RubyGems - cloud-mu - Versions diffs - 1.9.0.pre.beta - Mend

cloud-mu 1.9.0.pre.beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (618) hide show

checksums.yaml +7 -0
data/Berksfile +56 -0
data/Berksfile.lock +250 -0
data/Jenkinsfile +184 -0
data/LICENSE.md +37 -0
data/README.md +26 -0
data/bin/mu-aws-setup +376 -0
data/bin/mu-cleanup +68 -0
data/bin/mu-configure +1133 -0
data/bin/mu-deploy +166 -0
data/bin/mu-firewall-allow-clients +30 -0
data/bin/mu-gcp-setup +200 -0
data/bin/mu-gen-docs +34 -0
data/bin/mu-gen-env +42 -0
data/bin/mu-load-config.rb +158 -0
data/bin/mu-node-manage +683 -0
data/bin/mu-self-update +228 -0
data/bin/mu-ssh +23 -0
data/bin/mu-tunnel-nagios +144 -0
data/bin/mu-upload-chef-artifacts +757 -0
data/bin/mu-user-manage +275 -0
data/cookbooks/awscli/LICENSE +37 -0
data/cookbooks/awscli/README.md +58 -0
data/cookbooks/awscli/attributes/default.rb +1 -0
data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
data/cookbooks/awscli/metadata.rb +20 -0
data/cookbooks/awscli/recipes/default.rb +56 -0
data/cookbooks/awscli/templates/default/config.erb +18 -0
data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
data/cookbooks/mu-activedirectory/LICENSE +37 -0
data/cookbooks/mu-activedirectory/README.md +6 -0
data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
data/cookbooks/mu-activedirectory/metadata.rb +17 -0
data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
data/cookbooks/mu-firewall/LICENSE +37 -0
data/cookbooks/mu-firewall/README.md +5 -0
data/cookbooks/mu-firewall/attributes/default.rb +3 -0
data/cookbooks/mu-firewall/metadata.rb +16 -0
data/cookbooks/mu-firewall/recipes/default.rb +10 -0
data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
data/cookbooks/mu-glusterfs/LICENSE +37 -0
data/cookbooks/mu-glusterfs/README.md +5 -0
data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
data/cookbooks/mu-glusterfs/metadata.rb +17 -0
data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
data/cookbooks/mu-jenkins/LICENSE +37 -0
data/cookbooks/mu-jenkins/README.md +105 -0
data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
data/cookbooks/mu-jenkins/metadata.rb +21 -0
data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
data/cookbooks/mu-master/CHANGELOG.md +13 -0
data/cookbooks/mu-master/LICENSE +37 -0
data/cookbooks/mu-master/README.md +6 -0
data/cookbooks/mu-master/attributes/default.rb +95 -0
data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
data/cookbooks/mu-master/files/default/pam_sshd +18 -0
data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-master/files/default/vimrc +19 -0
data/cookbooks/mu-master/libraries/mu.rb +29 -0
data/cookbooks/mu-master/metadata.rb +30 -0
data/cookbooks/mu-master/providers/user.rb +41 -0
data/cookbooks/mu-master/recipes/389ds.rb +164 -0
data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
data/cookbooks/mu-master/recipes/default.rb +451 -0
data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
data/cookbooks/mu-master/recipes/init.rb +542 -0
data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
data/cookbooks/mu-master/recipes/sssd.rb +89 -0
data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
data/cookbooks/mu-master/recipes/vault.rb +111 -0
data/cookbooks/mu-master/resources/user.rb +19 -0
data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
data/cookbooks/mu-mongo/LICENSE +37 -0
data/cookbooks/mu-mongo/README.md +5 -0
data/cookbooks/mu-mongo/attributes/default.rb +22 -0
data/cookbooks/mu-mongo/files/default/keyfile +16 -0
data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
data/cookbooks/mu-mongo/metadata.rb +17 -0
data/cookbooks/mu-mongo/recipes/default.rb +149 -0
data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
data/cookbooks/mu-openvpn/LICENSE +37 -0
data/cookbooks/mu-openvpn/README.md +6 -0
data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
data/cookbooks/mu-openvpn/metadata.rb +18 -0
data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
data/cookbooks/mu-php54/CHANGELOG.md +12 -0
data/cookbooks/mu-php54/LICENSE +37 -0
data/cookbooks/mu-php54/README.md +0 -0
data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
data/cookbooks/mu-php54/metadata.rb +21 -0
data/cookbooks/mu-php54/recipes/default.rb +97 -0
data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
data/cookbooks/mu-splunk/LICENSE +37 -0
data/cookbooks/mu-splunk/README.md +451 -0
data/cookbooks/mu-splunk/attributes/default.rb +95 -0
data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
data/cookbooks/mu-splunk/metadata.json +30 -0
data/cookbooks/mu-splunk/metadata.rb +17 -0
data/cookbooks/mu-splunk/recipes/client.rb +143 -0
data/cookbooks/mu-splunk/recipes/default.rb +31 -0
data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
data/cookbooks/mu-splunk/recipes/server.rb +53 -0
data/cookbooks/mu-splunk/recipes/service.rb +95 -0
data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
data/cookbooks/mu-splunk/recipes/user.rb +34 -0
data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
data/cookbooks/mu-tools/CHANGELOG.md +12 -0
data/cookbooks/mu-tools/LICENSE +37 -0
data/cookbooks/mu-tools/README.md +188 -0
data/cookbooks/mu-tools/attributes/default.rb +142 -0
data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
data/cookbooks/mu-tools/files/default/mypol.te +37 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
data/cookbooks/mu-tools/files/default/ntrights +0 -0
data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
data/cookbooks/mu-tools/libraries/helper.rb +292 -0
data/cookbooks/mu-tools/metadata.rb +28 -0
data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
data/cookbooks/mu-tools/recipes/efs.rb +70 -0
data/cookbooks/mu-tools/recipes/eks.rb +160 -0
data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
data/cookbooks/mu-tools/recipes/updates.rb +96 -0
data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
data/cookbooks/mu-tools/resources/disk.rb +88 -0
data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
