Merge bc981c6 into bf4464a

dev-sec · Jan 6, 2015 · 0671fc3 · 0671fc3
2 parents bf4464a + bc981c6
commit 0671fc3
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 3 deletions.
diff --git a/.kitchen.yml b/.kitchen.yml
@@ -24,11 +24,11 @@ platforms:
 - name: oracle-6.4
   driver_config:
     box: oracle-6.4
-    box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel64-64.box
+    box_url: https://vagrantcloud.com/box-cutter/boxes/oel64/versions/1.0.8/providers/virtualbox.box
 - name: oracle-6.5
   driver_config:
     box: oracle-6.5
-    box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel65-64.box
+    box_url: https://vagrantcloud.com/box-cutter/boxes/oel65/versions/1.0.8/providers/virtualbox.box
 - name: debian-6
   driver_config:
     box: debian-6
@@ -37,7 +37,38 @@ platforms:
   driver_config:
     box: debian-7
     box_url: https://s3.eu-central-1.amazonaws.com/ffuenf-vagrantboxes/debian/debian-7.7.0-amd64_virtualbox.box
+
 suites:
 - name: default
   run_list:
-  - role[postgresql]
+    - recipe[chef-solo-search]
+    - recipe[apt]
+    - recipe[postgresql::server]
+    - recipe[postgres-hardening]
+  excludes: ["centos-6.4", "centos-6.5", "oracle-6.4", "oracle-6.5"]
+  attributes: {
+    postgresql: {
+      enable_pgdg_apt: true,
+      version: "9.3",
+      password: {
+        postgres: "iloverandompasswordsbutthiswilldo"
+      }
+    }
+  }
+- name: default-rhel
+  run_list:
+    - recipe[chef-solo-search]
+    - recipe[apt]
+    - recipe[postgresql::server]
+    - recipe[postgres-hardening]
+  excludes: ["debian-6", "debian-7", "ubuntu-12.04", "ubuntu-14.04"]
+  attributes: {
+    postgresql: {
+      enable_pgdg_yum: true,
+      version: "9.3",
+      password: {
+        postgres: "iloverandompasswordsbutthiswilldo"
+      }
+    }
+  }
+
diff --git a/README.md b/README.md
@@ -26,6 +26,28 @@ add the following to your runlist and customize security option attributes
   "recipe[postgres-hardening]"
 ```
 
+You should also use the official postgres packages, because those offer the latest fixes. Enable the suitable option for the [postgres cookbook](https://github.com/hw-cookbooks/postgresql).
+
+```bash
+"postgresql": {
+
+   # debian, ubuntu
+   "enable_pgdg_apt": true
+
+   # rhel
+   "enable_pgdg_yum": true
+
+}
+```
+
+The hardening cookbook is only optimized for Postgresql 9.3. This can be activated for [postgres cookbook](https://github.com/hw-cookbooks/postgresql).
+
+```bash
+"postgresql": {
+   version: "9.3"
+}
+```
+
 ### Enable SSL
 
 Please read http://www.postgresql.org/docs/9.1/static/ssl-tcp.html first.