Commit bac3fe4b authored by jtimberman's avatar jtimberman
Browse files

chef 0.10 doesn't need metadata.json

parent 7bc0e6cb
{
"name": "ossec",
"description": "Installs/Configures ossec",
"long_description": "Description\n====\n\nInstalls OSSEC from source in a server-agent installation. See:\n\nhttp://www.ossec.net/main/manual/manual-installation/\n\nRequirements\n====\n\nTested on Ubuntu and ArchLinux, but should work on any Unix/Linux platform supported by OSSEC. Installation by default is done from source, so the build-essential cookbook needs to be used (see below).\n\nThis cookbook doesn't configure Windows systems yet. For information on installing OSSEC on Windows, see the [free chapter](http://www.ossec.net/ossec-docs/OSSEC-book-ch2.pdf)\n\nCookbooks\n----\n\nbuild-essential is required for the default installation because it compiles from source. The cookbook may require modification to support other platforms' build tools - modify it accordingly before using.\n\nAttributes\n====\n\nDefault values are based on the defaults from OSSEC's own install.sh installation script.\n\n* `node['ossec']['server_role']` - When using server/agent setup, this role is used to search for the OSSEC server, default `ossec_server`.\n* `node['ossec']['checksum']` - SHA256 checksum of the source. Verified with SHA1 sum from OSSEC site.\n* `node['ossec']['version']` - Version of OSSEC to download/install. Used in URL.\n* `node['ossec']['url']` - URL to download the source.\n* `node['ossec']['logs']` - Array of log files to analyze. Default is an empty array. These are in addition to the default logs in the ossec.conf.erb template.\n* `node['ossec']['syscheck_freq']` - Frequency that syscheck is executed, default 22 hours (79200 seconds)\n* `node['ossec']['server']['maxagents']` - Maximum number of agents, default setting is 256, but will be set to 1024 in the ossec::server recipe if used. Add as an override attribute in the `ossec_server` role if more nodes are required.\n\nThe `user` attributes are used to populate the config file (ossec.conf) and preload values for the installation script.\n\n* `node['ossec']['user']['language']` - Language to use for installation, default en.\n* `node['ossec']['user']['install_type']` - What kind of installation to perform, default is local. Using the client or server recipe will set this to `agent` or `server`, respectively.\n* `node['ossec']['user']['dir']` - Installation directory for OSSEC, default `/var/ossec`.\n* `node['ossec']['user']['delete_dir']` - Whether to delete the existing OSSEC installation directory, default true.\n* `node['ossec']['user']['active_response']` - Whether to enable active response feature of OSSEC, default true. It is safe and recommended to leave this enabled.\n* `node['ossec']['user']['syscheck']` - Whether to enable the integrity checking process, syscheck. Default true. It is safe and recommended to leave this enabled.\n* `node['ossec']['user']['rootcheck']` - Whether to enable the rootkit checking process, rootcheck. Default true. It is safe and recommended to leave this enabled.\n* `node['ossec']['user']['update']` - Whether an update installation should be done, default false.\n* `node['ossec']['user']['update_rules']` - Whether to update rules files, default true.\n* `node['ossec']['user']['binary_install']` - If true, use the binaries in the bin directory rather than compiling. Default false. The cookbook doesn't yet support binary installations.\n* `node['ossec']['user']['agent_server_ip']` - The IP of the OSSEC server. The client recipe will attempt to determine this value via search. Default is nil, only required for agent installations.\n* `node['ossec']['user']['enable_email']` - Enable or disable email alerting. Default is true.\n* `node['ossec']['user']['email']` - Destination email address for OSSEC alerts. Default is `ossec@example.com` and should be changed via a role attribute.\n* `node['ossec']['user']['smtp']` - Sets the SMTP relay to send email out. Default is 127.0.0.1, which assumes that a local MTA is set up (e.g., postfix).\n* `node['ossec']['user']['remote_syslog']` - Whether to enable the remote syslog server on the OSSEC server. Default false, not relevant for non-server.\n* `node['ossec']['user']['firewall_response']` - Enable or disable the firewall response which sets up firewall rules for blocking. Default is true.\n* `node['ossec']['user']['pf']` - Enable PF firewall on BSD, default is false.\n* `node['ossec']['user']['pf_table']` - The PF table to use on BSD. Default is false, set this to the desired table if enabling `pf`.\n* `node['ossec']['user']['white_list']` - Array of additional IP addresses to white list. Default is empty.