server_maint 0.0.1

data/lib/cookbooks/sanitize/attributes/default.rb

@@ -0,0 +1 @@
+default['sanitize']['iptables'] = true

data/lib/cookbooks/sanitize/libraries/default.rb

@@ -0,0 +1,8 @@
+# Allow setting Gem.user_home attribute to be able to remove the
+# default 'ubuntu' user on the first run.
+module Gem
+  def self.user_home=(value)
+    @user_home = value
+  end
+end
+

data/lib/cookbooks/sanitize/metadata.rb

@@ -0,0 +1,12 @@
+maintainer       "Maciej Pasternacki"
+maintainer_email "maciej@pasternacki.net"
+license          "MIT"
+description      "Sanitizes system by providing a sane default configuration"
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
+version          "0.1.0"
+
+supports 'ubuntu', ">= 10.04"
+
+depends 'apt'
+depends 'build-essential'
+depends 'iptables'

data/lib/cookbooks/sanitize/recipes/default.rb

@@ -0,0 +1,113 @@
+#
+# Cookbook Name:: sanitize
+# Recipe:: default
+#
+# Copyright 2012, Maciej Pasternacki
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+## Prerequisites and system information
+
+require 'etc'
+
+node['build_essential']['compiletime'] = true
+
+include_recipe 'apt'
+include_recipe 'build-essential'
+
+## Delete default 'ubuntu' user if it exists; it's provided by the EC2 image.
+
+ubuntu_user = begin
+                Etc.getpwnam('ubuntu')
+              rescue ArgumentError
+                nil
+              end
+
+# HACK: Forget about ubuntu user we're about to force delete
+Dir.chdir('/root') if Dir.getwd == '/home/ubuntu'
+ENV['HOME'] = '/root' if ENV['HOME'] == '/home/ubuntu'
+Gem.user_home = '/root' if Gem.user_home == '/home/ubuntu'
+
+# FIXME: use 'user' resource?
+execute "userdel -r -f ubuntu || true" do
+  only_if { ubuntu_user }
+end
+
+## Lock out root account - sudo-only. Make sure this runs AFTER your
+## users accounts and sudoers file are set up.
+
+chef_gem "ruby-shadow"
+
+user "root" do
+  password '!*'
+end
+
+## Sanitize directory structure
+
+directory "/opt"
+
+## Locale
+
+execute 'locale-gen en_US.UTF-8'
+
+file '/etc/default/locale' do
+  content 'LANG=en_US.UTF-8'
+  owner 'root'
+  group 'root'
+  mode '0644'
+end
+
+execute "configure time zone" do
+  action :nothing
+  command "dpkg-reconfigure -fnoninteractive tzdata"
+end
+
+file '/etc/timezone' do
+  content 'Etc/UTC'
+  notifies :run, "execute[configure time zone]", :immediately
+end
+
+## Misc
+
+file "/var/log/chef/client.log" do
+  mode "0600"
+end
+
+link "/usr/local/bin/can-has" do
+  to "/usr/bin/apt-get"
+end
+
+%w(10-help-text 51_update-motd).each do |fn|
+  file "/etc/update-motd.d/#{fn}" do
+    action :delete
+  end
+end
+
+package "vim-nox"
+
+execute "update-alternatives --set editor /usr/bin/vim.nox" do
+  not_if "update-alternatives --query editor |grep -q '^Value: /usr/bin/vim.nox$'"
+end
+
+if node['sanitize']['iptables']
+  include_recipe 'iptables'
+  iptables_rule "port_ssh"
+end

data/lib/cookbooks/sanitize/templates/default/port_ssh.erb

@@ -0,0 +1,2 @@
+# SSH
+-A FWR -p tcp -m tcp --dport 22 -j ACCEPT

data/lib/server_maint/version.rb

@@ -0,0 +1,3 @@
+module ServerMaint
+  VERSION = "0.0.1"
+end

data/lib/server_maint.rb

@@ -0,0 +1,7 @@
+require "server_maint/version"
+
+module ServerMaint
+  def self.get_cookbook_path
+    File.expand_path('../cookbooks', __FILE__)
+  end
+end

data/server_maint.gemspec

@@ -0,0 +1,33 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'server_maint/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "server_maint"
+  gem.version       = ServerMaint::VERSION
+  gem.authors       = ["Fritz-Rainer Doebbelin"]
+  gem.email         = ["frd@doebbelin.net"]
+  gem.description   = %q{Server maintenance with chef-solo}
+  gem.summary       = %q{Host usefull chef cookbooks for server maintenance}
+  gem.homepage      = "http://github.com/fdoebbelin/server_maint"
+
+  gem.add_development_dependency "rake"  
+  gem.add_dependency "chef"
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+  
+  `git submodule --quiet foreach pwd`.split($\).each do |submodule_expand_path|
+    submodule_path = submodule_expand_path.gsub("#{File.expand_path('../',__FILE__)}/", '')
+    Dir.chdir(submodule_path) do
+      submodule_files = `git ls-files`.split($\)
+      submodule_file_paths = submodule_files.map do |filename|
+        "#{submodule_path}/#{filename}"
+      end
+      gem.files += submodule_file_paths
+    end
+  end
+end

metadata

@@ -0,0 +1,155 @@
+--- !ruby/object:Gem::Specification
+name: server_maint
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Fritz-Rainer Doebbelin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-10-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: chef
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Server maintenance with chef-solo
+email:
+- frd@doebbelin.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .gitmodules
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/server_maint.rb
+- lib/server_maint/version.rb
+- server_maint.gemspec
+- lib/cookbooks/nginx/.gitignore
+- lib/cookbooks/nginx/CHANGELOG.md
+- lib/cookbooks/nginx/CONTRIBUTING
+- lib/cookbooks/nginx/Gemfile
+- lib/cookbooks/nginx/LICENSE
+- lib/cookbooks/nginx/README.md
+- lib/cookbooks/nginx/attributes/default.rb
+- lib/cookbooks/nginx/attributes/echo.rb
+- lib/cookbooks/nginx/attributes/geoip.rb
+- lib/cookbooks/nginx/attributes/naxsi.rb
+- lib/cookbooks/nginx/attributes/passenger.rb
+- lib/cookbooks/nginx/attributes/source.rb
+- lib/cookbooks/nginx/attributes/upload_progress.rb
+- lib/cookbooks/nginx/definitions/nginx_site.rb
+- lib/cookbooks/nginx/files/default/mime.types
+- lib/cookbooks/nginx/files/default/naxsi_core.rules
+- lib/cookbooks/nginx/files/default/tests/minitest/default_test.rb
+- lib/cookbooks/nginx/files/default/tests/minitest/helpers.rb
+- lib/cookbooks/nginx/files/default/tests/minitest/source_test.rb
+- lib/cookbooks/nginx/metadata.rb
+- lib/cookbooks/nginx/recipes/authorized_ips.rb
+- lib/cookbooks/nginx/recipes/commons.rb
+- lib/cookbooks/nginx/recipes/commons_conf.rb
+- lib/cookbooks/nginx/recipes/commons_dir.rb
+- lib/cookbooks/nginx/recipes/commons_script.rb
+- lib/cookbooks/nginx/recipes/default.rb
+- lib/cookbooks/nginx/recipes/http_echo_module.rb
+- lib/cookbooks/nginx/recipes/http_geoip_module.rb
+- lib/cookbooks/nginx/recipes/http_gzip_static_module.rb
+- lib/cookbooks/nginx/recipes/http_realip_module.rb
+- lib/cookbooks/nginx/recipes/http_ssl_module.rb
+- lib/cookbooks/nginx/recipes/http_stub_status_module.rb
+- lib/cookbooks/nginx/recipes/naxsi_module.rb
+- lib/cookbooks/nginx/recipes/ohai_plugin.rb
+- lib/cookbooks/nginx/recipes/passenger.rb
+- lib/cookbooks/nginx/recipes/source.rb
+- lib/cookbooks/nginx/recipes/upload_progress_module.rb
+- lib/cookbooks/nginx/templates/debian/nginx.init.erb
+- lib/cookbooks/nginx/templates/default/default-site.erb
+- lib/cookbooks/nginx/templates/default/modules/authorized_ip.erb
+- lib/cookbooks/nginx/templates/default/modules/http_geoip.conf.erb
+- lib/cookbooks/nginx/templates/default/modules/http_realip.conf.erb
+- lib/cookbooks/nginx/templates/default/modules/nginx_status.erb
+- lib/cookbooks/nginx/templates/default/modules/passenger.conf.erb
+- lib/cookbooks/nginx/templates/default/nginx.conf.erb
+- lib/cookbooks/nginx/templates/default/nginx.init.erb
+- lib/cookbooks/nginx/templates/default/nginx.pill.erb
+- lib/cookbooks/nginx/templates/default/nginx.sysconfig.erb
+- lib/cookbooks/nginx/templates/default/nxdissite.erb
+- lib/cookbooks/nginx/templates/default/nxensite.erb
+- lib/cookbooks/nginx/templates/default/plugins/nginx.rb.erb
+- lib/cookbooks/nginx/templates/default/sv-nginx-log-run.erb
+- lib/cookbooks/nginx/templates/default/sv-nginx-run.erb
+- lib/cookbooks/nginx/templates/ubuntu/nginx.init.erb
+- lib/cookbooks/nginx/test/kitchen/Kitchenfile
+- lib/cookbooks/sanitize/.gitignore
+- lib/cookbooks/sanitize/CHANGELOG.md
+- lib/cookbooks/sanitize/README.md
+- lib/cookbooks/sanitize/attributes/default.rb
+- lib/cookbooks/sanitize/libraries/default.rb
+- lib/cookbooks/sanitize/metadata.rb
+- lib/cookbooks/sanitize/recipes/default.rb
+- lib/cookbooks/sanitize/templates/default/port_ssh.erb
+homepage: http://github.com/fdoebbelin/server_maint
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 3315387883945095376
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 3315387883945095376
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: Host usefull chef cookbooks for server maintenance
+test_files: []