cloud-mu 1.9.0.pre.beta
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/Berksfile +56 -0
- data/Berksfile.lock +250 -0
- data/Jenkinsfile +184 -0
- data/LICENSE.md +37 -0
- data/README.md +26 -0
- data/bin/mu-aws-setup +376 -0
- data/bin/mu-cleanup +68 -0
- data/bin/mu-configure +1133 -0
- data/bin/mu-deploy +166 -0
- data/bin/mu-firewall-allow-clients +30 -0
- data/bin/mu-gcp-setup +200 -0
- data/bin/mu-gen-docs +34 -0
- data/bin/mu-gen-env +42 -0
- data/bin/mu-load-config.rb +158 -0
- data/bin/mu-node-manage +683 -0
- data/bin/mu-self-update +228 -0
- data/bin/mu-ssh +23 -0
- data/bin/mu-tunnel-nagios +144 -0
- data/bin/mu-upload-chef-artifacts +757 -0
- data/bin/mu-user-manage +275 -0
- data/cookbooks/awscli/LICENSE +37 -0
- data/cookbooks/awscli/README.md +58 -0
- data/cookbooks/awscli/attributes/default.rb +1 -0
- data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
- data/cookbooks/awscli/metadata.rb +20 -0
- data/cookbooks/awscli/recipes/default.rb +56 -0
- data/cookbooks/awscli/templates/default/config.erb +18 -0
- data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
- data/cookbooks/mu-activedirectory/LICENSE +37 -0
- data/cookbooks/mu-activedirectory/README.md +6 -0
- data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
- data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
- data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
- data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
- data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
- data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
- data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
- data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
- data/cookbooks/mu-activedirectory/metadata.rb +17 -0
- data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
- data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
- data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
- data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
- data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
- data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
- data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
- data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
- data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
- data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
- data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
- data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
- data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
- data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
- data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
- data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
- data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
- data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
- data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
- data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
- data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
- data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
- data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
- data/cookbooks/mu-firewall/LICENSE +37 -0
- data/cookbooks/mu-firewall/README.md +5 -0
- data/cookbooks/mu-firewall/attributes/default.rb +3 -0
- data/cookbooks/mu-firewall/metadata.rb +16 -0
- data/cookbooks/mu-firewall/recipes/default.rb +10 -0
- data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
- data/cookbooks/mu-glusterfs/LICENSE +37 -0
- data/cookbooks/mu-glusterfs/README.md +5 -0
- data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
- data/cookbooks/mu-glusterfs/metadata.rb +17 -0
- data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
- data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
- data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
- data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
- data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
- data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
- data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
- data/cookbooks/mu-jenkins/LICENSE +37 -0
- data/cookbooks/mu-jenkins/README.md +105 -0
- data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
- data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
- data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
- data/cookbooks/mu-jenkins/metadata.rb +21 -0
- data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
- data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
- data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
- data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
- data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
- data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
- data/cookbooks/mu-master/CHANGELOG.md +13 -0
- data/cookbooks/mu-master/LICENSE +37 -0
- data/cookbooks/mu-master/README.md +6 -0
- data/cookbooks/mu-master/attributes/default.rb +95 -0
- data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
- data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
- data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
- data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
- data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
- data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
- data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
- data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
- data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
- data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
- data/cookbooks/mu-master/files/default/pam_sshd +18 -0
- data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
- data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
- data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
- data/cookbooks/mu-master/files/default/vimrc +19 -0
- data/cookbooks/mu-master/libraries/mu.rb +29 -0
- data/cookbooks/mu-master/metadata.rb +30 -0
- data/cookbooks/mu-master/providers/user.rb +41 -0
- data/cookbooks/mu-master/recipes/389ds.rb +164 -0
- data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
- data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
- data/cookbooks/mu-master/recipes/default.rb +451 -0
- data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
- data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
- data/cookbooks/mu-master/recipes/init.rb +542 -0
- data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
- data/cookbooks/mu-master/recipes/sssd.rb +89 -0
- data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
- data/cookbooks/mu-master/recipes/vault.rb +111 -0
- data/cookbooks/mu-master/resources/user.rb +19 -0
- data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
- data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
- data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
- data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
- data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
- data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
- data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
- data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
- data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
- data/cookbooks/mu-mongo/LICENSE +37 -0
- data/cookbooks/mu-mongo/README.md +5 -0
- data/cookbooks/mu-mongo/attributes/default.rb +22 -0
- data/cookbooks/mu-mongo/files/default/keyfile +16 -0
- data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
- data/cookbooks/mu-mongo/metadata.rb +17 -0
- data/cookbooks/mu-mongo/recipes/default.rb +149 -0
- data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
- data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
- data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
- data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
- data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
- data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
- data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
- data/cookbooks/mu-openvpn/LICENSE +37 -0
- data/cookbooks/mu-openvpn/README.md +6 -0
