Commit dd8d0b4b authored by Tim Smith's avatar Tim Smith
Browse files

Merge pull request #52 from tas50/master

General updates and cleanup
parents 865df1e0 02ae9a68
*.rbc
.config
coverage
InstalledFiles
lib/bundler/man
pkg
rdoc
spec/reports
test/tmp
test/version_tmp
tmp
_Store
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
*.tmp
*.bk
*.bkup
# ruby/bundler files
.ruby-version
.ruby-gemset
.rvmrc
Gemfile.lock
.bundle
.cache
*.gem
# YARD artifacts
.yardoc
_yardoc
doc/
.idea
#chef stuff
Berksfile.lock
.kitchen
bin
.kitchen/
.kitchen.local.yml
Berksfile.lock
vendor/
.coverage/
.zero-knife.rb
#vagrant stuff
.vagrant/
.vagrant.d/
.kitchen/
settings:
parallel: true
driver:
name: docker
# privileged is required otherwise the container doesn't boot right
privileged: true
platforms:
- name: centos-6
driver:
image: centos:6
platform: rhel
run_command: /sbin/init
provision_command:
- /usr/bin/yum install -y initscripts net-tools wget
- name: centos-7
driver:
image: centos:7
platform: rhel
run_command: /usr/lib/systemd/systemd
provision_command:
- /bin/yum install -y initscripts net-tools wget
- name: ubuntu-12.04
driver:
image: ubuntu-upstart:12.04
platform: ubuntu
disable_upstart: false
run_command: /sbin/init
provision_command:
- /usr/bin/apt-get update
- /usr/bin/apt-get install apt-transport-https net-tools -y
- name: ubuntu-14.04
driver:
image: ubuntu-upstart:14.04
platform: ubuntu
disable_upstart: false
run_command: /sbin/init
provision_command:
- /usr/bin/apt-get update
- /usr/bin/apt-get install apt-transport-https net-tools -y
suites:
- name: default
run_list: ["recipe[ossec]"]
attributes: {}
- name: wui
driver_config:
network:
- ["private_network", {ip: "192.168.33.33"}]
run_list:
- "recipe[ossec::server]"
- "recipe[ossec::wui]"
attributes:
dev_mode: true
data_bags_path: 'test/integration/default/data_bags'
---
driver_plugin: vagrant
driver_config:
require_chef_omnibus: true
driver:
name: vagrant
platforms:
- name: ubuntu-12.04
driver_config:
box: opscode-ubuntu-12.04
box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/opscode_ubuntu-12.04_provisionerless.box
- name: ubuntu-10.04
driver_config:
box: opscode-ubuntu-10.04
box_url: http://opscode-vm-bento.s3.amazonaws.com/vagrant/opscode_ubuntu-10.04_provisionerless.box
provisioner:
name: chef_zero
- name: centos-6.4
driver_config:
box: opscode-centos-6.4
box_url: http://opscode-vm-bento.s3.amazonaws.com/vagrant/opscode_centos-6.4_provisionerless.box
- name: centos-5.9
driver_config:
box: opscode-centos-5.9
box_url: http://opscode-vm-bento.s3.amazonaws.com/vagrant/opscode_centos-5.9_provisionerless.box
platforms:
- name: centos-5.11
- name: centos-6.7
- name: centos-7.1
- name: debian-7.8
run_list: apt::default
- name: debian-8.1
run_list: apt::default
- name: ubuntu-12.04
run_list: apt::default
- name: ubuntu-14.04
run_list: apt::default
suites:
- name: default
run_list: ["recipe[ossec]"]
attributes: {}
- name: wui
provisioner:
name: chef_zero
driver_config:
network:
- ["private_network", {ip: "192.168.33.33"}]
......