data/cookbooks/mu-utility/CHANGELOG.md +12 -0
data/cookbooks/mu-utility/LICENSE +37 -0
data/cookbooks/mu-utility/README.md +6 -0
data/cookbooks/mu-utility/attributes/default.rb +1 -0
data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
data/cookbooks/mu-utility/metadata.rb +16 -0
data/cookbooks/mu-utility/recipes/apt.rb +23 -0
data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
data/cookbooks/mu-utility/recipes/luks.rb +18 -0
data/cookbooks/mu-utility/recipes/nat.rb +104 -0
data/cookbooks/mu-utility/recipes/php.rb +33 -0
data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
data/cookbooks/mu-utility/recipes/remi.rb +44 -0
data/cookbooks/mu-utility/recipes/vim.rb +26 -0
data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
data/cookbooks/mu-utility/recipes/zip.rb +26 -0
data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
data/cookbooks/nagios/Berksfile +8 -0
data/cookbooks/nagios/CHANGELOG.md +589 -0
data/cookbooks/nagios/CONTRIBUTING.md +11 -0
data/cookbooks/nagios/LICENSE +37 -0
data/cookbooks/nagios/README.md +328 -0
data/cookbooks/nagios/TESTING.md +2 -0
data/cookbooks/nagios/attributes/config.rb +171 -0
data/cookbooks/nagios/attributes/default.rb +228 -0
data/cookbooks/nagios/chefignore +102 -0
data/cookbooks/nagios/definitions/command.rb +33 -0
data/cookbooks/nagios/definitions/contact.rb +33 -0
data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
data/cookbooks/nagios/definitions/host.rb +33 -0
data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
data/cookbooks/nagios/definitions/resource.rb +33 -0
data/cookbooks/nagios/definitions/service.rb +33 -0
data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
data/cookbooks/nagios/libraries/base.rb +314 -0
data/cookbooks/nagios/libraries/command.rb +91 -0
data/cookbooks/nagios/libraries/contact.rb +230 -0
data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
data/cookbooks/nagios/libraries/custom_option.rb +36 -0
data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
data/cookbooks/nagios/libraries/default.rb +90 -0
data/cookbooks/nagios/libraries/host.rb +412 -0
data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
data/cookbooks/nagios/libraries/nagios.rb +282 -0
data/cookbooks/nagios/libraries/resource.rb +59 -0
data/cookbooks/nagios/libraries/service.rb +455 -0
data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
data/cookbooks/nagios/libraries/users_helper.rb +54 -0
data/cookbooks/nagios/metadata.rb +25 -0
data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
data/cookbooks/nagios/recipes/apache.rb +48 -0
data/cookbooks/nagios/recipes/default.rb +204 -0
data/cookbooks/nagios/recipes/nginx.rb +82 -0
data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
data/cookbooks/nagios/recipes/server_package.rb +40 -0
data/cookbooks/nagios/recipes/server_source.rb +164 -0
data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
data/cookbooks/s3fs/CHANGELOG.md +13 -0
data/cookbooks/s3fs/LICENSE +37 -0
data/cookbooks/s3fs/README.md +6 -0
data/cookbooks/s3fs/attributes/default.rb +15 -0
data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
data/cookbooks/s3fs/metadata.rb +16 -0
data/cookbooks/s3fs/recipes/default.rb +91 -0
data/data_bags/demo/app.json +7 -0
data/data_bags/nagios_services/chef.json +6 -0
data/data_bags/nagios_services/linux_diskspace.json +5 -0
data/data_bags/nagios_services/momma_cat.json +6 -0
data/data_bags/nagios_services/mu-master-memory.json +5 -0
data/data_bags/nagios_services/nagios_ui.json +6 -0
data/data_bags/nagios_services/node_ssh.json +6 -0
data/data_bags/nagios_services/ssh.json +6 -0
data/demo/lambda_test.yaml +29 -0
data/environments/DEV.json +8 -0
data/environments/PROD.json +8 -0
data/environments/dev.json +8 -0
data/environments/development.json +8 -0
data/environments/prod.json +8 -0
data/extras/README.md +1 -0
data/extras/admin-role-binding.yaml +16 -0
data/extras/admin-user.yaml +6 -0
data/extras/aws-auth-cm.yaml.erb +12 -0
data/extras/clean-stock-amis +48 -0
data/extras/git-fix-permissions-hook +12 -0
data/extras/gitlab-eks-helper.sh.erb +20 -0
data/extras/image-generators/README.md +2 -0
data/extras/image-generators/aws/centos6.yaml +18 -0
data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
data/extras/image-generators/aws/centos7.yaml +17 -0
data/extras/image-generators/aws/rhel7.yaml +17 -0
data/extras/image-generators/aws/win2k12.yaml +16 -0
data/extras/image-generators/aws/win2k16.yaml +16 -0
data/extras/image-generators/aws/windows.yaml +18 -0
data/extras/image-generators/gcp/centos6.yaml +17 -0
data/extras/lambda_waf_domain_blacklist.py +103 -0
data/extras/platform_berksfile_base +50 -0
data/extras/ruby_rpm/build.sh +17 -0
data/extras/ruby_rpm/muby.spec +44 -0
data/extras/vault_tools/README.md +6 -0
data/extras/vault_tools/export_vaults.sh +3 -0
data/extras/vault_tools/recreate_vaults.sh +5 -0
data/extras/vault_tools/test_vaults.sh +5 -0
data/install/README.md +8 -0
data/install/cfn_create_mu_master.json +1034 -0
data/install/chef-server.rb.erb +19 -0
data/install/deprecated-bash-library.sh +1891 -0
data/install/images/Usage.png +0 -0
data/install/installer +71 -0
data/install/jenkinskeys.rb +8 -0
data/install/user-dot-murc.erb +14 -0
data/modules/html.erb +19 -0
data/modules/mommacat.ru +426 -0
data/modules/mu/cleanup.rb +339 -0
data/modules/mu/cloud.rb +1446 -0
data/modules/mu/clouds/README.md +201 -0
data/modules/mu/clouds/aws/alarm.rb +319 -0
data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
data/modules/mu/clouds/aws/collection.rb +373 -0
data/modules/mu/clouds/aws/container_cluster.rb +667 -0
data/modules/mu/clouds/aws/database.rb +1836 -0
data/modules/mu/clouds/aws/dnszone.rb +911 -0
data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
data/modules/mu/clouds/aws/folder.rb +92 -0
data/modules/mu/clouds/aws/function.rb +349 -0
data/modules/mu/clouds/aws/group.rb +251 -0
data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
data/modules/mu/clouds/aws/log.rb +363 -0
