -0
data/cookbooks/mu-master/providers/user.rb +41 -0
data/cookbooks/mu-master/recipes/389ds.rb +164 -0
data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
data/cookbooks/mu-master/recipes/default.rb +451 -0
data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
data/cookbooks/mu-master/recipes/init.rb +542 -0
data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
data/cookbooks/mu-master/recipes/sssd.rb +89 -0
data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
data/cookbooks/mu-master/recipes/vault.rb +111 -0
data/cookbooks/mu-master/resources/user.rb +19 -0
data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
data/cookbooks/mu-mongo/LICENSE +37 -0
data/cookbooks/mu-mongo/README.md +5 -0
data/cookbooks/mu-mongo/attributes/default.rb +22 -0
data/cookbooks/mu-mongo/files/default/keyfile +16 -0
data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
data/cookbooks/mu-mongo/metadata.rb +17 -0
data/cookbooks/mu-mongo/recipes/default.rb +149 -0
data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
data/cookbooks/mu-openvpn/LICENSE +37 -0
data/cookbooks/mu-openvpn/README.md +6 -0
data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
data/cookbooks/mu-openvpn/metadata.rb +18 -0
data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
data/cookbooks/mu-php54/CHANGELOG.md +12 -0
data/cookbooks/mu-php54/LICENSE +37 -0
data/cookbooks/mu-php54/README.md +0 -0
data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
data/cookbooks/mu-php54/metadata.rb +21 -0
data/cookbooks/mu-php54/recipes/default.rb +97 -0
data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
data/cookbooks/mu-splunk/LICENSE +37 -0
data/cookbooks/mu-splunk/README.md +451 -0
data/cookbooks/mu-splunk/attributes/default.rb +95 -0
data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
data/cookbooks/mu-splunk/metadata.json +30 -0
data/cookbooks/mu-splunk/metadata.rb +17 -0
data/cookbooks/mu-splunk/recipes/client.rb +143 -0
data/cookbooks/mu-splunk/recipes/default.rb +31 -0
data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
data/cookbooks/mu-splunk/recipes/server.rb +53 -0
data/cookbooks/mu-splunk/recipes/service.rb +95 -0
data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
data/cookbooks/mu-splunk/recipes/user.rb +34 -0
data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
data/cookbooks/mu-tools/CHANGELOG.md +12 -0
data/cookbooks/mu-tools/LICENSE +37 -0
data/cookbooks/mu-tools/README.md +188 -0
data/cookbooks/mu-tools/attributes/default.rb +142 -0
data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
data/cookbooks/mu-tools/files/default/mypol.te +37 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
data/cookbooks/mu-tools/files/default/ntrights +0 -0
data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
data/cookbooks/mu-tools/libraries/helper.rb +292 -0
data/cookbooks/mu-tools/metadata.rb +28 -0
data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
data/cookbooks/mu-tools/recipes/efs.rb +70 -0
data/cookbooks/mu-tools/recipes/eks.rb +160 -0
data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
data/cookbooks/mu-tools/recipes/updates.rb +96 -0
data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
data/cookbooks/mu-tools/resources/disk.rb +88 -0
data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
data/cookbooks/mu-utility/CHANGELOG.md +12 -0
data/cookbooks/mu-utility/LICENSE +37 -0
data/cookbooks/mu-utility/README.md +6 -0
data/cookbooks/mu-utility/attributes/default.rb +1 -0
data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
data/cookbooks/mu-utility/metadata.rb +16 -0
data/cookbooks/mu-utility/recipes/apt.rb +23 -0
data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
data/cookbooks/mu-utility/recipes/luks.rb +18 -0
data/cookbooks/mu-utility/recipes/nat.rb +104 -0
data/cookbooks/mu-utility/recipes/php.rb +33 -0
data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
data/cookbooks/mu-utility/recipes/remi.rb +44 -0
data/cookbooks/mu-utility/recipes/vim.rb +26 -0
data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
data/cookbooks/mu-utility/recipes/zip.rb +26 -0
data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
data/cookbooks/nagios/Berksfile +8 -0
data/cookbooks/nagios/CHANGELOG.md +589 -0
data/cookbooks/nagios/CONTRIBUTING.md +11 -0
data/cookbooks/nagios/LICENSE +37 -0
data/cookbooks/nagios/README.md +328 -0
data/cookbooks/nagios/TESTING.md +2 -0
data/cookbooks/nagios/attributes/config.rb +171 -0
data/cookbooks/nagios/attributes/default.rb +228 -0
data/cookbooks/nagios/chefignore +102 -0
data/cookbooks/nagios/definitions/command.rb +33 -0
data/cookbooks/nagios/definitions/contact.rb +33 -0
data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
data/cookbooks/nagios/definitions/host.rb +33 -0
data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
data/cookbooks/nagios/definitions/resource.rb +33 -0
data/cookbooks/nagios/definitions/service.rb +33 -0
data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
data/cookbooks/nagios/libraries/base.rb +314 -0
data/cookbooks/nagios/libraries/command.rb +91 -0
