Alpha 2

aide/README

@@ -0,0 +1,4 @@
+# Lab42 Puppet Infrastructure #
+# PROVIDED 'AS IS'
+
+

aide/files/aide.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+if [ -f /var/lib/aide/aide.db.gz ]; then 
+	/usr/sbin/aide --check
+else
+	/usr/sbin/aide --init
+	cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
+
+	TMPAIDE="/tmp/aide"
+	date > $TMPAIDE
+	hostname >> $TMPAIDE
+	md5sum /etc/aide.conf >> $TMPAIDE
+	md5sum /var/lib/aide/aide.db.new.gz >> $TMPAIDE
+	md5sum /usr/sbin/aide >> $TMPAIDE
+
+	if [ -x /usr/sbin/ssmtp ]; then
+		cat $TMPAIDE | ssmtp  root
+	else 
+		cat $TMPAIDE | mail -s "AIDE MD5SUMS: `hostname` " root
+	fi
+
+	rm -f $TMPAIDE
+fi

aide/manifests/init.pp

@@ -0,0 +1,32 @@
+class aide {
+
+	package { aide:
+		name   => $operatingsystem ? {
+			default	=> "aide",
+			},
+		ensure => present,
+	}
+
+	file {	
+             	"aide.conf":
+			mode => 600, owner => root, group => root,
+			require => Package["aide"],
+			ensure => present,
+			path => $operatingsystem ?{
+                        	default => "/etc/aide.conf",
+                        },
+	}
+
+	file {	
+             	"aide.sh":
+			mode => 750, owner => root, group => root,
+			require => File["aide.conf"],
+			ensure => present,
+			path => $operatingsystem ?{
+                        	default => "/etc/cron.daily/aide",
+                        },
+			source => "puppet://$server/aide/aide.sh",
+	}
+
+}
+

apache/README

@@ -0,0 +1,4 @@
+# Lab42 Puppet Infrastructure #
+# PROVIDED 'AS IS'
+
+

apache/manifests/init.pp

@@ -0,0 +1,83 @@
+class apache {
+
+	package { apache:
+		name   => $operatingsystem ? {
+			debian	=> "apache2",
+			default	=> "httpd",
+			},
+		ensure => present,
+	}
+
+	service { apache:
+		name => $operatingsystem ? {
+                        debian  => "apache2",
+                        default => "httpd",
+                        },
+		ensure => running,
+		enable => true,
+		pattern => $operatingsystem ? {
+                        debian  => "/usr/sbin/apache2",
+                        default => "/usr/sbin/httpd",
+                        },
+		hasrestart => true,
+		hasstatus => true,
+		require => Package["apache"],
+                subscribe => File["httpd.conf"],
+	}
+
+	file {	
+             	"httpd.conf":
+			mode => 644, owner => root, group => root,
+			require => Package[apache],
+			ensure => present,
+			path => $operatingsystem ?{
+                        	default => "/etc/httpd/conf/httpd.conf",
+                        },
+	}
+}
+
+class apache::modsecurity inherits apache {
+
+	package { mod_security:
+		name   => $operatingsystem ? {
+			default	=> "mod_security",
+			},
+		ensure => present,
+	}
+}
+
+class apache::php  {
+        package { php:
+                name => $operatingsystem ? {
+                        default => "php",
+                        },
+                ensure => present,
+        }
+
+        package { php-common:
+                name => $operatingsystem ? {
+                        default => "php-common",
+                        },
+                ensure => present,
+        }
+}
+
+define php::module {
+        package { "php-${name}":
+                name => $operatingsystem ? {
+                        default => "php-${name}",
+                        },
+                ensure => present,
+        }
+}
+
+
+define php::pear {
+        package { "php-pear-${name}":
+                name => $operatingsystem ? {
+                        default => "php-pear-${name}",
+                        },
+                ensure => present,
+        }
+}
+