data/modules/mu/clouds/aws/msg_queue.rb +480 -0
data/modules/mu/clouds/aws/notification.rb +139 -0
data/modules/mu/clouds/aws/role.rb +656 -0
data/modules/mu/clouds/aws/search_domain.rb +646 -0
data/modules/mu/clouds/aws/server.rb +2294 -0
data/modules/mu/clouds/aws/server_pool.rb +1388 -0
data/modules/mu/clouds/aws/storage_pool.rb +495 -0
data/modules/mu/clouds/aws/user.rb +382 -0
data/modules/mu/clouds/aws/userdata/README.md +4 -0
data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
data/modules/mu/clouds/aws/vpc.rb +1943 -0
data/modules/mu/clouds/aws.rb +1009 -0
data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
data/modules/mu/clouds/cloudformation/collection.rb +117 -0
data/modules/mu/clouds/cloudformation/database.rb +278 -0
data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
data/modules/mu/clouds/cloudformation/log.rb +170 -0
data/modules/mu/clouds/cloudformation/server.rb +370 -0
data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
data/modules/mu/clouds/cloudformation.rb +733 -0
data/modules/mu/clouds/docker.rb +30 -0
data/modules/mu/clouds/google/container_cluster.rb +290 -0
data/modules/mu/clouds/google/database.rb +152 -0
data/modules/mu/clouds/google/firewall_rule.rb +267 -0
data/modules/mu/clouds/google/group.rb +164 -0
data/modules/mu/clouds/google/loadbalancer.rb +479 -0
data/modules/mu/clouds/google/server.rb +1510 -0
data/modules/mu/clouds/google/server_pool.rb +274 -0
data/modules/mu/clouds/google/user.rb +266 -0
data/modules/mu/clouds/google/userdata/README.md +4 -0
data/modules/mu/clouds/google/userdata/linux.erb +137 -0
data/modules/mu/clouds/google/userdata/windows.erb +275 -0
data/modules/mu/clouds/google/vpc.rb +890 -0
data/modules/mu/clouds/google.rb +811 -0
data/modules/mu/config/README.md +11 -0
data/modules/mu/config/alarm.rb +271 -0
data/modules/mu/config/cache_cluster.rb +172 -0
data/modules/mu/config/collection.rb +87 -0
data/modules/mu/config/container_cluster.rb +103 -0
data/modules/mu/config/container_cluster.yml +36 -0
data/modules/mu/config/database.rb +458 -0
data/modules/mu/config/database.yml +26 -0
data/modules/mu/config/dnszone.rb +327 -0
data/modules/mu/config/firewall_rule.rb +118 -0
data/modules/mu/config/folder.rb +70 -0
data/modules/mu/config/function.rb +140 -0
data/modules/mu/config/group.rb +64 -0
data/modules/mu/config/loadbalancer.rb +482 -0
data/modules/mu/config/log.rb +47 -0
data/modules/mu/config/log.yml +6 -0
data/modules/mu/config/msg_queue.rb +47 -0
data/modules/mu/config/msg_queue.yml +9 -0
data/modules/mu/config/notification.rb +44 -0
data/modules/mu/config/project.rb +71 -0
data/modules/mu/config/role.rb +102 -0
data/modules/mu/config/search_domain.rb +61 -0
data/modules/mu/config/search_domain.yml +25 -0
data/modules/mu/config/server.rb +587 -0
data/modules/mu/config/server.yml +8 -0
data/modules/mu/config/server_pool.rb +216 -0
data/modules/mu/config/server_pool.yml +71 -0
data/modules/mu/config/storage_pool.rb +145 -0
data/modules/mu/config/user.rb +78 -0
data/modules/mu/config/vpc.rb +743 -0
data/modules/mu/config/vpc.yml +6 -0
data/modules/mu/config.rb +2000 -0
data/modules/mu/defaults/README.md +2 -0
data/modules/mu/defaults/amazon_images.yaml +121 -0
data/modules/mu/defaults/google_images.yaml +16 -0
data/modules/mu/deploy.rb +686 -0
data/modules/mu/groomer.rb +123 -0
data/modules/mu/groomers/README.md +58 -0
data/modules/mu/groomers/chef.rb +1024 -0
data/modules/mu/kittens.rb +11319 -0
data/modules/mu/logger.rb +208 -0
data/modules/mu/master/README.md +27 -0
data/modules/mu/master/chef.rb +471 -0
data/modules/mu/master/ldap.rb +1005 -0
data/modules/mu/master.rb +415 -0
data/modules/mu/mommacat.rb +2703 -0
data/modules/mu-load-config.rb +1 -0
data/modules/mu.rb +724 -0
data/modules/scratchpad.erb +1 -0
data/modules/tests/super_complex_bok.yml +41 -0
data/modules/tests/super_simple_bok.yml +40 -0
data/mu.gemspec +62 -0
data/roles/demo-dbservice-configure.json +19 -0
data/roles/demo-portal-configure.json +19 -0
data/roles/mu-master-jenkins.json +24 -0
data/roles/mu-master-nagios-only.json +13 -0
data/roles/mu-master.json +12 -0
data/roles/mu-node.json +19 -0
data/roles/mu-splunk-server.json +13 -0
data/roles/mu-splunk.json +13 -0
data/test/clean_up.py +25 -0
data/test/demo-test-profile/README.md +3 -0
data/test/demo-test-profile/controls/flask.rb +84 -0
data/test/demo-test-profile/inspec.lock +7 -0
data/test/demo-test-profile/inspec.yml +11 -0
data/test/etco-test-profile/README.md +3 -0
data/test/etco-test-profile/controls/all-in-one.rb +182 -0
data/test/etco-test-profile/inspec.lock +7 -0
data/test/etco-test-profile/inspec.yml +11 -0
data/test/exec_inspec.py +246 -0
data/test/exec_mu_install.py +241 -0
data/test/exec_retry.py +44 -0
data/test/mu-master-test/README.md +3 -0
data/test/mu-master-test/controls/all_in_one.rb +557 -0
data/test/mu-master-test/inspec.lock +3 -0
data/test/mu-master-test/inspec.yml +11 -0
data/test/mu-tools-test/README.md +3 -0
data/test/mu-tools-test/controls/base.rb +265 -0
data/test/mu-tools-test/inspec.lock +3 -0
data/test/mu-tools-test/inspec.yml +8 -0
data/test/simple-server-php-test/README.md +3 -0
data/test/simple-server-php-test/controls/apachephp.rb +25 -0
data/test/simple-server-php-test/controls/example.rb +19 -0
data/test/simple-server-php-test/inspec.lock +7 -0
data/test/simple-server-php-test/inspec.yml +12 -0
data/test/simple-server-rails-test/README.md +3 -0
data/test/simple-server-rails-test/controls/rails.rb +188 -0
data/test/simple-server-rails-test/inspec.lock +7 -0
data/test/simple-server-rails-test/inspec.yml +11 -0
data/test/simple-windows-test/README.md +3 -0
data/test/simple-windows-test/controls/windows.rb +20 -0
data/test/simple-windows-test/inspec.lock +7 -0
data/test/simple-windows-test/inspec.yml +11 -0
data/test/smoke_test.rb +75 -0
data/test/wordpress-test/README.md +3 -0
data/test/wordpress-test/controls/wordpress.rb +97 -0
data/test/wordpress-test/inspec.lock +7 -0
data/test/wordpress-test/inspec.yml +11 -0
metadata +979 -0