- data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
- data/cookbooks/mu-openvpn/metadata.rb +18 -0
- data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
- data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
- data/cookbooks/mu-php54/CHANGELOG.md +12 -0
- data/cookbooks/mu-php54/LICENSE +37 -0
- data/cookbooks/mu-php54/README.md +0 -0
- data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
- data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
- data/cookbooks/mu-php54/metadata.rb +21 -0
- data/cookbooks/mu-php54/recipes/default.rb +97 -0
- data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
- data/cookbooks/mu-splunk/LICENSE +37 -0
- data/cookbooks/mu-splunk/README.md +451 -0
- data/cookbooks/mu-splunk/attributes/default.rb +95 -0
- data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
- data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
- data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
- data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
- data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
- data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
- data/cookbooks/mu-splunk/metadata.json +30 -0
- data/cookbooks/mu-splunk/metadata.rb +17 -0
- data/cookbooks/mu-splunk/recipes/client.rb +143 -0
- data/cookbooks/mu-splunk/recipes/default.rb +31 -0
- data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
- data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
- data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
- data/cookbooks/mu-splunk/recipes/server.rb +53 -0
- data/cookbooks/mu-splunk/recipes/service.rb +95 -0
- data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
- data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
- data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
- data/cookbooks/mu-splunk/recipes/user.rb +34 -0
- data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
- data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
- data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
- data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
- data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
- data/cookbooks/mu-tools/CHANGELOG.md +12 -0
- data/cookbooks/mu-tools/LICENSE +37 -0
- data/cookbooks/mu-tools/README.md +188 -0
- data/cookbooks/mu-tools/attributes/default.rb +142 -0
- data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
- data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
- data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
- data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
- data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
- data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
- data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
- data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
- data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
- data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
- data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
- data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
- data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
- data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
- data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
- data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
- data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
- data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
- data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
- data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
- data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
- data/cookbooks/mu-tools/files/default/mypol.te +37 -0
- data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
- data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
- data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
- data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
- data/cookbooks/mu-tools/files/default/ntrights +0 -0
- data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
- data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
- data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
- data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
- data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
- data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
- data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
- data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
- data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
- data/cookbooks/mu-tools/libraries/helper.rb +292 -0
- data/cookbooks/mu-tools/metadata.rb +28 -0
- data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
- data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
- data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
- data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
- data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
- data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
- data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
- data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
- data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
- data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
- data/cookbooks/mu-tools/recipes/efs.rb +70 -0
- data/cookbooks/mu-tools/recipes/eks.rb +160 -0
- data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
- data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
- data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
- data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
- data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
- data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
- data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
- data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
- data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
- data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
- data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
- data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
- data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
- data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
- data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
- data/cookbooks/mu-tools/recipes/updates.rb +96 -0
- data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
- data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
- data/cookbooks/mu-tools/resources/disk.rb +88 -0
- data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
- data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
- data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
- data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
- data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
- data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
- data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
- data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
- data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
- data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
- data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
- data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
- data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
- data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
- data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
- data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
- data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
- data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
- data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
- data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
- data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
- data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
- data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
- data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
- data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
- data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
- data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