apache/manifests/managed.pp

@@ -0,0 +1,48 @@
+# Subclass for a managed application
+
+$apache_processname = $operatingsystem ?{
+  	             default => "httpd",
+               },
+
+$apache_port = "80"
+
+
+class apache::managed inherits apache {
+
+	backup {
+		"wwwdata": 
+		frequency => daily,
+		path	=> $operatingsystem ?{
+                                default => "/var/www/html",
+                        },		
+		enabled	=> "yes",
+	}
+
+	monitor {
+		"Port_$apache_port":
+		type	=> "port",
+		proto	=> "tcp",
+		port 	=> $apache_port,
+		address => "localhost",
+		enabled	=> "yes",
+	}
+
+	monitor {
+		"Service_$apache_processname":
+		type	=> "process",
+		name	=> $apache_processname,
+		enabled	=> "yes",
+	}
+
+	audit {
+		"Service_$apache_processname":
+		type	=> "process",
+		name	=> $apache_processname,
+	}
+
+	docs {
+		"Apache_Documentation":
+		url => "http://httpd.apache.org",
+	}
+
+}

audit/README

@@ -0,0 +1,4 @@
+# Lab42 Puppet Infrastructure #
+# PROVIDED 'AS IS'
+
+

audit/manifests/init.pp

@@ -0,0 +1,20 @@
+class audit {
+
+	service {
+		"auditd":
+		enable    => "true",
+		ensure    => "running",
+                name => $operatingsystem ? {
+                        default => "auditd",
+                        },
+	}
+
+        package {
+                "audit":
+                ensure => present,
+                name => $operatingsystem ? {
+                        default => "audit",
+                        },
+        }
+
+}

backup/manifests/init.pp

@@ -0,0 +1,53 @@
+define backup (
+	$path='',
+	$frequency='')
+{
+
+case $backup {
+	no: { } ,
+	yes: {
+
+	include synbak 
+
+
+
+
+
+
+	}
+	default: { },
+	}
+}
+
+class backup::server {
+
+	# Temporary default backup method
+	$backup_method = "synbak" ;
+
+	case $backup_method {
+		synbak: { include backup::server::synbak } ,
+		rsync:  { include backup::server::rsync } ,
+		backuppc:  { include backup::server::backuppc } ,
+	}
+
+	Backup_hosts <<||>>
+	Backup_dirs <<||>>
+
+}
+
+class backup::server::synbak {
+
+	include synbak
+
+        file {
+                "/etc/backup_synbak.conf":
+                        owner   => "root",
+                        group   => "root",
+                        mode    => "644",
+                        source  => "puppet://$server/project_coresis/synbak/backup_synbak.conf-$hostname",
+        }
+
+
+
+	synbak
+}

bind/README

@@ -0,0 +1,4 @@
+# Lab42 Puppet Infrastructure #
+# PROVIDED 'AS IS'
+
+

bind/files/localdomain.zone

@@ -0,0 +1,10 @@
+$TTL	86400
+@		IN SOA	localhost root (
+					42		; serial (d. adams)
+					3H		; refresh
+					15M		; retry
+					1W		; expiry
+					1D )		; minimum
+	        IN NS		localhost
+localhost	IN A		127.0.0.1
+

bind/files/localhost.zone

@@ -0,0 +1,12 @@
+$TTL	86400
+@		IN SOA	@       root (
+					42		; serial (d. adams)
+					3H		; refresh
+					15M		; retry
+					1W		; expiry
+					1D )		; minimum
+
+	        IN NS		@
+	 	IN A		127.0.0.1
+		IN AAAA		::1
+

bind/files/named.ca

@@ -0,0 +1,80 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    Jan 29, 2004
+;       related version of root zone:   2004012900
+;
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+;
+; formerly NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+;
+; formerly C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+;
+; formerly TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
+;
+; formerly NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; formerly NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+;
+; formerly NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; formerly AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
+;
+; formerly NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+;
+; operated by VeriSign, Inc.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+;
+; operated by RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129 
+;
+; operated by ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     198.32.64.12
+;
+; operated by WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+; End of File