data/cookbooks/nagios/libraries/contact.rb +230 -0
data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
data/cookbooks/nagios/libraries/custom_option.rb +36 -0
data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
data/cookbooks/nagios/libraries/default.rb +90 -0
data/cookbooks/nagios/libraries/host.rb +412 -0
data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
data/cookbooks/nagios/libraries/nagios.rb +282 -0
data/cookbooks/nagios/libraries/resource.rb +59 -0
data/cookbooks/nagios/libraries/service.rb +455 -0
data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
data/cookbooks/nagios/libraries/users_helper.rb +54 -0
data/cookbooks/nagios/metadata.rb +25 -0
data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
data/cookbooks/nagios/recipes/apache.rb +48 -0
data/cookbooks/nagios/recipes/default.rb +204 -0
data/cookbooks/nagios/recipes/nginx.rb +82 -0
data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
data/cookbooks/nagios/recipes/server_package.rb +40 -0
data/cookbooks/nagios/recipes/server_source.rb +164 -0
data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
data/cookbooks/s3fs/CHANGELOG.md +13 -0
data/cookbooks/s3fs/LICENSE +37 -0
data/cookbooks/s3fs/README.md +6 -0
data/cookbooks/s3fs/attributes/default.rb +15 -0
data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
data/cookbooks/s3fs/metadata.rb +16 -0
data/cookbooks/s3fs/recipes/default.rb +91 -0
data/data_bags/demo/app.json +7 -0
data/data_bags/nagios_services/chef.json +6 -0
data/data_bags/nagios_services/linux_diskspace.json +5 -0
data/data_bags/nagios_services/momma_cat.json +6 -0
data/data_bags/nagios_services/mu-master-memory.json +5 -0
data/data_bags/nagios_services/nagios_ui.json +6 -0
data/data_bags/nagios_services/node_ssh.json +6 -0
data/data_bags/nagios_services/ssh.json +6 -0
data/demo/lambda_test.yaml +29 -0
data/environments/DEV.json +8 -0
data/environments/PROD.json +8 -0
data/environments/dev.json +8 -0
data/environments/development.json +8 -0
data/environments/prod.json +8 -0
data/extras/README.md +1 -0
data/extras/admin-role-binding.yaml +16 -0
data/extras/admin-user.yaml +6 -0
data/extras/aws-auth-cm.yaml.erb +12 -0
data/extras/clean-stock-amis +48 -0
data/extras/git-fix-permissions-hook +12 -0
data/extras/gitlab-eks-helper.sh.erb +20 -0
data/extras/image-generators/README.md +2 -0
data/extras/image-generators/aws/centos6.yaml +18 -0
data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
data/extras/image-generators/aws/centos7.yaml +17 -0
data/extras/image-generators/aws/rhel7.yaml +17 -0
data/extras/image-generators/aws/win2k12.yaml +16 -0
data/extras/image-generators/aws/win2k16.yaml +16 -0
data/extras/image-generators/aws/windows.yaml +18 -0
data/extras/image-generators/gcp/centos6.yaml +17 -0
data/extras/lambda_waf_domain_blacklist.py +103 -0
data/extras/platform_berksfile_base +50 -0
data/extras/ruby_rpm/build.sh +17 -0
data/extras/ruby_rpm/muby.spec +44 -0
data/extras/vault_tools/README.md +6 -0
data/extras/vault_tools/export_vaults.sh +3 -0
data/extras/vault_tools/recreate_vaults.sh +5 -0
data/extras/vault_tools/test_vaults.sh +5 -0
data/install/README.md +8 -0
data/install/cfn_create_mu_master.json +1034 -0
data/install/chef-server.rb.erb +19 -0
data/install/deprecated-bash-library.sh +1891 -0
data/install/images/Usage.png +0 -0
data/install/installer +71 -0
data/install/jenkinskeys.rb +8 -0
data/install/user-dot-murc.erb +14 -0
data/modules/html.erb +19 -0
data/modules/mommacat.ru +426 -0
data/modules/mu/cleanup.rb +339 -0
data/modules/mu/cloud.rb +1446 -0
data/modules/mu/clouds/README.md +201 -0
data/modules/mu/clouds/aws/alarm.rb +319 -0
data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
data/modules/mu/clouds/aws/collection.rb +373 -0
data/modules/mu/clouds/aws/container_cluster.rb +667 -0
data/modules/mu/clouds/aws/database.rb +1836 -0
data/modules/mu/clouds/aws/dnszone.rb +911 -0
data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
data/modules/mu/clouds/aws/folder.rb +92 -0
data/modules/mu/clouds/aws/function.rb +349 -0
data/modules/mu/clouds/aws/group.rb +251 -0
data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
data/modules/mu/clouds/aws/log.rb +363 -0
data/modules/mu/clouds/aws/msg_queue.rb +480 -0
data/modules/mu/clouds/aws/notification.rb +139 -0
data/modules/mu/clouds/aws/role.rb +656 -0
data/modules/mu/clouds/aws/search_domain.rb +646 -0
data/modules/mu/clouds/aws/server.rb +2294 -0
data/modules/mu/clouds/aws/server_pool.rb +1388 -0
data/modules/mu/clouds/aws/storage_pool.rb +495 -0
data/modules/mu/clouds/aws/user.rb +382 -0
data/modules/mu/clouds/aws/userdata/README.md +4 -0
data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
data/modules/mu/clouds/aws/vpc.rb +1943 -0
data/modules/mu/clouds/aws.rb +1009 -0
data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
data/modules/mu/clouds/cloudformation/collection.rb +117 -0
data/modules/mu/clouds/cloudformation/database.rb +278 -0
data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
data/modules/mu/clouds/cloudformation/log.rb +170 -0
data/modules/mu/clouds/cloudformation/server.rb +370 -0