- data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
- data/cookbooks/mu-utility/CHANGELOG.md +12 -0
- data/cookbooks/mu-utility/LICENSE +37 -0
- data/cookbooks/mu-utility/README.md +6 -0
- data/cookbooks/mu-utility/attributes/default.rb +1 -0
- data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
- data/cookbooks/mu-utility/metadata.rb +16 -0
- data/cookbooks/mu-utility/recipes/apt.rb +23 -0
- data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
- data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
- data/cookbooks/mu-utility/recipes/luks.rb +18 -0
- data/cookbooks/mu-utility/recipes/nat.rb +104 -0
- data/cookbooks/mu-utility/recipes/php.rb +33 -0
- data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
- data/cookbooks/mu-utility/recipes/remi.rb +44 -0
- data/cookbooks/mu-utility/recipes/vim.rb +26 -0
- data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
- data/cookbooks/mu-utility/recipes/zip.rb +26 -0
- data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
- data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
- data/cookbooks/nagios/Berksfile +8 -0
- data/cookbooks/nagios/CHANGELOG.md +589 -0
- data/cookbooks/nagios/CONTRIBUTING.md +11 -0
- data/cookbooks/nagios/LICENSE +37 -0
- data/cookbooks/nagios/README.md +328 -0
- data/cookbooks/nagios/TESTING.md +2 -0
- data/cookbooks/nagios/attributes/config.rb +171 -0
- data/cookbooks/nagios/attributes/default.rb +228 -0
- data/cookbooks/nagios/chefignore +102 -0
- data/cookbooks/nagios/definitions/command.rb +33 -0
- data/cookbooks/nagios/definitions/contact.rb +33 -0
- data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
- data/cookbooks/nagios/definitions/host.rb +33 -0
- data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
- data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
- data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
- data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
- data/cookbooks/nagios/definitions/resource.rb +33 -0
- data/cookbooks/nagios/definitions/service.rb +33 -0
- data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
- data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
- data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
- data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
- data/cookbooks/nagios/libraries/base.rb +314 -0
- data/cookbooks/nagios/libraries/command.rb +91 -0
- data/cookbooks/nagios/libraries/contact.rb +230 -0
- data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
- data/cookbooks/nagios/libraries/custom_option.rb +36 -0
- data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
- data/cookbooks/nagios/libraries/default.rb +90 -0
- data/cookbooks/nagios/libraries/host.rb +412 -0
- data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
- data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
- data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
- data/cookbooks/nagios/libraries/nagios.rb +282 -0
- data/cookbooks/nagios/libraries/resource.rb +59 -0
- data/cookbooks/nagios/libraries/service.rb +455 -0
- data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
- data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
- data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
- data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
- data/cookbooks/nagios/libraries/users_helper.rb +54 -0
- data/cookbooks/nagios/metadata.rb +25 -0
- data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
- data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
- data/cookbooks/nagios/recipes/apache.rb +48 -0
- data/cookbooks/nagios/recipes/default.rb +204 -0
- data/cookbooks/nagios/recipes/nginx.rb +82 -0
- data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
- data/cookbooks/nagios/recipes/server_package.rb +40 -0
- data/cookbooks/nagios/recipes/server_source.rb +164 -0
- data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
- data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
- data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
- data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
- data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
- data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
- data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
- data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
- data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
- data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
- data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
- data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
- data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
- data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
- data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
- data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
- data/cookbooks/s3fs/CHANGELOG.md +13 -0
- data/cookbooks/s3fs/LICENSE +37 -0
- data/cookbooks/s3fs/README.md +6 -0
- data/cookbooks/s3fs/attributes/default.rb +15 -0
- data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
- data/cookbooks/s3fs/metadata.rb +16 -0
- data/cookbooks/s3fs/recipes/default.rb +91 -0
- data/data_bags/demo/app.json +7 -0
- data/data_bags/nagios_services/chef.json +6 -0
- data/data_bags/nagios_services/linux_diskspace.json +5 -0
- data/data_bags/nagios_services/momma_cat.json +6 -0
- data/data_bags/nagios_services/mu-master-memory.json +5 -0
- data/data_bags/nagios_services/nagios_ui.json +6 -0
- data/data_bags/nagios_services/node_ssh.json +6 -0
- data/data_bags/nagios_services/ssh.json +6 -0
- data/demo/lambda_test.yaml +29 -0
- data/environments/DEV.json +8 -0
- data/environments/PROD.json +8 -0
- data/environments/dev.json +8 -0
- data/environments/development.json +8 -0
- data/environments/prod.json +8 -0
- data/extras/README.md +1 -0
- data/extras/admin-role-binding.yaml +16 -0
- data/extras/admin-user.yaml +6 -0
- data/extras/aws-auth-cm.yaml.erb +12 -0
- data/extras/clean-stock-amis +48 -0
- data/extras/git-fix-permissions-hook +12 -0
- data/extras/gitlab-eks-helper.sh.erb +20 -0
- data/extras/image-generators/README.md +2 -0
- data/extras/image-generators/aws/centos6.yaml +18 -0
- data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
- data/extras/image-generators/aws/centos7.yaml +17 -0
- data/extras/image-generators/aws/rhel7.yaml +17 -0
- data/extras/image-generators/aws/win2k12.yaml +16 -0
- data/extras/image-generators/aws/win2k16.yaml +16 -0
- data/extras/image-generators/aws/windows.yaml +18 -0
- data/extras/image-generators/gcp/centos6.yaml +17 -0
- data/extras/lambda_waf_domain_blacklist.py +103 -0
- data/extras/platform_berksfile_base +50 -0
- data/extras/ruby_rpm/build.sh +17 -0
- data/extras/ruby_rpm/muby.spec +44 -0
- data/extras/vault_tools/README.md +6 -0
- data/extras/vault_tools/export_vaults.sh +3 -0
- data/extras/vault_tools/recreate_vaults.sh +5 -0
- data/extras/vault_tools/test_vaults.sh +5 -0
- data/install/README.md +8 -0
- data/install/cfn_create_mu_master.json +1034 -0
- data/install/chef-server.rb.erb +19 -0
- data/install/deprecated-bash-library.sh +1891 -0
- data/install/images/Usage.png +0 -0
- data/install/installer +71 -0
- data/install/jenkinskeys.rb +8 -0
- data/install/user-dot-murc.erb +14 -0
- data/modules/html.erb +19 -0
- data/modules/mommacat.ru +426 -0
- data/modules/mu/cleanup.rb +339 -0
- data/modules/mu/cloud.rb +1446 -0
- data/modules/mu/clouds/README.md +201 -0
- data/modules/mu/clouds/aws/alarm.rb +319 -0
- data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
- data/modules/mu/clouds/aws/collection.rb +373 -0
- data/modules/mu/clouds/aws/container_cluster.rb +667 -0
- data/modules/mu/clouds/aws/database.rb +1836 -0
- data/modules/mu/clouds/aws/dnszone.rb +911 -0
- data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
- data/modules/mu/clouds/aws/folder.rb +92 -0
- data/modules/mu/clouds/aws/function.rb +349 -0
- data/modules/mu/clouds/aws/group.rb +251 -0
- data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
- data/modules/mu/clouds/aws/log.rb +363 -0