AllCops:
Exclude:
- vendor/**/*
- Guardfile
AlignParameters:
Enabled: false
ClassLength:
Enabled: false
CyclomaticComplexity:
Enabled: false
Documentation:
Enabled: false
Encoding:
Enabled: false
Style/FileName:
Enabled: false
LineLength:
Enabled: false
MethodLength:
Enabled: false
Metrics/AbcSize:
Enabled: false
PerceivedComplexity:
Enabled: false
SingleSpaceBeforeFirstArg:
Enabled: false
Style/ClassAndModuleChildren:
Enabled: false
Style/FileName:
Enabled: false
sudo: required
# install the pre-release chef-dk. Use chef-stable-precise to install the stable release
addons:
apt:
sources:
- chef-current-precise
packages:
- chefdk
services: docker
env:
matrix:
- INSTANCE=default-ubuntu-1204
- INSTANCE=default-ubuntu-1404
- INSTANCE=default-centos-6
- INSTANCE=default-centos-7
# Don't `bundle install`
install: echo "skip bundle install"
# Ensure we make ChefDK's Ruby the default
before_script:
# https://github.com/zuazo/kitchen-in-travis-native/issues/1#issuecomment-142230889
- sudo iptables -L DOCKER || ( echo "DOCKER iptables chain missing" ; sudo iptables -N DOCKER )
- eval "$(/opt/chefdk/bin/chef shell-init bash)"
- /opt/chefdk/embedded/bin/chef gem install kitchen-docker
script:
- /opt/chefdk/embedded/bin/chef --version
- /opt/chefdk/embedded/bin/rubocop --version
- /opt/chefdk/embedded/bin/rubocop
- /opt/chefdk/embedded/bin/foodcritic --version
- /opt/chefdk/embedded/bin/foodcritic . --exclude spec
- /opt/chefdk/embedded/bin/rspec
- KITCHEN_LOCAL_YAML=.kitchen.docker.yml /opt/chefdk/embedded/bin/kitchen verify ${INSTANCE}
site :opscode
source 'https://supermarket.chef.io'
metadata
group :integration do
cookbook 'apt'
end
If you would like to contribute, please open a ticket in JIRA:
* http://tickets.opscode.com
Create the ticket in the COOK project and use the cookbook name as the
component.
For all code contributions, we ask that contributors sign a
contributor license agreement (CLA). Instructions may be found here:
* http://wiki.opscode.com/display/chef/How+to+Contribute
When contributing changes to individual cookbooks, please do not
modify the version number in the metadata.rb. Also please do not
update the CHANGELOG.md for a new version. Not all changes to a
cookbook may be merged and released in the same versions. Opscode will
handle the version updates during the release process. You are welcome
to correct typos or otherwise make updates to documentation in the
README.
If a contribution adds new platforms or platform versions, indicate
such in the body of the commit message(s), and update the relevant
COOK ticket. When writing commit messages, it is helpful for others if
you indicate the COOK ticket. For example:
git commit -m '[COOK-1041] Updated pool resource to correctly delete.'
In the ticket itself, it is also helpful if you include log output of
a successful Chef run, but this is not absolutely required.
source 'https://rubygems.org'
group :lint do
gem 'foodcritic', '~> 5.0'
gem 'rubocop', '~> 0.34'
end
group :unit do
gem 'berkshelf', '~> 4.0'
gem 'chefspec', '~> 4.4'
end
group :kitchen_common do
gem 'test-kitchen', '~> 1.4'
end
group :kitchen_vagrant do
gem 'kitchen-vagrant', '~> 0.19'
end
Description
====
ossec cookbook
==============
[![Cookbook Version](https://img.shields.io/cookbook/v/ossec.svg)](https://supermarket.chef.io/cookbooks/ossec)
Installs OSSEC from source in a server-agent installation. See:
http://www.ossec.net/doc/manual/installation/index.html
Requirements
====
------------
#### Platforms
Tested on Ubuntu and ArchLinux, but should work on any Unix/Linux platform supported by OSSEC. Installation by default is done from source, so the build-essential cookbook needs to be used (see below).
This cookbook doesn't configure Windows systems yet. For information on installing OSSEC on Windows, see the [free chapter](http://www.ossec.net/ossec-docs/OSSEC-book-ch2.pdf)
Cookbooks
----
#### Chef
- Chef 11+
#### Cookbooks
- build-essential
- apt
- apache2
build-essential is required for the default installation because it compiles from source. The cookbook may require modification to support other platforms' build tools - modify it accordingly before using.
Attributes
====
----------
Default values are based on the defaults from OSSEC's own install.sh installation script.
......@@ -66,25 +72,21 @@ These attributes are used to setup the OSSEC Web UI.