data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init ADDED Viewed

@@ -0,0 +1,30 @@
+# color => new RH6.0 bootup
+# verbose => old-style bootup
+# anything else => new style bootup without ANSI colors or positioning
+BOOTUP=color
+# column to start "[  OK  ]" label in
+RES_COL=60
+# terminal sequence to move to that column. You could change this
+# to something like "tput hpa ${RES_COL}" if your terminal supports it
+MOVE_TO_COL="echo -en \\033[${RES_COL}G"
+# terminal sequence to set color to a 'success' color (currently: green)
+SETCOLOR_SUCCESS="echo -en \\033[0;32m"
+# terminal sequence to set color to a 'failure' color (currently: red)
+SETCOLOR_FAILURE="echo -en \\033[0;31m"
+# terminal sequence to set color to a 'warning' color (currently: yellow)
+SETCOLOR_WARNING="echo -en \\033[0;33m"
+# terminal sequence to reset to the default color.
+SETCOLOR_NORMAL="echo -en \\033[0;39m"
+# Set to anything other than 'no' to allow hotkey interactive startup...
+PROMPT=yes
+# Set to 'yes' to allow probing for devices with swap signatures
+AUTOSWAP=no
+# What ttys should gettys be started on?
+ACTIVE_CONSOLES=/dev/tty1
+# Set to '/sbin/sulogin' to prompt for password on single-user mode
+# Set to '/sbin/sushell' otherwise
+SINGLE=/sbin/sushell
+#
+# Add CAP Modifications
+#
+umask 027

data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf ADDED Viewed

@@ -0,0 +1,40 @@
+# Kernel sysctl configuration file for Red Hat Linux
+#
+# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
+# sysctl.conf(5) for more details.
+# Controls IP packet forwarding
+net.ipv4.ip_forward = 0
+# Controls source route verification
+net.ipv4.conf.default.rp_filter = 1
+# Do not accept source routing
+net.ipv4.conf.default.accept_source_route = 0
+# Controls the System Request debugging functionality of the kernel
+kernel.sysrq = 0
+# Controls whether core dumps will append the PID to the core filename.
+# Useful for debugging multi-threaded applications.
+kernel.core_uses_pid = 1
+# Controls the use of TCP syncookies
+net.ipv4.tcp_syncookies = 1
+# Disable netfilter on bridges.
+net.bridge.bridge-nf-call-ip6tables = 0
+net.bridge.bridge-nf-call-iptables = 0
+net.bridge.bridge-nf-call-arptables = 0
+# Controls the default maxmimum size of a mesage queue
+kernel.msgmnb = 65536
+# Controls the maximum size of a message, in bytes
+kernel.msgmax = 65536
+# Controls the maximum shared segment size, in bytes
+kernel.shmmax = 68719476736
+# Controls the maximum number of shared memory segments, in pages
+kernel.shmall = 4294967296