- data/modules/mu/clouds/aws/msg_queue.rb +480 -0
- data/modules/mu/clouds/aws/notification.rb +139 -0
- data/modules/mu/clouds/aws/role.rb +656 -0
- data/modules/mu/clouds/aws/search_domain.rb +646 -0
- data/modules/mu/clouds/aws/server.rb +2294 -0
- data/modules/mu/clouds/aws/server_pool.rb +1388 -0
- data/modules/mu/clouds/aws/storage_pool.rb +495 -0
- data/modules/mu/clouds/aws/user.rb +382 -0
- data/modules/mu/clouds/aws/userdata/README.md +4 -0
- data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
- data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
- data/modules/mu/clouds/aws/vpc.rb +1943 -0
- data/modules/mu/clouds/aws.rb +1009 -0
- data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
- data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
- data/modules/mu/clouds/cloudformation/collection.rb +117 -0
- data/modules/mu/clouds/cloudformation/database.rb +278 -0
- data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
- data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
- data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
- data/modules/mu/clouds/cloudformation/log.rb +170 -0
- data/modules/mu/clouds/cloudformation/server.rb +370 -0
- data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
- data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
- data/modules/mu/clouds/cloudformation.rb +733 -0
- data/modules/mu/clouds/docker.rb +30 -0
- data/modules/mu/clouds/google/container_cluster.rb +290 -0
- data/modules/mu/clouds/google/database.rb +152 -0
- data/modules/mu/clouds/google/firewall_rule.rb +267 -0
- data/modules/mu/clouds/google/group.rb +164 -0
- data/modules/mu/clouds/google/loadbalancer.rb +479 -0
- data/modules/mu/clouds/google/server.rb +1510 -0
- data/modules/mu/clouds/google/server_pool.rb +274 -0
- data/modules/mu/clouds/google/user.rb +266 -0
- data/modules/mu/clouds/google/userdata/README.md +4 -0
- data/modules/mu/clouds/google/userdata/linux.erb +137 -0
- data/modules/mu/clouds/google/userdata/windows.erb +275 -0
- data/modules/mu/clouds/google/vpc.rb +890 -0
- data/modules/mu/clouds/google.rb +811 -0
- data/modules/mu/config/README.md +11 -0
- data/modules/mu/config/alarm.rb +271 -0
- data/modules/mu/config/cache_cluster.rb +172 -0
- data/modules/mu/config/collection.rb +87 -0
- data/modules/mu/config/container_cluster.rb +103 -0
- data/modules/mu/config/container_cluster.yml +36 -0
- data/modules/mu/config/database.rb +458 -0
- data/modules/mu/config/database.yml +26 -0
- data/modules/mu/config/dnszone.rb +327 -0
- data/modules/mu/config/firewall_rule.rb +118 -0
- data/modules/mu/config/folder.rb +70 -0
- data/modules/mu/config/function.rb +140 -0
- data/modules/mu/config/group.rb +64 -0
- data/modules/mu/config/loadbalancer.rb +482 -0
- data/modules/mu/config/log.rb +47 -0
- data/modules/mu/config/log.yml +6 -0
- data/modules/mu/config/msg_queue.rb +47 -0
- data/modules/mu/config/msg_queue.yml +9 -0
- data/modules/mu/config/notification.rb +44 -0
- data/modules/mu/config/project.rb +71 -0
- data/modules/mu/config/role.rb +102 -0
- data/modules/mu/config/search_domain.rb +61 -0
- data/modules/mu/config/search_domain.yml +25 -0
- data/modules/mu/config/server.rb +587 -0
- data/modules/mu/config/server.yml +8 -0
- data/modules/mu/config/server_pool.rb +216 -0
- data/modules/mu/config/server_pool.yml +71 -0
- data/modules/mu/config/storage_pool.rb +145 -0
- data/modules/mu/config/user.rb +78 -0
- data/modules/mu/config/vpc.rb +743 -0
- data/modules/mu/config/vpc.yml +6 -0
- data/modules/mu/config.rb +2000 -0
- data/modules/mu/defaults/README.md +2 -0
- data/modules/mu/defaults/amazon_images.yaml +121 -0
- data/modules/mu/defaults/google_images.yaml +16 -0
- data/modules/mu/deploy.rb +686 -0
- data/modules/mu/groomer.rb +123 -0
- data/modules/mu/groomers/README.md +58 -0
- data/modules/mu/groomers/chef.rb +1024 -0
- data/modules/mu/kittens.rb +11319 -0
- data/modules/mu/logger.rb +208 -0
- data/modules/mu/master/README.md +27 -0
- data/modules/mu/master/chef.rb +471 -0
- data/modules/mu/master/ldap.rb +1005 -0
- data/modules/mu/master.rb +415 -0
- data/modules/mu/mommacat.rb +2703 -0
- data/modules/mu-load-config.rb +1 -0
- data/modules/mu.rb +724 -0
- data/modules/scratchpad.erb +1 -0
- data/modules/tests/super_complex_bok.yml +41 -0
- data/modules/tests/super_simple_bok.yml +40 -0
- data/mu.gemspec +62 -0
- data/roles/demo-dbservice-configure.json +19 -0
- data/roles/demo-portal-configure.json +19 -0
- data/roles/mu-master-jenkins.json +24 -0
- data/roles/mu-master-nagios-only.json +13 -0
- data/roles/mu-master.json +12 -0
- data/roles/mu-node.json +19 -0
- data/roles/mu-splunk-server.json +13 -0
- data/roles/mu-splunk.json +13 -0
- data/test/clean_up.py +25 -0
- data/test/demo-test-profile/README.md +3 -0
- data/test/demo-test-profile/controls/flask.rb +84 -0
- data/test/demo-test-profile/inspec.lock +7 -0
- data/test/demo-test-profile/inspec.yml +11 -0
- data/test/etco-test-profile/README.md +3 -0
- data/test/etco-test-profile/controls/all-in-one.rb +182 -0
- data/test/etco-test-profile/inspec.lock +7 -0
- data/test/etco-test-profile/inspec.yml +11 -0
- data/test/exec_inspec.py +246 -0
- data/test/exec_mu_install.py +241 -0
- data/test/exec_retry.py +44 -0
- data/test/mu-master-test/README.md +3 -0
- data/test/mu-master-test/controls/all_in_one.rb +557 -0
- data/test/mu-master-test/inspec.lock +3 -0
- data/test/mu-master-test/inspec.yml +11 -0
- data/test/mu-tools-test/README.md +3 -0
- data/test/mu-tools-test/controls/base.rb +265 -0
- data/test/mu-tools-test/inspec.lock +3 -0
- data/test/mu-tools-test/inspec.yml +8 -0
- data/test/simple-server-php-test/README.md +3 -0
- data/test/simple-server-php-test/controls/apachephp.rb +25 -0
- data/test/simple-server-php-test/controls/example.rb +19 -0
- data/test/simple-server-php-test/inspec.lock +7 -0
- data/test/simple-server-php-test/inspec.yml +12 -0
- data/test/simple-server-rails-test/README.md +3 -0
- data/test/simple-server-rails-test/controls/rails.rb +188 -0
- data/test/simple-server-rails-test/inspec.lock +7 -0
- data/test/simple-server-rails-test/inspec.yml +11 -0
- data/test/simple-windows-test/README.md +3 -0
- data/test/simple-windows-test/controls/windows.rb +20 -0
- data/test/simple-windows-test/inspec.lock +7 -0
- data/test/simple-windows-test/inspec.yml +11 -0
- data/test/smoke_test.rb +75 -0
- data/test/wordpress-test/README.md +3 -0
- data/test/wordpress-test/controls/wordpress.rb +97 -0
- data/test/wordpress-test/inspec.lock +7 -0
- data/test/wordpress-test/inspec.yml +11 -0
- metadata +979 -0
@@ -0,0 +1,13 @@
|
|
1
|
+
[default]
|
2
|
+
host = <%= @inputs_conf['host'] %>
|
3
|
+
|
4
|
+
[SSL]
|
5
|
+
sslVersions = tls1.2
|
6
|
+
cipherSuite = TLSv1.2:!eNULL:!aNULL
|
7
|
+
|
8
|
+
<% @inputs_conf['ports'].each do |port| -%>
|
9
|
+
[tcp://:<%= port['port_num'] %>]
|
10
|
+
<% port['config'].each_pair do |name, value| -%>
|
11
|
+
<%= name %> = <%= value %>
|
12
|
+
<% end -%>
|
13
|
+
<% end -%>
|
@@ -0,0 +1,9 @@
|
|
1
|
+
[tcpout]
|
2
|
+
defaultGroup = splunk_indexers_<%= node['splunk']['receiver_port'] %>
|
3
|
+
disabled=false
|
4
|
+
|
5
|
+
[tcpout:splunk_indexers_<%= node['splunk']['receiver_port'] %>]
|
6
|
+
server=<%= @splunk_servers.map do |s| "#{s['splunk']['receiver_ip']}:#{s['splunk']['receiver_port']}" end.join(', ') %>
|
7
|
+
<% @outputs_conf.each_pair do |name, value| -%>
|
8
|
+
<%= name %> = <%= value %>
|
9
|
+
<% end -%>
|
@@ -0,0 +1,74 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
#
|
3
|
+
# /etc/init.d/splunk
|
4
|
+
# init script for Splunk.
|
5
|
+
# generated by 'splunk enable boot-start'.
|
6
|
+
#
|
7
|
+
### BEGIN INIT INFO
|
8
|
+
# Provides: splunkd
|
9
|
+
# Required-Start: $remote_fs
|
10
|
+
# Required-Stop: $remote_fs
|
11
|
+
# Default-Start: 2 3 4 5
|
12
|
+
# Default-Stop: 0 1 6
|
13
|
+
# Short-Description: Start splunk
|
14
|
+
# Description: Splunk indexer service
|
15
|
+
### END INIT INFO
|
16
|
+
#
|
17
|
+
RETVAL=0
|
18
|
+
|
19
|
+
splunk_start() {
|
20
|
+
echo Starting Splunk...
|
21
|
+
<% if @runasroot %>
|
22
|
+
"<%= @splunkdir %>/bin/splunk" start --no-prompt --answer-yes
|
23
|
+
<% else %>
|
24
|
+
/bin/su - splunk -c "\"<%= @splunkdir %>/bin/splunk\" start --no-prompt --answer-yes"
|
25
|
+
<% end %>
|
26
|
+
RETVAL=$?
|
27
|
+
}
|
28
|
+
splunk_stop() {
|
29
|
+
echo Stopping Splunk...
|
30
|
+
<% if @runasroot %>
|
31
|
+
"<%= @splunkdir %>/bin/splunk" stop
|
32
|
+
<% else %>
|
33
|
+
/bin/su - splunk -c "\"<%= @splunkdir %>/bin/splunk\" stop "
|
34
|
+
<% end %>
|
35
|
+
RETVAL=$?
|
36
|
+
}
|
37
|
+
splunk_restart() {
|
38
|
+
echo Restarting Splunk...
|
39
|
+
<% if @runasroot %>
|
40
|
+
"<%= @splunkdir %>/bin/splunk" restart --no-prompt --answer-yes
|
41
|
+
<% else %>
|
42
|
+
/bin/su - splunk -c "\"<%= @splunkdir %>/bin/splunk\" restart --no-prompt --answer-yes"
|
43
|
+
<% end %>
|
44
|
+
RETVAL=$?
|
45
|
+
}
|
46
|
+
splunk_status() {
|
47
|
+
echo Splunk status:
|
48
|
+
<% if @runasroot %>
|
49
|
+
"<%= @splunkdir %>/bin/splunk" status --no-prompt --answer-yes
|
50
|
+
<% else %>
|
51
|
+
/bin/su - splunk -c "\"<%= @splunkdir %>/bin/splunk\" status --no-prompt --answer-yes"
|
52
|
+
<% end %>
|
53
|
+
RETVAL=$?
|
54
|
+
}
|
55
|
+
case "$1" in
|
56
|
+
start)
|
57
|
+
splunk_start
|
58
|
+
;;
|
59
|
+
stop)
|
60
|
+
splunk_stop
|
61
|
+
;;
|
62
|
+
restart)
|
63
|
+
splunk_restart
|
64
|
+
;;
|
65
|
+
status)
|
66
|
+
splunk_status
|
67
|
+
;;
|
68
|
+
*)
|
69
|
+
echo "Usage: $0 {start|stop|restart|status}"
|
70
|
+
exit 1
|
71
|
+
;;
|
72
|
+
esac
|
73
|
+
|
74
|
+
exit $RETVAL
|
@@ -0,0 +1,7 @@
|
|
1
|
+
[settings]
|
2
|
+
httpport = <%= node['splunk']['web_port'] %>
|
3
|
+
enableSplunkWebSSL = <%= @enable_ssl.inspect %>
|
4
|
+
privKeyPath = etc/auth/splunkweb/<%= @keyfile%>
|
5
|
+
caCertPath = etc/auth/splunkweb/<%= @crtfile %>
|
6
|
+
sslVersions = tls1.2
|
7
|
+
cipherSuite = TLSv1.2:!eNULL:!aNULL
|
@@ -0,0 +1,12 @@
|
|
1
|
+
# CHANGELOG for platform
|
2
|
+
|
3
|
+
This file is used to list changes made in each version of platform.
|
4
|
+
|
5
|
+
## 0.1.0:
|
6
|
+
|
7
|
+
* Initial release of platform
|
8
|
+
|
9
|
+
- - -
|
10
|
+
Check the [Markdown Syntax Guide](http://daringfireball.net/projects/markdown/syntax) for help with Markdown.
|
11
|
+
|
12
|
+
The [Github Flavored Markdown page](http://github.github.com/github-flavored-markdown/) describes the differences between markdown on github and standard markdown.
|
@@ -0,0 +1,37 @@
|
|
1
|
+
Through accessing, reading, or utilizing this software in any manner whatsoever
|
2
|
+
or through any means whatsoever, whether the access, reading or use is either
|
3
|
+
solely looking at this software or this software has been integrated into any
|
4
|
+
derivative work, the party accessing, reading, or utilizing the software
|
5
|
+
directly or indirectly agrees to abide by the following license.
|
6
|
+
|
7
|
+
The eGlobalTech Cloud Automation Platform is the Copyright (c) 2014 of Global
|
8
|
+
Tech Inc. All rights reserved.
|
9
|
+
|
10
|
+
Redistribution and use in source and binary forms, with or without
|
11
|
+
modification, are permitted provided that the following conditions are met:
|
12
|
+
|
13
|
+
1. Redistributions of source code must retain the above copyright notice, this
|
14
|
+
list of conditions and the following disclaimer.
|
15
|
+
|
16
|
+
2. Redistributions in binary form must reproduce the above copyright notice,
|
17
|
+
this list of conditions and the following disclaimer in the documentation
|
18
|
+
and/or other materials provided with the distribution.
|
19
|
+
|
20
|
+
3. Neither the name of the copyright holder nor the names of its contributors
|
21
|
+
may be used to endorse or promote products derived from this software without
|
22
|
+
specific prior written permission.