\n\nRecipes\n====\n\ndefault\n----\n\nThe default recipe downloads and installs the OSSEC source and makes sure the configuration file is in place and the service is started. Use only this recipe if setting up local-only installation. The server and client recipes (below) will set their installation type and include this recipe.\n\nagent\n----\n\nOSSEC uses the term `agent` instead of client. The agent recipe includes the `ossec::client` recipe.\n\nclient\n----\n\nConfigures the system as an OSSEC agent to the OSSEC server. This recipe will search for the server based on `node['ossec']['server_role']`. It will also set the `install_type` and `agent_server_ip` attributes. The ossecd user will be created with the SSH key so the server can distribute the agent key.\n\nserver\n----\n\nSets up a system to be an OSSEC server. This recipe will set the `node['ossec']['server']['maxagents']` value to 1024 if it is not set on the node (e.g., via a role). It will search for all nodes that have an `ossec` attribute and add them as an agent.\n\nTo manage additional agents on the server that don't run chef, or for agentless OSSEC configuration (for example, routers), add a new node for them and create the `node['ossec']['agentless']` attribute as true. For example if we have a router named gw01.example.com with the IP `192.168.100.1`:\n\n % knife node create gw01.example.com\n {\n \"name\": \"gw01.example.com\",\n \"json_class\": \"Chef::Node\",\n \"automatic\": {\n },\n \"normal\": {\n \"hostname\": \"gw01\",\n \"fqdn\": \"gw01.example.com\",\n \"ipaddress\": \"192.168.100.1\",\n \"ossec\": {\n \"agentless\": true\n }\n },\n \"chef_type\": \"node\",\n \"default\": {\n },\n \"override\": {\n },\n \"run_list\": [\n ]\n }\n\nEnable agentless monitoring in OSSEC and register the hosts on the server. Automated configuration of agentless nodes is not yet supported by this cookbook. For more information on the commands and configuration directives required in `ossec.conf`, see the [OSSEC Documentation](http://www.ossec.net/doc/manual/agent/agentless-monitoring.html)\n\nUsage\n====\n\nThe cookbook can be used to install OSSEC in one of the three types:\n\n* local - use the ossec::default recipe.\n* server - use the ossec::server recipe.\n* agent - use the ossec::client recipe\n\nFor local-only installations, add just `recipe[ossec]` to the node run list, or put it in a role (like a base role).\n\nServer/Agent\n----\n\nThis section describes how to use the cookbook for server/agent configurations.\n\nThe server will use SSH to distribute the OSSEC agent keys. Create a data bag `ossec`, with an item `ssh`. It should have the following structure:\n\n {\n \"id\": \"ssh\",\n \"pubkey\": \"\",\n \"privkey\": \"\"\n }\n\nGenerate an ssh keypair and get the privkey and pubkey values. The output of the two ruby commands should be used as the privkey and pubkey values respectively in the data bag.\n\n ssh-keygen -t rsa -f /tmp/id_rsa\n ruby -e 'puts IO.read(\"/tmp/id_rsa\")'\n ruby -e 'puts IO.read(\"/tmp/id_rsa.pub\")'\n\nFor the OSSEC server, create a role, `ossec_server`. Add attributes per above as needed to customize the installation.\n\n % cat roles/ossec_server.rb\n name \"ossec_server\"\n description \"OSSEC Server\"\n run_list(\"recipe[ossec::server]\")\n override_attributes(\n \"ossec\" => {\n \"user\" => {\n \"email\" => \"ossec@yourdomain.com\",\n \"smtp\" => \"smtp.yourdomain.com\"\n }\n }\n )\n\nFor OSSEC agents, create a role, `ossec_client`.\n\n % cat roles/ossec_client.rb\n name \"ossec_client\"\n description \"OSSEC Client Agents\"\n run_list(\"recipe[ossec::client]\")\n override_attributes(\n \"ossec\" => {\n \"user\" => {\n \"email\" => \"ossec@yourdomain.com\",\n \"smtp\" => \"smtp.yourdomain.com\"\n }\n }\n )\n\nCustomization\n----\n\nThe main configuration file is maintained by Chef as a template, `ossec.conf.erb`. It should just work on most installations, but can be customized for the local environment. Notably, the rules, ignores and commands may be modified.\n\nFurther reading:\n\n* [OSSEC Documentation](http://www.ossec.net/doc/index.html)\n* [OSSEC Wiki](http://www.ossec.net/wiki/OSSEC)\n\nLicense and Author\n====\n\nCopyright 2010, Opscode, Inc (<legal@opscode.com>)\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n",
"maintainer": "Opscode, Inc.",
"maintainer_email": "cookbooks@opscode.com",
"license": "Apache 2.0",
"platforms": {
"debian": [
],
"ubuntu": [
],
"arch": [
],
"redhat": [
],
"centos": [
],
"fedora": [
]
},
"dependencies": {
"build-essential": [
]
},
"recommendations": {
},
"suggestions": {
},
"conflicting": {
},
"providing": {
},
"replacing": {
},
"attributes": {
},
"groupings": {
},
"recipes": {
},
"version": "1.0.1"
}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment