Browse files

hosts_allow cookbook added

  • Loading branch information...
1 parent 7c932e6 commit 40ea81105ec9998c17be479effc6676f4c28b67c @mdxp committed Sep 4, 2010
View
8 hosts_allow/README.rdoc
@@ -0,0 +1,8 @@
+= DESCRIPTION:
+
+= REQUIREMENTS:
+
+= ATTRIBUTES:
+
+= USAGE:
+
View
29 hosts_allow/metadata.json
@@ -0,0 +1,29 @@
+{
+ "recipes": {
+ },
+ "replacing": {
+ },
+ "attributes": {
+ },
+ "maintainer_email": "marius@promethost.com",
+ "groupings": {
+ },
+ "dependencies": {
+ },
+ "recommendations": {
+ },
+ "long_description": "= DESCRIPTION:\n\n= REQUIREMENTS:\n\n= ATTRIBUTES: \n\n= USAGE:\n\n",
+ "suggestions": {
+ },
+ "platforms": {
+ },
+ "license": "Apache 2.0",
+ "version": "0.1.0",
+ "conflicting": {
+ },
+ "name": "hosts_allow",
+ "providing": {
+ },
+ "description": "Configures /etc/hosts.allow & /etc/hosts.deny",
+ "maintainer": "Promet Solutions"
+ }
View
7 hosts_allow/metadata.rb
@@ -0,0 +1,7 @@
+maintainer "Promet Solutions"
+maintainer_email "marius@promethost.com"
+license "Apache 2.0"
+description "Configures /etc/hosts.allow & /etc/hosts.deny"
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
+version "0.1"
+
View
45 hosts_allow/recipes/default.rb
@@ -0,0 +1,45 @@
+#
+# Author:: Marius Ducea (marius@promethost.com)
+# Cookbook Name:: hosts_allow
+# Recipe:: default
+#
+# Copyright 2010, Promet Solutions
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+template "/etc/hosts.allow" do
+ source "hosts.allow.erb"
+ owner "root"
+ group "root"
+ mode 0644
+end
+
+services = Array.new
+if node[:hosts_allow]
+ node[:hosts_allow].each_key do |key|
+ node[:hosts_allow]["#{key}"].each do |service,ips|
+ services << service
+ end
+ end
+end
+
+template "/etc/hosts.deny" do
+ source "hosts.deny.erb"
+ owner "root"
+ group "root"
+ mode 0644
+ variables(
+ :services => services.uniq
+ )
+end
View
22 hosts_allow/templates/default/hosts.allow.erb
@@ -0,0 +1,22 @@
+# /etc/hosts.allow: list of hosts that are allowed to access the system.
+# See the manual pages hosts_access(5) and hosts_options(5).
+#
+# Example: ALL: LOCAL @some_netgroup
+# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
+#
+# If you're going to protect the portmapper use the name "portmap" for the
+# daemon name. Remember that you can only use the keyword "ALL" and IP
+# addresses (NOT host or domain names) for the portmapper, as well as for
+# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
+# for further information.
+#
+
+<% if node[:hosts_allow] %>
+<% node[:hosts_allow].each_key do |key| %>
+## <%= key %>
+<% node[:hosts_allow]["#{key}"].each do |service, ips| %>
+<%= service %>: <%= ips %>
+<% end %>
+
+<% end %>
+<% end %>
View
25 hosts_allow/templates/default/hosts.deny.erb
@@ -0,0 +1,25 @@
+# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
+# See the manual pages hosts_access(5) and hosts_options(5).
+#
+# Example: ALL: some.host.name, .some.domain
+# ALL EXCEPT in.fingerd: other.host.name, .other.domain
+#
+# If you're going to protect the portmapper use the name "portmap" for the
+# daemon name. Remember that you can only use the keyword "ALL" and IP
+# addresses (NOT host or domain names) for the portmapper, as well as for
+# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
+# for further information.
+#
+# The PARANOID wildcard matches any host whose name does not match its
+# address.
+
+# You may wish to enable this to ensure any programs that don't
+# validate looked up hostnames still leave understandable logs. In past
+# versions of Debian this has been the default.
+# ALL: PARANOID
+
+<% if node[:hosts_allow] %>
+<% @services.each do |service| %>
+<%= service %>: ALL
+<% end %>
+<% end %>

0 comments on commit 40ea811

Please sign in to comment.