data/cookbooks/mu-tools/files/default/Mu_CA.pem ADDED Viewed

@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF2zCCA8OgAwIBAgIJALVaC3iJgQA6MA0GCSqGSIb3DQEBDQUAMF0xFjAUBgNV
+BAMMDTU0LjE3NS44Ni4xOTQxIDAeBgNVBAsMF011IFNlcnZlciA1NC4xNzUuODYu
+MTk0MRQwEgYDVQQKDAtlR2xvYmFsVGVjaDELMAkGA1UEBhMCVVMwHhcNMTgxMjAz
+MTM1OTUxWhcNMjEwOTIyMTM1OTUxWjBdMRYwFAYDVQQDDA01NC4xNzUuODYuMTk0
+MSAwHgYDVQQLDBdNdSBTZXJ2ZXIgNTQuMTc1Ljg2LjE5NDEUMBIGA1UECgwLZUds
+b2JhbFRlY2gxCzAJBgNVBAYTAlVTMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAo7rntOFj/WPNvh00SN55aJBusppsY9arq7QF5gt/9+cBPsjcXn7jJMu0
+vD9RFqkR8fpkvs01MiTToKHDli30FYSO+pybW/3R8VMby3jU7Df+i20tnB8gZqkc
+XQGU4c8cGwdu1J/DpRoX5oCOlO2by+2+5nebJd7ABpzl9eE2/1HBJVaHROCVzmbu
+UCXVIlKAOccgwzPj+r4EHwH4Nyv8cSnh67Fg8jehW21ZltZNXek7upc9421MQLka
+9TtbBod7DWVQNfc8hAxATlupOnKsKa1n8vZD9bj9xvK2wz1E6lVYbkuxzpOzqBqy
+PO/6Svt8zTH3pEJMbxwtiwJ8cCLiqSoxj8hOKvvsSmvboN9DwN73JQjOY/pXHaU1
+/w9syNORnwEKMzs5Eu14dAV1+w7Nk8xff4LHjIYoTWD+zuK6ETVnX8j7f1zwebok
+HLF0qlnfZhU4uiE8+wU1h6oeGZG9fLV63wlGdUXA+HermzovuJ0d2ocy0O93QQDt
+Y92dr6UcPfAmzFyX3Rj9FFMYb2/n1G8l5pEd/Qkx3sH04aoxEmyQU0zugo3zQsL9
+KNyIbp2BTlSh2R/4hWJpWiXFliRvotiJu1s2wdNQ1D3SZgxDbfxf/3j04xgdi5eW
+e4Q3VnxhRfmkS1NqEzIvPabVLg9qvN419cubpE6HAtBJw/f3ocUCAwEAAaOBnTCB
+mjBKBgNVHREEQzBBhwQ2r1bCgglsb2NhbGhvc3SHBH8AAAGCGXN0YW5nZS1tdS1k
+ZXYucGxhdGZvcm0tbXWCDXN0YW5nZS1tdS1kZXYwHQYDVR0OBBYEFK/EmtGebCwd
+5QpM8y/3EKdYNVbcMB8GA1UdIwQYMBaAFK/EmtGebCwd5QpM8y/3EKdYNVbcMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAIFFoIWaS2vsiMjEeFo/FXKd
+Gy5lrvbBMaKgeFBI7Yqrz7wxmPol5de1KuuYANrcHtgpTuqnNRPMKt4VF6NW6CRY
+FTaaG0kwJU0Y3FMAdrmUUFK0bqNhchrwSv3Zqs68ifQ7vxwN0xLZrKJ5kMWjfQCn
+XDOImEe14ZQYwAf0kxZXm9qGoVQZK+ObIfNDPTPAOADQ3ZeawRrogZ2M6694mN+4
+eS/PDibpcZ4Dl8Cw4nuLIG4ct9Dm/8kZ0XRAoxXTEUfMIrJQpKmjnhux8Kzjy/DU
+eovi+530klyeyV0909lN9l8JJmBd3Zw1EArSB2PgSSTfGXrdGN/A6TlE50QahZS6
+wlE4/P2ISDCyyc+Zobu9e+6WII7DFcNwzyFuC3WO6h2I2IXnZvUfVCowjipfdSKx
++qQvevSmbprs+AJVfvkyaejKYK5PPe+fGMHJo80Pqc2LiODoChs6NZh10xAG0Sd6
+zQ05A4ZUmZjlC0lpFkgVPBaAlUAW28y6CdlRNW6H52KgvctJecGrBYZ52cTdju1b
+AXdlwMbPHHoA0HDCT7vGhGb/zUWkWYJVpXQ7EwwQWdCEejegtCRNWqTZC0s4mjUa
+Yw4ISVSAaTkzWWxBkizBGJcIxUfukuhnEEGs1G09hqpaXMWyXLg3wf9GkCsn+tD+
+PY7N1R6ysc8wA8nByPeR
+-----END CERTIFICATE-----