|
23
|
+
|
24
|
+
Global Tech, Inc. is the co-owner of any derivative works created with this
|
25
|
+
software.
|
26
|
+
|
27
|
+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
28
|
+
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
29
|
+
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
30
|
+
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
|
31
|
+
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
32
|
+
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
33
|
+
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
34
|
+
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
35
|
+
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
36
|
+
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
37
|
+
|
@@ -0,0 +1,188 @@
|
|
1
|
+
mu-tools Cookbook
|
2
|
+
=================
|
3
|
+
The mu-tools cookbook implements the core patterns for Mu platform construction across any platform, including
|
4
|
+
image hardening, security reporting and secure credential retrieval and usage. Use this cookbook for patterns relating specifically to Mu, and the utility cookbook for more generic recipes for specific packages, etc. and community repository imports
|
5
|
+
|
6
|
+
Components
|
7
|
+
==========
|
8
|
+
Libraries
|
9
|
+
---------
|
10
|
+
The capvolume library deals with all aspects of acquiring, attaching, mounting, unmounting and securing volumes for Mu. It contains utility methods for secure key handling volume operations, etc.
|
11
|
+
|
12
|
+
Recipes
|
13
|
+
-------
|
14
|
+
|
15
|
+
#### apply_security
|
16
|
+
apply_security carries out platform level OS security hardening that takes place before recipes install application-
|
17
|
+
specific platform enablers and applications. apply_security may be supplemented with application-specific
|
18
|
+
hardening in application recipes
|
19
|
+
|
20
|
+
#### cisbenchmark
|
21
|
+
cisbenchmark installs and runs the CIS benchmark. It is currently (12/13) a stub
|
22
|
+
|
23
|
+
#### set_application_attributes
|
24
|
+
set_application_attributes retrieves application attributes, including credentials from
|
25
|
+
a secure store, and configures the attributes on a node under the key "application_attributes"
|
26
|
+
|
27
|
+
1. Initially "application_attributes" is set in the environment and includes bootstrapping pointers to the
|
28
|
+
secure message store and the JSON-formatted configuration file for the application
|
29
|
+
2. set_application_attributes retrives the configuration file and augments the initial
|
30
|
+
"application_attributes" with its contents
|
31
|
+
3. Subsequent recipes depend upon the "application_attributes" structure in the node.
|
32
|
+
|
33
|
+
Application configuration is stored in an out-of-band secure encrypted repository in a specific
|
34
|
+
JSON format, with a key for each area, e.g. see the -git- key below, and child keys beneath:
|
35
|
+
|
36
|
+
```json
|
37
|
+
{
|
38
|
+
"id": "icras_dev_properties",
|
39
|
+
"project": {
|
40
|
+
"id": "ICRAS",
|
41
|
+
"name": "ICRAS Project"
|
42
|
+
},
|
43
|
+
"icras_hhs": {
|
44
|
+
"git" : {
|
45
|
+
"repo": "someRepoPath.git",
|
46
|
+
"repo_name": "someRepoName",
|
47
|
+
"username": "someUsername",
|
48
|
+
"password": "somePassword"
|
49
|
+
},
|
50
|
+
"database" : {
|
51
|
+
"connect_string" : "someConnect",
|
52
|
+
"username" : "someUser",
|
53
|
+
"password" : "somePassword"
|
54
|
+
}
|
55
|
+
},
|
56
|
+
"icras_edu": {
|
57
|
+
"git" : {
|
58
|
+
"repo": "someRepoPath.git",
|
59
|
+
"repo_name": "someRepoName",
|
60
|
+
"username": "someUsername",
|
61
|
+
"password": "somePassword"
|
62
|
+
},
|
63
|
+
"database" : {
|
64
|
+
"connect_string" : "someConnectMySQL",
|
65
|
+
"username" : "someUserMySQL",
|
66
|
+
"password" : "somePasswordMySQL"
|
67
|
+
}
|
68
|
+
}
|
69
|
+
}
|
70
|
+
|
71
|
+
```
|
72
|
+
#### create application volume
|
73
|
+
This recipe invokes the methods in the capvolume library to
|
74
|
+
- create a volume for storing an application, currently implemented for AWS
|
75
|
+
- Attach the volume to a device
|
76
|
+
- Encrypt the device pulling the key from a secure source and storing it in ram so it never touches the node disk
|
77
|
+
- Mount the device on an indicated mount point from the node structure
|
78
|
+
- Destroy the ram device as soon as mount is complete
|
79
|
+
|
80
|
+
When run without an encryption key location attribute the recipe will create, attach and mount an ordinary volume without encryption and log a warning.
|
81
|
+
|
82
|
+
|
83
|
+
Requirements
|
84
|
+
------------
|
85
|
+
#### operating systems
|
86
|
+
Currently the hardening recipes have been completed for CentOS6 only. Stubs are present for
|
87
|
+
Ubuntu operating systems
|
88
|
+
|
89
|
+
#### compile phase
|
90
|
+
set_application_attributes, must run in the compile phase so that
|
91
|
+
a target node's attributes are preconfigured for the subsequent recipes.
|
92
|
+
|
93
|
+
#### recipes
|
94
|
+
awscli recipe required by set_application_attributes to provide the aws cli
|
95
|
+
command to fetch creds from the secure repository. No require is listed in the recipe in order to work around the limitations of the curren(12/13) version of egt-get-cookbooks.sh. Credential and configuration fetch is accomplished by a required AWS IAM role on the node, sufficient to fetch creds from the secure repository.
|
96
|
+
|
97
|
+
#### attributes
|
98
|
+
set_application_attributes depends on preexisting base application attributes for:
|
99
|
+
['application_attributes']['secure_location']
|
100
|
+
['application_attributes']['attributes_file']
|
101
|
+
these attributes are typically set in the environment, for example:
|
102
|
+
|
103
|
+
```json
|
104
|
+
"application_attributes" : {
|
105
|
+
"secure_location" : "somePathToCredentials, e.g. s3:://whatever, file:///whatever, etc.",
|
106
|
+
"attributes_file" : "nameOfAppSpecificPropertiesFile.json",
|
107
|
+
"ebs" : {
|
108
|
+
"mount_device" : "/dev/xvdh",
|
109
|
+
"mount_directory" : "/apps"
|
110
|
+
},
|
111
|
+
"otherInitialAttributes" : "Whatever you need to get started"
|
112
|
+
}
|
113
|
+
```
|
114
|
+
|
115
|
+
Other required recipes such as awscli may also need to be run in compile phase, with appropriate controlling attributes typically set in an environment
|
116
|
+
|
117
|
+
The overall capvolume library depends on a node structure for volumes, defaulted in the default attributes and modifiable both by recipe and the environment, which typically is used for overrides.