data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
data/modules/mu/clouds/cloudformation.rb +733 -0
data/modules/mu/clouds/docker.rb +30 -0
data/modules/mu/clouds/google/container_cluster.rb +290 -0
data/modules/mu/clouds/google/database.rb +152 -0
data/modules/mu/clouds/google/firewall_rule.rb +267 -0
data/modules/mu/clouds/google/group.rb +164 -0
data/modules/mu/clouds/google/loadbalancer.rb +479 -0
data/modules/mu/clouds/google/server.rb +1510 -0
data/modules/mu/clouds/google/server_pool.rb +274 -0
data/modules/mu/clouds/google/user.rb +266 -0
data/modules/mu/clouds/google/userdata/README.md +4 -0
data/modules/mu/clouds/google/userdata/linux.erb +137 -0
data/modules/mu/clouds/google/userdata/windows.erb +275 -0
data/modules/mu/clouds/google/vpc.rb +890 -0
data/modules/mu/clouds/google.rb +811 -0
data/modules/mu/config/README.md +11 -0
data/modules/mu/config/alarm.rb +271 -0
data/modules/mu/config/cache_cluster.rb +172 -0
data/modules/mu/config/collection.rb +87 -0
data/modules/mu/config/container_cluster.rb +103 -0
data/modules/mu/config/container_cluster.yml +36 -0
data/modules/mu/config/database.rb +458 -0
data/modules/mu/config/database.yml +26 -0
data/modules/mu/config/dnszone.rb +327 -0
data/modules/mu/config/firewall_rule.rb +118 -0
data/modules/mu/config/folder.rb +70 -0
data/modules/mu/config/function.rb +140 -0
data/modules/mu/config/group.rb +64 -0
data/modules/mu/config/loadbalancer.rb +482 -0
data/modules/mu/config/log.rb +47 -0
data/modules/mu/config/log.yml +6 -0
data/modules/mu/config/msg_queue.rb +47 -0
data/modules/mu/config/msg_queue.yml +9 -0
data/modules/mu/config/notification.rb +44 -0
data/modules/mu/config/project.rb +71 -0
data/modules/mu/config/role.rb +102 -0
data/modules/mu/config/search_domain.rb +61 -0
data/modules/mu/config/search_domain.yml +25 -0
data/modules/mu/config/server.rb +587 -0
data/modules/mu/config/server.yml +8 -0
data/modules/mu/config/server_pool.rb +216 -0
data/modules/mu/config/server_pool.yml +71 -0
data/modules/mu/config/storage_pool.rb +145 -0
data/modules/mu/config/user.rb +78 -0
data/modules/mu/config/vpc.rb +743 -0
data/modules/mu/config/vpc.yml +6 -0
data/modules/mu/config.rb +2000 -0
data/modules/mu/defaults/README.md +2 -0
data/modules/mu/defaults/amazon_images.yaml +121 -0
data/modules/mu/defaults/google_images.yaml +16 -0
data/modules/mu/deploy.rb +686 -0
data/modules/mu/groomer.rb +123 -0
data/modules/mu/groomers/README.md +58 -0
data/modules/mu/groomers/chef.rb +1024 -0
data/modules/mu/kittens.rb +11319 -0
data/modules/mu/logger.rb +208 -0
data/modules/mu/master/README.md +27 -0
data/modules/mu/master/chef.rb +471 -0
data/modules/mu/master/ldap.rb +1005 -0
data/modules/mu/master.rb +415 -0
data/modules/mu/mommacat.rb +2703 -0
data/modules/mu-load-config.rb +1 -0
data/modules/mu.rb +724 -0
data/modules/scratchpad.erb +1 -0
data/modules/tests/super_complex_bok.yml +41 -0
data/modules/tests/super_simple_bok.yml +40 -0
data/mu.gemspec +62 -0
data/roles/demo-dbservice-configure.json +19 -0
data/roles/demo-portal-configure.json +19 -0
data/roles/mu-master-jenkins.json +24 -0
data/roles/mu-master-nagios-only.json +13 -0
data/roles/mu-master.json +12 -0
data/roles/mu-node.json +19 -0
data/roles/mu-splunk-server.json +13 -0
data/roles/mu-splunk.json +13 -0
data/test/clean_up.py +25 -0
data/test/demo-test-profile/README.md +3 -0
data/test/demo-test-profile/controls/flask.rb +84 -0
data/test/demo-test-profile/inspec.lock +7 -0
data/test/demo-test-profile/inspec.yml +11 -0
data/test/etco-test-profile/README.md +3 -0
data/test/etco-test-profile/controls/all-in-one.rb +182 -0
data/test/etco-test-profile/inspec.lock +7 -0
data/test/etco-test-profile/inspec.yml +11 -0
data/test/exec_inspec.py +246 -0
data/test/exec_mu_install.py +241 -0
data/test/exec_retry.py +44 -0
data/test/mu-master-test/README.md +3 -0
data/test/mu-master-test/controls/all_in_one.rb +557 -0
data/test/mu-master-test/inspec.lock +3 -0
data/test/mu-master-test/inspec.yml +11 -0
data/test/mu-tools-test/README.md +3 -0
data/test/mu-tools-test/controls/base.rb +265 -0
data/test/mu-tools-test/inspec.lock +3 -0
data/test/mu-tools-test/inspec.yml +8 -0
data/test/simple-server-php-test/README.md +3 -0
data/test/simple-server-php-test/controls/apachephp.rb +25 -0
data/test/simple-server-php-test/controls/example.rb +19 -0
data/test/simple-server-php-test/inspec.lock +7 -0
data/test/simple-server-php-test/inspec.yml +12 -0
data/test/simple-server-rails-test/README.md +3 -0
data/test/simple-server-rails-test/controls/rails.rb +188 -0
data/test/simple-server-rails-test/inspec.lock +7 -0
data/test/simple-server-rails-test/inspec.yml +11 -0
data/test/simple-windows-test/README.md +3 -0
data/test/simple-windows-test/controls/windows.rb +20 -0
data/test/simple-windows-test/inspec.lock +7 -0
data/test/simple-windows-test/inspec.yml +11 -0
data/test/smoke_test.rb +75 -0
data/test/wordpress-test/README.md +3 -0
data/test/wordpress-test/controls/wordpress.rb +97 -0
data/test/wordpress-test/inspec.lock +7 -0
data/test/wordpress-test/inspec.yml +11 -0
metadata +979 -0