* `node['ossec']['users_databag_group']` - Defaults to 'sysadmins'
Recipes
====
-------
default
----
###default
The default recipe downloads and installs the OSSEC source and makes sure the configuration file is in place and the service is started. Use only this recipe if setting up local-only installation. The server and client recipes (below) will set their installation type and include this recipe.
agent
----
###agent
OSSEC uses the term `agent` instead of client. The agent recipe includes the `ossec::client` recipe.
client
----
###client
Configures the system as an OSSEC agent to the OSSEC server. This recipe will search for the server based on `node['ossec']['server_role']`. It will also set the `install_type` and `agent_server_ip` attributes. The ossecd user will be created with the SSH key so the server can distribute the agent key.
server
----
###server
Sets up a system to be an OSSEC server. This recipe will set the `node['ossec']['server']['maxagents']` value to 1024 if it is not set on the node (e.g., via a role). It will search for all nodes that have an `ossec` attribute and add them as an agent.
......@@ -115,13 +117,12 @@ To manage additional agents on the server that don't run chef, or for agentless
Enable agentless monitoring in OSSEC and register the hosts on the server. Automated configuration of agentless nodes is not yet supported by this cookbook. For more information on the commands and configuration directives required in `ossec.conf`, see the [OSSEC Documentation](http://www.ossec.net/doc/manual/agent/agentless-monitoring.html)
wui
----
###wui
Installs and configures OSSEC Web UI. Requires users to be setup in a data bag (see __Data Bags__ section below).
Usage
====
-----
The cookbook can be used to install OSSEC in one of the three types:
......@@ -131,8 +132,7 @@ The cookbook can be used to install OSSEC in one of the three types:
For local-only installations, add just `recipe[ossec]` to the node run list, or put it in a role (like a base role).
Server/Agent
----
###Server/Agent
This section describes how to use the cookbook for server/agent configurations.
......@@ -214,10 +214,11 @@ Further reading:
* [OSSEC Documentation](http://www.ossec.net/doc/index.html)
License and Author
====
------------------
Copyright 2010, Opscode, Inc (<legal@opscode.com>)
Copyright 2010-2015, Chef Software, Inc (<legal@chef.io>)
```
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
......@@ -229,3 +230,4 @@ distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
```
This cookbook includes support for running tests via Test Kitchen (1.0). This has some requirements.
This cookbook includes support for running tests via Test Kitchen. This has some requirements.
1. You must be using the Git repository, rather than the downloaded cookbook from the Chef Community Site.
2. You must have Vagrant 1.1 installed.
3. You must have a "sane" Ruby 1.9.3 environment.
1. You must be using the Git repository, rather than the downloaded cookbook from the Supermarket Site.
2. You must have Vagrant installed.
3. You must have a "sane" Ruby 1.9.3+ environment.
Once the above requirements are met, install the additional requirements:
Install the berkshelf plugin for vagrant, and berkshelf to your local Ruby environment.
vagrant plugin install vagrant-berkshelf
gem install berkshelf
Install Test Kitchen 1.0.
gem install test-kitchen
Install the Vagrant driver for Test Kitchen.
gem install kitchen-vagrant
Install test kitchen and other testing bems via bundler
bundle install
Once the above are installed, you should be able to run Test Kitchen:
......
......@@ -2,7 +2,7 @@
# Cookbook Name:: ossec
# Attributes:: default
#
# Copyright 2010, Opscode, Inc.
# Copyright 2010-2015, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
......@@ -17,31 +17,30 @@
# limitations under the License.
#
# general settings
default['ossec']['server_role'] = "ossec_server"
default['ossec']['server_role'] = 'ossec_server'
default['ossec']['server_env'] = nil
default['ossec']['checksum'] = "f8ac4a7d74068a8ca4f14e3c906bfa3a68a87fd026b463422bea79fe9d747249"
default['ossec']['version'] = "2.7"
default['ossec']['checksum'] = '917989e23330d18b0d900e8722392cdbe4f17364a547508742c0fd005a1df7dd'
default['ossec']['version'] = '2.8.3'
default['ossec']['url'] = "http://www.ossec.net/files/ossec-hids-#{node['ossec']['version']}.tar.gz"
default['ossec']['logs'] = []