|
118
|
+
|
119
|
+
Each volume has a structure like this:
|
120
|
+
```json
|
121
|
+
"application_attributes": {
|
122
|
+
"application_volume": {
|
123
|
+
"mount_directory": "/apps",
|
124
|
+
"mount_device": "/dev/xvdh",
|
125
|
+
"filesystem": "ext3",
|
126
|
+
"volume_size_gb": "5",
|
127
|
+
"ebs_keyfile": "the name of the key to use on the secure location"
|
128
|
+
},
|
129
|
+
"secure_location": "where the creds live",
|
130
|
+
"attributes_file": "the attributes of the app on the secure location"
|
131
|
+
}
|
132
|
+
|
133
|
+
```
|
134
|
+
In addition, once a volume is actually created, you get:
|
135
|
+
|
136
|
+
```json
|
137
|
+
"application_volume": {
|
138
|
+
"volume_id": "vol-5392d61e",
|
139
|
+
"mount_device": "/dev/xvdh"
|
140
|
+
}
|
141
|
+
|
142
|
+
```
|
143
|
+
|
144
|
+
|
145
|
+
#### packages
|
146
|
+
* set_application_attributes depends on the rubygems and json gem for parse
|
147
|
+
* apply_security depends on yum on centos and will depend on apt in ubuntu
|
148
|
+
|
149
|
+
|
150
|
+
Attributes
|
151
|
+
----------
|
152
|
+
default.rb has a default set of attributes for a typical small application volume
|
153
|
+
|
154
|
+
Usage
|
155
|
+
-----
|
156
|
+
#### set_application_attributes::default
|
157
|
+
Ensure that the environment presets the seed attributes for credential fetch as detailed
|
158
|
+
in dependencies
|
159
|
+
|
160
|
+
Ensure that the required credential fetch cookbook has previously run in compile phase as detailed in dependencies
|
161
|
+
|
162
|
+
Run the recipe. Success can be demonstrated by viewing a fully populated application_attributes hash in nodes
|
163
|
+
|
164
|
+
A typical run list looks like:
|
165
|
+
|
166
|
+
```json
|
167
|
+
"env_run_lists" : {
|
168
|
+
"production_icras_hhs" : [
|
169
|
+
],
|
170
|
+
"development_icras_hhs": [
|
171
|
+
"recipe[utility::epel]",
|
172
|
+
"recipe[awscli]",
|
173
|
+
"recipe[mu-tools::set_application_attributes]"
|
174
|
+
]
|
175
|
+
}
|
176
|
+
```
|
177
|
+
|
178
|
+
####To Do
|
179
|
+
Add temporary ram volume destroy
|
180
|
+
Add cloud independent abstraction wrappers
|
181
|
+
|
182
|
+
Contributing
|
183
|
+
------------
|
184
|
+
|
185
|
+
License and Authors
|
186
|
+
-------------------
|
187
|
+
Authors: Robert Patt-Corner, Jai Bapna, Ami Rahav, John Stang
|
188
|
+
c. 2013 eGlobalTech
|
@@ -0,0 +1,142 @@
|
|
1
|
+
#
|
2
|
+
# Cookbook Name:: mu-tools
|
3
|
+
# Attributes:: default
|
4
|
+
#
|
5
|
+
# Copyright:: Copyright (c) 2014 eGlobalTech, Inc., all rights reserved
|
6
|
+
#
|
7
|
+
# Licensed under the BSD-3 license (the "License");
|
8
|
+
# you may not use this file except in compliance with the License.
|
9
|
+
# You may obtain a copy of the License in the root of the project or at
|
10
|
+
#
|
11
|
+
# http://egt-labs.com/mu/LICENSE.html
|
12
|
+
#
|
13
|
+
# Unless required by applicable law or agreed to in writing, software
|
14
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
15
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
16
|
+
# See the License for the specific language governing permissions and
|
17
|
+
# limitations under the License.
|
18
|
+
#
|
19
|
+
disk_name_str = Chef::Config[:node_name]
|
20
|
+
if disk_name_str == "CAP-MASTER" or disk_name_str == "MU-MASTER" and !node['hostname'].nil?
|
21
|
+
disk_name_str = node['hostname']
|
22
|
+
end rescue NoMethodError
|
23
|
+
|
24
|
+
default['os_updates_using_chef'] = false
|
25
|
+
|
26
|
+
default['application_attributes']['application_volume']['mount_directory'] = '/apps'
|
27
|
+
default['application_attributes']['application_volume']['mount_device'] = '/dev/xvdf'
|
28
|
+
default['application_attributes']['application_volume']['label'] = "#{disk_name_str} /apps"
|
29
|
+
default['application_attributes']['application_volume']['volume_size_gb'] = 1
|
30
|
+
|
31
|
+
default['application_attributes']['ebs_snapshots']['boto_path'] = '/usr/lib/python2.6/site-packages/boto'
|
32
|
+
default['application_attributes']['ebs_snapshots']['minute'] = '10'
|
33
|
+
default['application_attributes']['ebs_snapshots']['hour'] = '6'
|
34
|
+
default['application_attributes']['ebs_snapshots']['days_to_keep'] = '7'
|
35
|
+
default['application_attributes']['skip_recipes'] = []
|
36
|
+
|
37
|
+
default['nagios']['server_role'] = "mu-master"
