Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 60 lines (52 sloc) 1.884 kB
1ecb504 @benhoskings Added 'system' dep, depending on 'secured ssh'.
benhoskings authored
1 def ssh_conf_path file
543d8dc @benhoskings Split 'lax host key checking' out into separate dep.
benhoskings authored
2 "/etc#{'/ssh' if linux?}/#{file}_config"
1ecb504 @benhoskings Added 'system' dep, depending on 'secured ssh'.
benhoskings authored
3 end
4
83ffd11 @benhoskings Changed 'hostname' dep to only apply to Linux (it doesn't work on OS …
benhoskings authored
5 dep 'hostname', :for => :linux do
222d958 @benhoskings Added 'hostname' dep.
benhoskings authored
6 met? {
83ffd11 @benhoskings Changed 'hostname' dep to only apply to Linux (it doesn't work on OS …
benhoskings authored
7 stored_hostname = read_file('/etc/hostname')
b3ddcb2 @benhoskings Refactored hostname code from 'hostname' dep out into #hostname helper.
benhoskings authored
8 !stored_hostname.blank? && hostname == stored_hostname
222d958 @benhoskings Added 'hostname' dep.
benhoskings authored
9 }
10 meet {
ec3a9d2 @benhoskings Fixed var reference in hostname / meet.
benhoskings authored
11 sudo "echo #{var :hostname, :default => shell('hostname')} > /etc/hostname"
83ffd11 @benhoskings Changed 'hostname' dep to only apply to Linux (it doesn't work on OS …
benhoskings authored
12 sudo "sed -ri 's/^127.0.0.1.*$/127.0.0.1 #{hostname} localhost.localdomain localhost/' /etc/hosts"
13 sudo "/etc/init.d/hostname.sh"
222d958 @benhoskings Added 'hostname' dep.
benhoskings authored
14 }
15 end
16
543d8dc @benhoskings Split 'lax host key checking' out into separate dep.
benhoskings authored
17 dep 'secured ssh logins' do
b0aaf18 @benhoskings Added 'sshd' package as a dep of 'secured ssh logins'.
benhoskings authored
18 requires 'sshd', 'sed'
49d61b1 @benhoskings Added logging to 'secured ssh logins' / met?.
benhoskings authored
19 met? {
39d45c0 @benhoskings Fixed 'secured ssh logins' task to not need enter,enter,enter,enter,e…
benhoskings authored
20 auth_methods = failable_shell('ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no nonexistentuser@localhost').stderr.scan(/\((.*)\)/).first.first.split(/[^a-z]+/)
21 returning auth_methods == %w[publickey] do |result|
22 log_verbose "sshd #{'only ' if result}accepts #{auth_methods.to_list} logins.", :as => (result ? :ok : :error)
49d61b1 @benhoskings Added logging to 'secured ssh logins' / met?.
benhoskings authored
23 end
24 }
1ecb504 @benhoskings Added 'system' dep, depending on 'secured ssh'.
benhoskings authored
25 meet {
26 change_with_sed 'PasswordAuthentication', 'yes', 'no', ssh_conf_path(:sshd)
27 change_with_sed 'ChallengeResponseAuthentication', 'yes', 'no', ssh_conf_path(:sshd)
28 }
9688e09 @benhoskings Restart sshd after changing the config in 'secured ssh logins'.
benhoskings authored
29 after { sudo "/etc/init.d/ssh restart" }
1ecb504 @benhoskings Added 'system' dep, depending on 'secured ssh'.
benhoskings authored
30 end
543d8dc @benhoskings Split 'lax host key checking' out into separate dep.
benhoskings authored
31
32 dep 'lax host key checking' do
33 requires 'sed'
ef95614 @benhoskings Fixed regex in 'lax host key checking' / met?.
benhoskings authored
34 met? { grep /^StrictHostKeyChecking[ \t]+no/, ssh_conf_path(:ssh) }
51f47e6 @benhoskings Added admin group sudoing checks, using #grep where appropriate.
benhoskings authored
35 meet { change_with_sed 'StrictHostKeyChecking', 'yes', 'no', ssh_conf_path(:ssh) }
36 end
37
38 dep 'admins can sudo' do
39 requires 'admin group'
40 met? { grep /^%admin/, '/etc/sudoers' }
41 meet { append_to_file '%admin ALL=(ALL) ALL', '/etc/sudoers' }
42 end
43
44 dep 'admin group' do
45 met? { grep /^admin\:/, '/etc/group' }
46 meet { shell "groupadd admin" }
543d8dc @benhoskings Split 'lax host key checking' out into separate dep.
benhoskings authored
47 end
2be59b6 @benhoskings Split 'compiler toolchain' dep into system-specific deps below 'build…
benhoskings authored
48
49 dep 'build tools' do
3d15719 @benhoskings Converted deps to use the new LambdaList format.
benhoskings authored
50 requires {
51 osx 'xcode tools'
52 linux ['build-essential', 'autoconf']
53 }
2be59b6 @benhoskings Split 'compiler toolchain' dep into system-specific deps below 'build…
benhoskings authored
54 end
d24a0c0 @benhoskings Added 'tmp cleaning grace period' for linux machines.
benhoskings authored
55
56 dep 'tmp cleaning grace period', :for => :linux do
57 met? { !grep(/^[^#]*TMPTIME=0/, "/etc/default/rcS") }
58 meet { change_line "TMPTIME=0", "TMPTIME=30", "/etc/default/rcS" }
59 end
Something went wrong with that request. Please try again.