data/test/mu-tools-test/controls/base.rb ADDED Viewed

@@ -0,0 +1,265 @@
+control 'base_repositories' do
+  title 'mu-tools cookbook'
+    describe directory('/tmp') do
+      it { should exist }
+    end
+    node = json('/tmp/chef_node.json').params
+    node['default']['application_attributes']['skip_recipes'] = []
+    if !node['default']['application_attributes']['skip_recipes'].include?('base_repositories')
+      case os[:family]
+        when "redhat"
+          # Workaround for EOL CentOS 5 repos
+          if os[:name] != "amazon" and os[:release].to_i == 5
+             describe file("/etc/yum.repos.d/CentOS-Base.repo") do
+              it { should exist }
+              it { should be_file }
+            end
+            describe parse_config_file('/etc/yum.repos.d/CentOS-Base.repo') do
+              params = {
+                        'CentOS-$releasever - Base':'name', 'http://vault.centos.org/5.11/os/$basearch/':'baseurl',
+                        '1':'gpgcheck','file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5':'gpgkey'
+                        }
+              params.each do |val,var|
+                its(var){should eq val}
+              end
+            end
+          end
+          describe file('/etc/yum.repos.d/epel.repo') do
+            it { should exist }
+            it { should be_owned_by 'root' }
+            it { should be_grouped_into 'root' }
+          end
+        end
+    end
+end
+control 'set_mu_hostname' do
+  title 'mu-tools cookbook'
+    node = json('/tmp/chef_node.json').params
+    @platform = os[:name]
+    if !node['default']['application_attributes']['skip_recipes'].include?('set_mu_hostname')
+      $hostname = node['default']['name']
+    if !node['default']['ad']['computer_name'].nil? and !node['default']['ad']['computer_name'].empty?
+      $hostname = node['default']['ad']['computer_name']
+    end rescue NoMethodError
+      $ipaddress = node['default']['ipaddress']
+    case os[:name]
+      when "centos", "redhat","amazon"
+        describe file('/etc/sysconfig/network') do
+          it { should exist }
+          it { should be_file }
+          its('content'){should match /NETWORKING=yes/}
+          its('content'){ should match /NETWORKING_IPV6=no/n}
+          its('content'){should match /#{node['name']}/}
+        end
+        describe sys_info do
+          its('hostname') { should eq node['name'] }
+        end
+      end
+    end
+  end
+control 'disable-requiretty' do
+  title 'mu-tools cookbook'
+  case os[:name]
+  when "centos", "redhat"
+    describe file('/etc/sudoers') do
+      it { should exist }
+      its('content') { should match /Defaults   !requiretty/}
+    end
+  end
+end
+control 'set_local_fw' do
+  title 'mu-tools cookbook'
+  case os[:name]
+  when "centos", "redhat"
+    if os[:release].to_i >= 7
+      describe package('firewall_config') do
+        it { should be_installed }
+      end
+      describe service('iptables') do
+        it { should be_running }
+      end
+    end
+    if os[:release].to_i <= 6
+      describe iptables do
+        it { should have_rule('-A INPUT -i lo -j ACCEPT') }
+        it { should have_rule('-A OUTPUT -o lo -j ACCEPT') }
+      end
+      #### missing resource test here -- where is get_mu_master_ips
+    end
+  end
+end
+control 'rsyslog' do
+  title 'mu-tools cookbook'
+  node = json('/tmp/chef_node.json').params
+  if !node['default']['application_attributes']['skip_recipes'].include?('rsyslog')
+  case os[:family]
+  when 'redhat', 'debian'
+    %w(rsyslog rsyslog-gnutls).each do |p|
+      describe package(p) do
+        it { should be_installed }
+      end
+    end
+    describe service('rsyslog') do
+      it { should be_running }
+      it { should be_enabled }
+    end
+    if os[:family] == 'redhat'
+      $rsyslog_ssl_ca_path = "/etc/pki/Mu_CA.pem"
+      if os[:name] == 'amazon'
+        describe package('policycoreutils-python') do
+          it { should be_installed }