|
38
|
+
default['nagios']['multi_environment_monitoring'] = true
|
39
|
+
# no idea why this attribute isn't set on MU-MASTER, but it isn't.
|
40
|
+
default['chef_node_name'] = Chef::Config[:node_name]
|
41
|
+
if node.has_key?("deployment")
|
42
|
+
if node['deployment'].has_key?("admins")
|
43
|
+
default['admins'] = []
|
44
|
+
node['deployment']['admins'].each_value { |data|
|
45
|
+
default['admins'] << data['email']
|
46
|
+
}
|
47
|
+
end
|
48
|
+
if node['deployment'].has_key?("mu_public_ip")
|
49
|
+
default['nagios']['allowed_hosts'] = [node['deployment']['mu_public_ip']]
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
if (!node.has_key?("admins") or node['admins'].size == 0) and node['tags'].is_a?(Hash)
|
54
|
+
if node['tags'].has_key?("MU-OWNER")
|
55
|
+
default['admins'] = []
|
56
|
+
default['admins'] << node['tags']['MU-OWNER']+"@localhost"
|
57
|
+
elsif node['tags'].has_key?("MU-ADMINS")
|
58
|
+
default['admins'] = node['tags']['MU-ADMINS'].split(/\s+/)
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
begin
|
63
|
+
default['splunk']['receiver_ip'] = node['ec2']['public_ip_address']
|
64
|
+
rescue NoMethodError
|
65
|
+
default['splunk']['receiver_ip'] = node['ipaddress']
|
66
|
+
end
|
67
|
+
|
68
|
+
# Set this to a path to store Splunk's big databases somewhere besides
|
69
|
+
# /opt/splunk/var/lib/splunk
|
70
|
+
default['splunk']['splunkdb']['dev'] = nil
|
71
|
+
default['splunk']['splunkdb']['path'] = "/opt/splunk/var/lib/splunk"
|
72
|
+
default['splunk']['minfreespace'] = 733
|
73
|
+
default['splunk']['inputs_conf']['host'] = Chef::Config[:node_name]
|
74
|
+
default['splunk']['accept_license'] = true
|
75
|
+
default['splunk']['auth'] = {
|
76
|
+
'data_bag' => 'splunk',
|
77
|
+
'data_bag_item' => 'admin_user'
|
78
|
+
}
|
79
|
+
default['splunk']['ssl_options'] = {
|
80
|
+
'enable_ssl' => true,
|
81
|
+
'data_bag' => Chef::Config[:node_name],
|
82
|
+
'data_bag_item' => 'ssl_cert',
|
83
|
+
'keyfile' => 'node.key',
|
84
|
+
'crtfile' => 'node.crt'
|
85
|
+
}
|
86
|
+
|
87
|
+
default['maldet']['install'] = true
|
88
|
+
|
89
|
+
default['sec']['root_login_disabled'] = false
|
90
|
+
default['sec']['accnt_lckout'] = 5
|
91
|
+
default['sec']['accnt_lckout_duration'] = 900
|
92
|
+
default['sec']['pwd'] = {
|
93
|
+
'min_length' => 14,
|
94
|
+
'numeric' => -1,
|
95
|
+
'uppercase' => -1,
|
96
|
+
'lowercase' => -1,
|
97
|
+
'special' => -1,
|
98
|
+
'retry' => 3,
|
99
|
+
'remember' => 5
|
100
|
+
}
|
101
|
+
|
102
|
+
# dumb hack, or dumbest hack?
|
103
|
+
["s", "t", "u", "v", "w", "x", "y", "z"].reverse_each { |drive|
|
104
|
+
if File.exist?("/dev/xvd#{drive}")
|
105
|
+
default['tmp_dev'] = "/dev/xvd#{drive}"
|
106
|
+
break
|
107
|
+
end
|
108
|
+
}
|
109
|
+
|
110
|
+
default['application_attributes']['home']["volume_size_gb"] = 2
|
111
|
+
default['application_attributes']['home']['mount_device'] = "/dev/xvdn"
|
112
|
+
default['application_attributes']['home']['label'] = "#{disk_name_str} /home"
|
113
|
+
default['application_attributes']['home']['mount_directory'] = "/home"
|
114
|
+
|
115
|
+
default['application_attributes']['var']["volume_size_gb"] = 7
|
116
|
+
default['application_attributes']['var']['mount_device'] = "/dev/xvdo"
|
117
|
+
default['application_attributes']['var']['label'] = "#{disk_name_str} /var"
|
118
|
+
default['application_attributes']['var']['mount_directory'] = "/var"
|
119
|
+
|
120
|
+
default['application_attributes']['var_log']["volume_size_gb"] = 7
|
121
|
+
default['application_attributes']['var_log']['mount_device'] = "/dev/xvdp"
|
122
|
+
default['application_attributes']['var_log']['label'] = "#{disk_name_str} /var/log"
|
123
|
+
default['application_attributes']['var_log']['mount_directory'] = "/var/log"
|
124
|
+
|
125
|
+
default['application_attributes']['var_log_audit']["volume_size_gb"] = 2
|
126
|
+
default['application_attributes']['var_log_audit']['mount_device'] = "/dev/xvdq"
|
127
|
+
default['application_attributes']['var_log_audit']['label'] = "#{disk_name_str} /var/log/audit"
|
128
|
+
default['application_attributes']['var_log_audit']['mount_directory'] = "/var/log/audit"
|
129
|
+
|
130
|
+
default['banner']['path'] = "etc/BANNER-FEDERAL"
|
131
|
+
# firewalld support in the firewall cookbook is too stupid to breathe
|
132
|
+
default['firewall']['redhat7_iptables'] = true
|
133
|
+
#if node['platform'] == 'amazon'
|
134
|
+
# override['firewall']['redhat7_iptables'] = true
|
135
|
+
#end
|
136
|
+
|
137
|
+
# We probably don't want to set java defaults here. This may cause issues with attribute precedence when other cookbooks try to install a different version of Java (JDK 7 is not supported/patched)
|
138
|
+
# if platform_family?("windows")
|
139
|
+
# override['java']['install_flavor'] = 'windows'
|
140
|
+
# override["java"]["jdk_version"] = 7
|
141
|
+
# override["java"]["oracle"]["accept_oracle_download_terms"] = true
|
142
|
+
# end
|