default['ossec']['syscheck_freq'] = 79200
default['ossec']['syscheck_freq'] = 79_200
default['ossec']['disable_config_generation'] = false
# data bag configuration
default['ossec']['data_bag']['encrypted'] = false
default['ossec']['data_bag']['name'] = "ossec"
default['ossec']['data_bag']['ssh'] = "ssh"
default['ossec']['data_bag']['name'] = 'ossec'
default['ossec']['data_bag']['ssh'] = 'ssh'
# server-only
default['ossec']['server']['maxagents'] = 256
# used to populate config files and preload values for install
default['ossec']['user']['language'] = "en"
default['ossec']['user']['install_type'] = "local"
default['ossec']['user']['dir'] = "/var/ossec"
default['ossec']['user']['language'] = 'en'
default['ossec']['user']['install_type'] = 'local'
default['ossec']['user']['dir'] = '/var/ossec'
default['ossec']['user']['delete_dir'] = true
default['ossec']['user']['active_response'] = true
default['ossec']['user']['active_response'] = true
default['ossec']['user']['syscheck'] = true
default['ossec']['user']['rootcheck'] = true
default['ossec']['user']['update'] = false
......@@ -49,8 +48,8 @@ default['ossec']['user']['update_rules'] = true
default['ossec']['user']['binary_install'] = false
default['ossec']['user']['agent_server_ip'] = nil
default['ossec']['user']['enable_email'] = true
default['ossec']['user']['email'] = "ossec@example.com"
default['ossec']['user']['smtp'] = "127.0.0.1"
default['ossec']['user']['email'] = 'ossec@example.com'
default['ossec']['user']['smtp'] = '127.0.0.1'
default['ossec']['user']['remote_syslog'] = false
default['ossec']['user']['firewall_response'] = true
default['ossec']['user']['pf'] = false
......@@ -58,8 +57,8 @@ default['ossec']['user']['pf_table'] = false
default['ossec']['user']['white_list'] = []
# web-ui only
default['ossec']['wui']['checksum'] = "142febadfd4b0de5a13ebd93c13eedfbee5f1899b6ee71c248054c14f47b8089"
default['ossec']['wui']['version'] = "0.3"
default['ossec']['wui']['checksum'] = '142febadfd4b0de5a13ebd93c13eedfbee5f1899b6ee71c248054c14f47b8089'
default['ossec']['wui']['version'] = '0.3'
default['ossec']['wui']['url'] = "http://www.ossec.net/files/ossec-wui-#{node['ossec']['wui']['version']}.tar.gz"
default['ossec']['users_databag'] = 'users'
default['ossec']['users_databag_group'] = 'sysadmin'
# Put files/directories that should be ignored in this file when uploading
# to a chef-server or supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
Icon?
nohup.out
ehthumbs.db
Thumbs.db
# SASS #
########
.sass-cache
# EDITORS #
###########
\#*
.#*
*~
*.sw[a-z]
*.bak
REVISION
TAGS*
tmtags
*_flymake.*
*_flymake
*.tmproj
.project
.settings
mkmf.log
## COMPILED ##
##############
a.out
*.o
*.pyc
*.so
*.com
*.class
*.dll
*.exe
*/rdoc/
# Testing #
###########
.watchr
.rspec
spec/*
spec/fixtures/*
test/*
features/*
examples/*
Guardfile
Procfile
.kitchen*
.rubocop.yml
spec/*
Rakefile
.travis.yml
.foodcritic
.codeclimate.yml
# SCM #
#######
.git
*/.git
.gitignore
.gitmodules
.gitconfig
.gitattributes
.svn
*/.bzr/*
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Cookbooks #
#############
CONTRIBUTING*
CHANGELOG*
TESTING*
MAINTAINERS.toml
# Strainer #
############
Colanderfile
Strainerfile
.colander
.strainer
# Vagrant #
###########
.vagrant
Vagrantfile
name "ossec"
maintainer "Joshua Timberman"
maintainer_email "cookbooks@housepub.org"
license "Apache 2.0"
description "Installs/Configures ossec"
name 'ossec'
maintainer 'Joshua Timberman'
maintainer_email 'cookbooks@housepub.org'
license 'Apache 2.0'
description 'Installs and onfigures ossec'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version "1.0.5"
version '1.0.5'
%w{ build-essential apt apache2 }.each do |pkg|
%w( build-essential apt apache2 ).each do |pkg|
depends pkg
end
%w{ debian ubuntu arch redhat centos fedora }.each do |os|
%w( debian ubuntu arch redhat centos fedora scientific oracle amazon ).each do |os|
supports os
end
source_url 'https://github.com/jtimberman/ossec-cookbook' if respond_to?(:source_url)
issues_url 'https://github.com/jtimberman/ossec-cookbook/issues' if respond_to?(:issues_url)
......@@ -2,7 +2,7 @@
# Cookbook Name:: ossec
# Recipe:: agent
#
# Copyright 2010, Opscode, Inc.
# Copyright 2010-2015, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
......@@ -17,4 +17,4 @@
# limitations under the License.
#
include_recipe "ossec::client"
include_recipe 'ossec::client'