data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip ADDED Viewed

Binary file

data/cookbooks/mu-tools/files/default/ebs_snapshots.py ADDED Viewed

@@ -0,0 +1,123 @@
+import argparse
+import datetime
+import logging
+import sys
+import boto
+import boto.ec2
+import boto.utils
+import requests
+parser = argparse.ArgumentParser(
+    description='Script to automaticly snapshot EBS volumes',
+    prog='ebs_snpashots.py',
+    formatter_class=lambda prog: argparse.HelpFormatter(prog,max_help_position=40)
+)
+parser.add_argument('-n', '--num_snaps_keep', metavar='', help='Number of Snapshots to Keep', type=int, default=15)
+parser.add_argument('-l', '--logfile', metavar='', help='Location of logfile', type=str, default='ebs_snapshots.log')
+parser.add_argument('-d', '--device_name', metavar='', help='Device name of EBS volume. If not specified, a snapshot will be created to all attached volumes', type=str, default=None)
+parser.add_argument('-x', '--exclude_devices', metavar='', help='Mounted volumes endpoints to exclude from automated snapshtos', type=str, default='/dev/sda1, /dev/sda, /dev/xvdn, /dev/xvdo, /dev/xvdp, /dev/xvdq, xvdn, xvdo, xvdp, xvdq')
+parser.add_argument('-dt', '--desc_tag', metavar='', help='Description tag for new snapshot', type=str, default='Created by Automated Snapshot Script')
+parser.add_argument('-nt', '--name_tag', metavar='', help='Name tag for the new snapshots', type=str, default=None)
+parsed_args = parser.parse_args()
+logging.basicConfig(
+    level=logging.INFO,
+    format='%(asctime)s %(name)-15s %(levelname)-8s %(lineno)d %(message)s',
+    datefmt='%m-%d-%Y %H:%M:%S',
+    filename=parsed_args.logfile,
+    filemode='a'
+)
+console_log = logging.StreamHandler()
+console_log.setLevel(logging.INFO)
+formatter = logging.Formatter('%(name)-10s: %(levelname)-8s %(message)s')
+console_log.setFormatter(formatter)
+logging.getLogger('').addHandler(console_log)
+logger = logging.getLogger('logger')
+class ebs_snapshot:
+    def __init__(self, args=parsed_args):
+        self.region = boto.utils.get_instance_identity()['document']['region']
+        self.ec2 = boto.ec2.connect_to_region(self.region)
+        self.instance_id = boto.utils.get_instance_metadata()['instance-id']
+        self.name_tag = args.name_tag
+        self.description_tag = args.desc_tag
+        self.device_name = args.device_name
+        self.num_snapshots_keep = args.num_snaps_keep
+        self.exclude_devices = map(str.strip, args.exclude_devices.split(','))
+    def get_volumes(self):
+        volumes = []
+        volume_filters = {'attachment.instance-id': self.instance_id}
+        try:
+            volumes = self.ec2.get_all_volumes(filters=volume_filters)
+        except boto.exception.EC2ResponseError as err:
+            logger.exception('Failed to authenticate to AWS {err}'.format(err=err.message))
+            raise err
+        return volumes
+    def create_snapshot(self, volume):
+        date = datetime.datetime.utcnow().strftime('%m%d%Y-%H%M')
+        try:
+            new_snapshot = volume.create_snapshot('{snapshot_description} on {date}'.format(snapshot_description=self.description_tag, date=date))
+        except boto.exception.EC2ResponseError as err:
+            logger.exception('Failed to create snapshot {err}'.format(err=err.message))
+            raise err
+        if self.name_tag:
+            snap_tag = self.name_tag
+        elif 'Name' in volume.tags:
+            snap_tag = volume.tags['Name']
+        else:
+            snap_tag = "{volume_id}-{device_name}-{instance_id}".format(volume_id=volume.id, instance_id=self.instance_id, device_name=volume.attach_data.device.upper())
+        new_snapshot.add_tag('Name', snap_tag)
+        new_snapshot.add_tag('SnapshotType', 'Automated-Snapshots')
+        new_snapshot.add_tag('Attachment-Device', volume.attach_data.device.upper())
+        for tag_key in volume.tags:
+            if tag_key != "Name":
+                new_snapshot.add_tag(tag_key, volume.tags[tag_key])
+        logger.info('Snapshot {snap_id}/{snap_name} Created'.format(snap_id=new_snapshot.id, snap_name=new_snapshot.tags['Name']))
+    def delete_snapshots(self, volume):
+        snapshots_filters = {
+            'volume-id': volume.id,
+            'tag-key': 'SnapshotType',
+            'tag-value':'Automated-Snapshots'
+        }
+        all_snapshots = self.ec2.get_all_snapshots(filters=snapshots_filters)
+        sorted_snapshots = sorted(all_snapshots, key=lambda snapshot: snapshot.start_time)
+        snpashots_to_delete = len(sorted_snapshots) - self.num_snapshots_keep
+        for i in range(snpashots_to_delete):
+            try:
+                sorted_snapshots[i].delete()
+            except boto.exception.EC2ResponseError as err:
+                logger.exception('Failed to delete snapshot {snap_id}/{snap_name}: {err}'.format(snap_id=sorted_snapshots[i].id, snap_name=sorted_snapshots[i].tags['Name'], err=err.message))
+                continue
+            logger.info('Deleted snapshot {snap_id}/{snap_name}'.format(snap_id=sorted_snapshots[i].id, snap_name=sorted_snapshots[i].tags['Name']))
+    def process_volume(self, volume):
+        if self.num_snapshots_keep > 0:
+            self.create_snapshot(volume)
+        self.delete_snapshots(volume)
+    def run(self):
+        volumes = self.get_volumes()
+        if volumes:
+            for volume in volumes:
+                if self.device_name is None:
+                    if volume.attach_data.device not in self.exclude_devices:
+                        self.process_volume(volume)
+                else:
+                    if volume.attach_data.device == self.device_name:
+                        self.process_volume(volume)
+ebs_snapshot().run()

data/cookbooks/mu-tools/files/default/etc/BANNER ADDED Viewed

File without changes

data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL ADDED Viewed

@@ -0,0 +1,19 @@
+ +---------------------------------------------------------------------------- +
+ |                                                                             |
+ |     WARNING!    You are accessing a U.S. Government system.     WARNING!    |
+ |                                                                             |
+ |             =  THERE IS NO RIGHT OF PRIVACY ON THIS SYSTEM   =              |
+ |                                                                             |
+ |   CONNECTION TO and/or USE OF THIS SYSTEM BY ANY USER, AGENT, or ENTITY     |
+ |  AUTHORIZED or UNAUTHORIZED CONSTITUTES COMPLETE CONSENT TO THE MONITORING, |
+ |     RECORDING, READING, INTERCEPTION, COPYING, CAPTURING, and DISCLOSURE    |
+ |                IN ANY MANNER OF ANY and/or ALL ACTIVITY.                    |
+ |                                                                             |
+ |   Federal computer systems are provided ONLY for the processing of          |
+ |   official U.S. Government information. All data contained within Federal   |
+ |   computer systems is owned and controlled by the Federal Government.       |
+ |                                                                             |
+ | Unauthorized access and non-official use of government computers is prohib- |
+ | ited by Federal Law (Public Law 99-474), punishable by fines and/or prison. |
+ |                                                                             |
+ +----- WARNING! -------- WARNING! --------- WARNING! ---------- WARNING! -----+

data/cookbooks/mu-tools/files/default/gpo_no_uac.zip ADDED Viewed

Binary file

data/cookbooks/mu-tools/files/default/mypol.pp ADDED Viewed

Binary file

data/cookbooks/mu-tools/files/default/mypol.te ADDED Viewed

@@ -0,0 +1,37 @@
+module mypol 1.0;
+require {
+	type postfix_pickup_t;
+	type sshd_t;
+	type default_t;
+	type winbind_t;
+	type postfix_cleanup_t;
+	type postfix_master_t;
+	class sock_file { getattr unlink create };
+	class dir { write remove_name add_name };
+	class file { write read lock create unlink open };
+}
+#============= postfix_cleanup_t ==============
+allow postfix_cleanup_t default_t:sock_file getattr;
+#============= postfix_master_t ==============
+allow postfix_master_t default_t:sock_file getattr;
+#============= postfix_pickup_t ==============
+allow postfix_pickup_t default_t:sock_file getattr;
+#============= sshd_t ==============
+allow sshd_t default_t:sock_file getattr;
+#============= winbind_t ==============
+#!!!! The source type 'winbind_t' can write to a 'dir' of the following types:
+# user_home_t, var_run_t, var_log_t, samba_etc_t, samba_log_t, samba_var_t, ctdbd_var_lib_t, pcscd_var_run_t, smbd_var_run_t, user_home_dir_t, winbind_var_run_t, tmp_t, var_t, user_tmp_t, auth_cache_t, cluster_var_lib_t, cluster_var_run_t, root_t, cluster_conf_t
+allow winbind_t default_t:dir { write remove_name add_name };
+#!!!! The source type 'winbind_t' can write to a 'file' of the following types:
+# winbind_log_t, user_home_t, samba_secrets_t, samba_log_t, samba_var_t, ctdbd_var_lib_t, pcscd_var_run_t, smbd_var_run_t, winbind_var_run_t, user_tmp_t, auth_cache_t, cluster_var_lib_t, cluster_var_run_t, root_t, cluster_conf_t
+allow winbind_t default_t:file { write read lock create unlink open };
+allow winbind_t default_t:sock_file { create unlink };

data/cookbooks/mu-tools/files/default/nrpe_c7.pp ADDED Viewed

Binary file

data/cookbooks/mu-tools/files/default/nrpe_c7.te ADDED Viewed

@@ -0,0 +1,31 @@
+module nrpe_c7 1.0;
+require {
+	type unconfined_t;
+	type nrpe_t;
+	type nrpe_etc_t;
+	type nagios_etc_t;
+	class dir { read relabelto };
+	class file { read relabelto getattr };
+}
+#============= nrpe_t ==============
+#!!!! This avc is allowed in the current policy
+allow nrpe_t nagios_etc_t:dir read;
+allow nrpe_t nagios_etc_t:file read;
+#!!!! This avc is allowed in the current policy
+allow nrpe_t nagios_etc_t:file getattr;
+#!!!! This avc is allowed in the current policy
+allow nrpe_t nrpe_etc_t:dir read;
+#============= unconfined_t ==============
+#!!!! This avc is allowed in the current policy
+allow unconfined_t nrpe_t:dir relabelto;
+#!!!! This avc is allowed in the current policy
+allow unconfined_t nrpe_t:file relabelto;

data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp ADDED Viewed

Binary file

data/cookbooks/mu-tools/files/default/nrpe_check_disk.te ADDED Viewed

@@ -0,0 +1,11 @@
+module nrpe_check_disk 1.0;
+require {
+	type nagios_checkdisk_plugin_t;
+	type configfs_t;
+	class dir getattr;
+}
+#============= nagios_checkdisk_plugin_t ==============
+allow nagios_checkdisk_plugin_t configfs_t:dir getattr;

data/cookbooks/mu-tools/files/default/nrpe_disk.pp ADDED Viewed

Binary file

data/cookbooks/mu-tools/files/default/nrpe_disk.te ADDED Viewed

@@ -0,0 +1,10 @@
+module nrpe_disk 1.0;
+require {
+	type configfs_t;
+	type nagios_checkdisk_plugin_t;
+	class dir { search getattr };
+}
+allow nagios_checkdisk_plugin_t configfs_t:dir { search getattr };

data/cookbooks/mu-tools/files/default/nrpe_file.pp ADDED Viewed

Binary file

data/cookbooks/mu-tools/files/default/nrpe_file.te ADDED Viewed

@@ -0,0 +1,31 @@
+module nrpe_file 1.0;
+require {
+	type unconfined_t;
+	type nrpe_t;
+	type nrpe_etc_t;
+	type nagios_etc_t;
+	class dir { read relabelto };
+	class file { read relabelto getattr open };
+}
+#============= nrpe_t ==============
+#!!!! This avc is allowed in the current policy
+allow nrpe_t nagios_etc_t:dir read;
+allow nrpe_t nagios_etc_t:file open;
+#!!!! This avc is allowed in the current policy
+allow nrpe_t nagios_etc_t:file { read getattr };
+#!!!! This avc is allowed in the current policy
+allow nrpe_t nrpe_etc_t:dir read;
+#============= unconfined_t ==============
+#!!!! This avc is allowed in the current policy
+allow unconfined_t nrpe_t:dir relabelto;
+#!!!! This avc is allowed in the current policy
+allow unconfined_t nrpe_t:file relabelto;

data/cookbooks/mu-tools/files/default/ntrights ADDED Viewed

Binary file

data/cookbooks/mu-tools/files/default/serverclass.conf ADDED Viewed

@@ -0,0 +1,18 @@
+[serverClass:Splunk_for_Unix]
+machineTypesFilter = linux-x86_64,
+whitelist.0 = *
+[serverClass:Splunk_for_Unix:app:base_logs_unix]
+restartSplunkWeb = 0
+restartSplunkd = 1
+stateOnClient = enabled
+[serverClass:Splunk_for_Windows]
+machineTypesFilter = windows-x64,
+whitelist.0 = *
+[serverClass:Splunk_for_Windows:app:base_logs_windows]
+restartSplunkWeb = 0
+restartSplunkd = 1
+stateOnClient = enabled

data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Autogenerated file

data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf ADDED Viewed

@@ -0,0 +1,13 @@
+[monitor:///var/log/messages]
+disabled = false
+followTail = 0
+[monitor:///var/log/httpd/access_log]
+disabled = false
+followTail = 0
+sourcetype = access_combined
+[monitor:///var/log/httpd/error_log]
+disabled = false
+followTail = 0
+sourcetype = apache_error

data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf ADDED Viewed

	@@ -0,0 +1 @@
1	+ #Autogenerated File

data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf ADDED Viewed

@@ -0,0 +1,8 @@
+# Windows platform specific input processor.
+[WinEventLog://Application]
+disabled = 0
+[WinEventLog://Security]
+disabled = 0
+[WinEventLog://System]
+disabled = 0

data/cookbooks/mu-tools/files/default/sshd_pol.pp ADDED Viewed

Binary file

data/cookbooks/mu-tools/files/default/sshd_pol.te ADDED Viewed

@@ -0,0 +1,32 @@
+module sshd_pol 1.0;
+require {
+	type sshd_t;
+	type file_t;
+	type default_t;
+	type chroot_user_t;
+	type fusefs_t;
+	class sock_file write;
+	class lnk_file read;
+	class dir { search getattr };
+}
+#============= chroot_user_t ==============
+#!!!! This avc is allowed in the current policy
+allow chroot_user_t file_t:dir { getattr search };
+#!!!! This avc is allowed in the current policy
+allow chroot_user_t file_t:lnk_file read;
+#!!!! This avc is allowed in the current policy
+allow chroot_user_t fusefs_t:dir { search getattr };
+#============= sshd_t ==============
+allow sshd_t default_t:sock_file write;
+allow sshd_t file_t:dir search;
+allow sshd_t file_t:lnk_file read;
+#!!!! This avc can be allowed using the boolean 'use_fusefs_home_dirs'
+allow sshd_t fusefs_t:dir search;

data/cookbooks/mu-tools/files/redhat/etc/bashrc ADDED Viewed

@@ -0,0 +1,93 @@
+# /etc/bashrc
+# System wide functions and aliases
+# Environment stuff goes in /etc/profile
+# It's NOT a good idea to change this file unless you know what you
+# are doing. It's much better to create a custom.sh shell script in
+# /etc/profile.d/ to make custom changes to your environment, as this
+# will prevent the need for merging in future updates.
+# are we an interactive shell?
+if [ "$PS1" ]; then
+  if [ -z "$PROMPT_COMMAND" ]; then
+    case $TERM in
+    xterm*|vte*)
+      if [ -e /etc/sysconfig/bash-prompt-xterm ]; then
+          PROMPT_COMMAND=/etc/sysconfig/bash-prompt-xterm
+      elif [ "${VTE_VERSION:-0}" -ge 3405 ]; then
+          PROMPT_COMMAND="__vte_prompt_command"
+      else
+          PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
+      fi
+      ;;
+    screen*)
+      if [ -e /etc/sysconfig/bash-prompt-screen ]; then
+          PROMPT_COMMAND=/etc/sysconfig/bash-prompt-screen
+      else
+          PROMPT_COMMAND='printf "\033k%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
+      fi
+      ;;
+    *)
+      [ -e /etc/sysconfig/bash-prompt-default ] && PROMPT_COMMAND=/etc/sysconfig/bash-prompt-default
+      ;;
+    esac
+  fi
+  # Turn on parallel history
+  shopt -s histappend
+  history -a
+  # Turn on checkwinsize
+  shopt -s checkwinsize
+  [ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \W]\\$ "
+  # You might want to have e.g. tty in prompt (e.g. more virtual machines)
+  # and console windows
+  # If you want to do so, just add e.g.
+  # if [ "$PS1" ]; then
+  #   PS1="[\u@\h:\l \W]\\$ "
+  # fi
+  # to your custom modification shell script in /etc/profile.d/ directory
+fi
+if ! shopt -q login_shell ; then # We're not a login shell
+    # Need to redefine pathmunge, it get's undefined at the end of /etc/profile
+    pathmunge () {
+        case ":${PATH}:" in
+            *:"$1":*)
+                ;;
+            *)
+                if [ "$2" = "after" ] ; then
+                    PATH=$PATH:$1
+                else
+                    PATH=$1:$PATH
+                fi
+        esac
+    }
+    # By default, we want umask to get set. This sets it for non-login shell.
+    # Current threshold for system reserved uid/gids is 200
+    # You could check uidgid reservation validity in
+    # /usr/share/doc/setup-*/uidgid file
+#    if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
+#       umask 002
+#    else
+#       umask 022
+#    fi
+		umask 077
+    SHELL=/bin/bash
+    # Only display echos from profile.d scripts if we are no login shell
+    # and interactive - otherwise just process them to set envvars
+    for i in /etc/profile.d/*.sh; do
+        if [ -r "$i" ]; then
+            if [ "$PS1" ]; then
+                . "$i"
+            else
+                . "$i" >/dev/null
+            fi
+        fi
+    done
+    unset i
+    unset -f pathmunge
+fi
+# vim:ts=4:sw=4