+        end
+        describe command("/usr/sbin/semanage port -l | grep '^syslogd_port_t.*10514'") do
+          its('exit_status') { should eq 0 }
+        end
+      end
+    elsif os[:family] == 'debian'
+      $rsyslog_ssl_ca_path = "/etc/ssl/Mu_CA.pem"
+      describe package('policycoreutils') do
+        it { should be_installed }
+      end
+    end
+    if node['name'] != 'MU-MASTER'
+      ### missing get_mu_master_ips
+      describe file('/etc/rsyslog.d/0-mu-log-client.conf') do
+        it { should exist }
+        its('content') { should match /\$LocalHostName #{node['name']}/ }
+        its('content') { should match /\$DefaultNetstreamDriverCAFile #{$rsyslog_ssl_ca_path}/ }
+        its('content') { should match /\$DefaultNetstreamDriver gtls/ }
+        its('content') { should match /\$ActionSendStreamDriverMode 1/ }
+        its('content') { should match /\$ActionSendStreamDriverAuthMode anon/}
+     end
+     describe file($rsyslog_ssl_ca_path) do
+      it { should exist }
+      it { should be_file }
+     end
+    end
+  end
+  end
+end
+control 'nrpe' do
+  title 'mu-tools cookbook'
+  node = json('/tmp/chef_node.json').params
+  if !node['default']['application_attributes']['skip_recipes'].include?('nrpe')
+    case os[:family]
+    when "redhat"
+      ['nrpe', 'nagios-plugins-disk', 'nagios-plugins-nrpe', 'nagios-plugins-ssh'].each do |p|
+        describe package(p) do
+          it { should be_installed }
+        end
+      end
+      describe file('/etc/nagios/nrpe.cfg') do
+        it { should exist }
+        it { should be_file }
+        its('mode') { should cmp '0644' }
+      end
+      describe parse_config_file('/etc/nagios/nrpe.cfg') do
+        # missing master ips..........
+        params = {
+          'log_facility': 'daemon', 'pid_file':'/var/run/nrpe/nrpe.pid', 'server_port':'5666',
+          'nrpe_group':'nrpe', 'dont_blame_nrpe':'0','allow_bash_command_substitution':'0',
+          'debug':'0', 'command_timeout':'60', 'connection_timeout':'300',
+          'command[check_users]':'/usr/lib64/nagios/plugins/check_users -w 5 -c 10',
+          'command[check_load]':'/usr/lib64/nagios/plugins/check_load -w 15,10,5 -c 30,25,20',
+          'command[check_zombie_procs]':'/usr/lib64/nagios/plugins/check_procs -w 5 -c 10 -s Z',
+          'command[check_total_procs]': '/usr/lib64/nagios/plugins/check_procs -w 150 -c 200',
+          'command[check_disk]':'/usr/lib64/nagios/plugins/check_disk -w 15% -c 5% -X nfs -X nfs4',
+          'include_dir': '/etc/nagios/nrpe.d/'
+        }
+        params.each do |var,val|
+          its(var){ should eq val }
+        end
+      end
+      describe service('nrpe') do
+        it { should be_running }
+        it { should be_enabled }
+      end
+      describe directory('/etc/nagios/nrpe.d') do
+        it { should exist }
+        its('owner') { should eq 'nrpe' }
+        its('group') { should eq 'nrpe' }
+        its('mode') { should cmp '0755' }
+      end
+      case os[:release].to_i
+      when 7
+=begin
+  %w{nrpe_file.pp nrpe_file.te nrpe_check_disk.te nrpe_check_disk.pp}.each do |x|
+          describe file("/var/chef/cache/#{x}" do
+            it { should exist}
+            it { should be_file}
+          end
+        end
+        describe command('/usr/sbin/semodule -l | grep nrpe_check_disk') do
+          its('exit_status') { should eq 0 }
+        end
+        describe command('/usr/sbin/semodule -l | grep nrpe_file') do
+          its('exit_status') { should eq 0 }
+        end
+      when 6
+        if os[:name] != 'amazon'
+          describe file("/var/chef/cache/nrpe_disk.pp") do
+            it { should exist}
+          end
+          describe command("/usr/sbin/semodule | grep -i nrpe_disk.pp") do
+            its('exit_status') { should eq 0 }
+          end
+        end
+=end  end
+    end
+    describe service('nrpe') do
+      it { should be_enabled }
+      it { should be_running }
+    end
+  end
+end
+end

data/test/mu-tools-test/inspec.lock ADDED Viewed

@@ -0,0 +1,3 @@
+---
+lockfile_version: 1
+depends: []

data/test/mu-tools-test/inspec.yml ADDED Viewed

@@ -0,0 +1,8 @@
+name: mu-tools-test
+title: InSpec Profile
+maintainer: The Authors
+copyright: The Authors
+copyright_email: you@example.com
+license: Apache-2.0
+summary: An InSpec Compliance Profile
+version: 0.1.0

data/test/simple-server-php-test/README.md ADDED Viewed

@@ -0,0 +1,3 @@
+# Example InSpec Profile
+This example shows the implementation of an InSpec profile.

data/test/simple-server-php-test/controls/apachephp.rb ADDED Viewed

@@ -0,0 +1,25 @@
+include_controls 'mu-tools-test'
+node =json('/tmp/chef_node.json').params
+control 'apache' do
+    title 'This will test apache2 recipe'
+	  %w(apache2 apache2-bin apache2-data apache2-utils).each do |pack|
+      describe package(pack) do
+        it { should be_installed }
+      end
+    end
+  	describe service('apache2') do
+	    it { should be_installed }
+	    it { should be_enabled }
+	    it { should be_running }
+    end
+end
+control 'php' do
+  title 'This will test the php recipe'
+	%w(php7.0).each do |pack|
+    describe package(pack) do
+      it { should be_installed }
+    end
+  end
+end

data/test/simple-server-php-test/controls/example.rb ADDED Viewed

@@ -0,0 +1,19 @@
+# encoding: utf-8
+# copyright: 2018, The Authors
+title 'sample section'
+# you can also use plain tests
+describe file('/tmp') do
+  it { should be_directory }
+end
+# you add controls here
+control 'tmp-1.0' do                        # A unique ID for this control
+  impact 0.7                                # The criticality, if this control fails.
+  title 'Create /tmp directory'             # A human-readable title
+  desc 'An optional description...'
+  describe file('/tmp') do                  # The actual test
+    it { should be_directory }
+  end
+end

data/test/simple-server-php-test/inspec.lock ADDED Viewed

@@ -0,0 +1,7 @@
+---
+lockfile_version: 1
+depends:
+- name: mu-tools-test
+  resolved_source:
+    path: "/opt/mu/lib/test/mu-tools-test"
+  version_constraints: "[]"

data/test/simple-server-php-test/inspec.yml ADDED Viewed

@@ -0,0 +1,12 @@
+name: simple-server-php-test
+title: InSpec Profile
+maintainer: The Authors
+copyright: The Authors
+copyright_email: you@example.com
+license: Apache-2.0
+summary: An InSpec Compliance Profile
+version: 0.1.0
+depends:
+- name: mu-tools-test
+  path: ../mu-tools-test

data/test/simple-server-rails-test/README.md ADDED Viewed

@@ -0,0 +1,3 @@
+# Example InSpec Profile
+This example shows the implementation of an InSpec profile.

data/test/simple-server-rails-test/controls/rails.rb ADDED Viewed

@@ -0,0 +1,188 @@
+include_controls 'mu-tools-test'
+control 'rails' do
+  title 'rails test'
+  node = json('/tmp/chef_node.json').params
+  #####################################
+  ### Node Attrs
+  #####################################
+  service_name = node['normal']['service_name']
+  chef_environment = node['default']['chef_environment']
+  application_dir = node['default']['dev']['rails']['apps_dir']
+  repo_path = 'concerto/concerto.git'
+  version = '2.3.5'
+  application_repo = "https://github.com/#{repo_path}"
+  ###################################
+  ### Tests
+  ###################################
+  %w(libpq-dev sqlite3 libsqlite3-dev libmysqlclient-dev software-properties-common libxml2-dev  libmagickwand-dev make build-essential g++ git).each do |pack|
+    describe package(pack) do
+      it { should be_installed }
+    end
+  end
+  if os[:family] == 'debian' && os[:release].to_i == 9
+    describe package('runit-systemd') do
+      it { should be_installed }
+    end
+  end
+  describe package('runit') do
+    it { should be_installed }
+  end
+  describe processes('runsvdir') do
+    it { should exist }
+  end
+  describe file('/etc/service') do
+    it { should be_directory }
+    its('mode') { should cmp '0755' }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+  end
+  describe command('node -v') do
+    its('exit_status') { should eq 0 }
+  end
+  describe command('npm -v') do
+    its('exit_status') { should eq 0 }
+  end
+  describe service('nginx') do
+    it { should be_installed }
+    it { should be_enabled }
+    it { should be_running }
+  end
+  describe package('nginx') do
+    it { should be_installed }
+  end
+  describe apt('http://ppa.launchpad.net/brightbox/ruby-ng/ubuntu') do
+    it { should exist }
+    it { should be_enabled }
+  end
+  # Unicorn config
+  unicorn_log_dir = '/var/log/unicorn'
+  unicorn_log = "#{unicorn_log_dir}/unicorn.log"
+  unicorn_error_log = "#{unicorn_log_dir}/error.log"
+  # RDS config
+  db = node['normal']['deployment']['databases']['concerto'].first.last
+  db_name = db['db_name']
+  db_username = db['username']
+  db_host = db['endpoint']
+  db_port = db['port']
+  #db_password = chef_vault_item(db.vault_name, db.vault_item)[db.password_field]
+  default_root= "#{application_dir}/"
+   %w(ruby2.2 ruby2.2-dev).each do |pack|
+    describe package(pack) do
+      it { should be_installed }
+    end
+  end
+  describe gem('bundler', '/usr/bin/gem') do
+    it { should be_installed }
+  end
+  describe directory(unicorn_log_dir) do
+    it { should exist }
+    it { should be_directory }
+    its('owner') { should eq 'www-data' }
+    its('group') { should eq 'www-data' }
+    its('mode') { should cmp '00555' }
+  end
+  [unicorn_log, unicorn_error_log].each do |f|
+    describe file(f) do
+      it { should exist }
+      it { should be_file }
+      its('owner') { should eq 'www-data' }
+      its('group') { should eq 'www-data' }
+    end
+  end
+  describe file('/etc/nginx/sites-available/default') do
+    it { should exist }
+    it { should be_file }
+    its('content') { should match /proxy_pass http:\/\/127\.0\.0\.1:9000/ }
+    its('content') { should match /listen 80/}
+  end
+  describe directory(application_dir) do
+    it { should exist }
+    it { should be_directory }
+    its('owner') { should eq 'www-data' }
+  end
+  ### this is git resource really...
+  describe directory("#{application_dir}/rails") do
+    it { should exist }
+    it { should be_directory }
+    #its('owner') { should eq 'www-data' }
+    #its('group') { should eq 'www-data' }
+  end
+  rails_env = 'development'
+  database = {
+    'adapter' => 'mysql2',
+    'encoding' => 'utf8',
+    'database' => db_name,
+    'username' => db_username,
+    'port' => db_port
+}
+  describe file("#{application_dir}/rails/config/database.yml") do
+    it { should exist }
+    it { should be_file }
+    its('content') { should match /#{rails_env}/ }
+    its('content') { should match /#{db_host}/ }
+  end
+  describe file("#{application_dir}/rails/config/concerto.yml") do
+    it { should exist }
+    it { should be_file }
+    its('content'){should match /automatic_bundle_installation: false/}
+    its('content'){ should match /automatic_database_installation: false/}
+    its('content'){should match /compile_production_assets: true/ }
+    its('content'){ should match /airbrake_enabled_initially: true/}
+    its('content'){should match /bundle_install_options: "--path vendor\/bundle"/}
+  end
+  describe file("#{application_dir}/rails/Gemfile-plugins") do
+    its('content'){should_not match /gem \"concerto_simple_rss\"/ }
+    its('content'){should_not match /gem \"concerto_remote_video\"/ }
+  end
+  describe file('/etc/nginx/nginx.conf') do
+    it { should exist }
+    it { should be_file }
+    its('content'){ should match /\  #include \/etc\/nginx\/conf.d\/\*\.conf;/ }
+    its('content') { should match /include \/etc\/nginx\/sites-enabled\/\*;/ }
+  end
+  ## is rails running?
+  describe command('sudo lsof -wni tcp:9000') do
+    its('exit_status'){ should eq 0 }
+  end
+  describe command("curl http://#{node['normal']['ec2']['public_dns_name']}") do
+    its('exit_status') { should eq 0 }
+    its('stdout'){should_not match 'Welcome to nginx!'}
+  end
+end ## end of control

data/test/simple-server-rails-test/inspec.lock ADDED Viewed

@@ -0,0 +1,7 @@
+---
+lockfile_version: 1
+depends:
+- name: mu-tools-test
+  resolved_source:
+    path: "/opt/mu/lib/test/mu-tools-test"
+  version_constraints: "[]"

data/test/simple-server-rails-test/inspec.yml ADDED Viewed

@@ -0,0 +1,11 @@
+name: simple-server-rails-test
+title: InSpec Profile
+maintainer: The Authors
+copyright: The Authors
+copyright_email: you@example.com
+license: Apache-2.0
+summary: An InSpec Compliance Profile
+version: 0.1.0
+depends:
+- name: mu-tools-test
+  path: ../mu-tools-test

data/test/simple-windows-test/README.md ADDED Viewed

@@ -0,0 +1,3 @@
+# Example InSpec Profile
+This example shows the implementation of an InSpec profile.

data/test/simple-windows-test/controls/windows.rb ADDED Viewed

@@ -0,0 +1,20 @@
+include_controls 'mu-tools-test'
+control 'Mu-Utility Cookbook' do
+  title 'windows_basics'
+=begin
+  describe windows_feature('AWS Tools for Windows Powershell') do
+    it{ should be_installed }
+  end
+    describe windows_feature('Google Chrome') do
+      it{ should be_installed }
+    end
+=end
+  describe package('7-Zip') do
+    it{ should be_installed }
+  end
+end

data/test/simple-windows-test/inspec.lock ADDED Viewed

@@ -0,0 +1,7 @@
+---
+lockfile_version: 1
+depends:
+- name: mu-tools-test
+  resolved_source:
+    path: "/opt/mu/lib/test/mu-tools-test"
+  version_constraints: "[]"

data/test/simple-windows-test/inspec.yml ADDED Viewed

@@ -0,0 +1,11 @@
+name: simple-windows-test
+title: InSpec Profile
+maintainer: The Authors
+copyright: The Authors
+copyright_email: you@example.com
+license: Apache-2.0
+summary: An InSpec Compliance Profile
+version: 0.1.0
+depends:
+- name: mu-tools-test
+  path: ../mu-tools-test

data/test/smoke_test.rb ADDED Viewed

@@ -0,0 +1,75 @@
+#!/usr/local/ruby-current/bin/ruby
+require 'thread'
+require 'optimist'
+$opts = Optimist::options do
+  banner <<-EOS
+Usage:
+#{$0} [-s <skipaz>] [-n <nocleanup>]
+  EOS
+  opt :skipaz, "skip an availability zone", :require => false, :type => :string
+  opt :nocleanup, "no cleanup on successful run"
+end
+def test(file, flags = "")
+  bok = "/opt/mu/lib/demo/#{file}"
+  filename = file.split('.').first+flags.gsub(/ /, "")
+  output = "#{Dir.home}/#{filename}.out"
+  puts "deploying #{bok} #{flags}; sending output to #{output}"
+  cmd="/opt/mu/bin/mu-deploy #{bok} #{flags}"
+  if $opts[:skipaz]
+    cmd += " -p azskip=#{$opts[:skipaz]}"
+  end
+  `#{cmd} >& #{output}`
+  status = $?.to_i
+  deploy_id = File.foreach(output).grep(/Deployment id:/)[0].scan(/\(([^\)]+)\)/).last.first
+  if status == 0
+    message = "Deployment of #{bok} #{flags} as #{deploy_id} was successful"
+    if !$opts[:nocleanup]
+      message += ", tore down #{deploy_id}"
+      `/opt/mu/bin/mu-cleanup -s #{deploy_id} >> #{output}`
+    end
+  else
+    message = "error deploying #{bok} #{flags}. See #{output} for details"
+  end
+  puts message
+  status
+end
+def main
+  boks = %w(simple-server-rails.yaml simple-windows.yaml simple-server.yaml dnszone.yaml cache_cluster.yaml wordpress.yaml)
+  successes = 0
+  failures = 0
+  work_q = Queue.new
+  boks.each{ |x|
+    work_q.push({ "bok" => x, "arg" => "-c" })
+    work_q.push({ "bok" => x, "arg" => "" })
+  }
+  workers = (0...4).map do
+    Thread.new do
+      begin
+        while job = work_q.pop(true)
+          status = test job["bok"], job["arg"]
+          if status == 0
+            successes += 1
+          else
+            failures += 1
+          end
+        end
+      rescue ThreadError
+      end
+    end
+  end; "ok"
+  workers.map(&:join); "ok"
+  puts "#{successes} successes, #{failures} failures"
+end
+main