Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

RSS

bastion (15) Versions 4.0.0

Configures a node to be a bastion host

Berkshelf
Policyfile
Knife
cookbook 'bastion', '~> 4.0.0'
cookbook 'bastion', '~> 4.0.0', :supermarket
knife supermarket install bastion
knife supermarket download bastion
README
Dependencies
Changelog
Quality 75%

Bastion Cookbook

Cookbook Version Build Status

A Chef cookbook for configuring a server to be used as a bastion host for remote access to and administration of an otherwise walled-off network.

Requirements

This cookbook is written to hopefully work on, or be expandable to, other distros, but is currently only tested against Ubuntu Linux.

As of v2.0.0, this cookbook requires Chef 12.5 or higher due to its dependency on the docker cookbook.

Usage

Override any included attributes as needed and add bastion to your run_list.

Recipes

default

Refreshes the APT cache and configures the firewall and remote desktop (below).

dev_tools

Installs certain base dev tools--currently, Git.

firewall

If the firewall enabled attribute is set to true (the default), enables the system firewall and pokes holes in it for SSH (port 22) from an attribute-specified set of trusted networks.

If the firewall is not set to enabled, it disables it.

remote_desktop

Installs X2go, Google Chrome, and Firefox.

greeting

Adds a configurable MOTD-style greeting for system users that (by default) requires a user interaction before the session will continue.

Attributes

default

    default['bastion']['firewall']['enabled'] = true

Whether or not the system firewall should be enabled. This can be overridden to false if, for example, port access is instead being handled solely in your cloud provider's security configuration.

    default['bastion']['firewall']['trusted_networks'] = %w(
      10.0.0.0/8
      172.16.0.0/12
      192.168.0.0/16
    )

The set of CIDR ranges to allow access from in the system firewall.

    default['bastion']['greeting']['message']  = '...'
    default['bastion']['greeting']['require_response'] = true

The greeting message can be customized as you see fit and the user interaction requirement disabled if needed.

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Add tests for the new feature; ensure they pass (rake)
  4. Commit your changes (git commit -am 'Add some feature')
  5. Push to the branch (git push origin my-new-feature)
  6. Create a new Pull Request

License & Authors

Copyright 2015-2019, Socrata, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Dependent cookbooks

firewall ~> 2.5
x2go-server ~> 1.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Bastion Cookbook CHANGELOG

Unreleased

v3.4.6 (2019-03-22)

  • Added Ubuntu 18.04 support
  • Removed
    • docker
    • java
    • dnsmasq-local
    • snoopy
  • Uses Socrata's kitchen-microwave framework
  • Fixed unit and integration tests
  • Docker was removed since its not in use and dnsmasq-local is not compatible on 18.04.
  • dnsmasq-local isn't currently needed with docker being removed and lack of compatibility on 18.04.
  • snoopy was removed in favor of the system installed logging packages
  • java was removed in favor of the system level java install

v3.4.0 (2017-11-15)

  • Stop installing system Ruby

v3.3.0 (2017-05-19)

  • Update the dnsmasq-local dependency

v3.2.1 (2016-12-14)

  • Make the greeting message friendlier to newer versions of X2go

v3.2.0 (2016-09-26)

  • Update to use v1.x of the dnsmasq-local cookbook

v3.1.0 (2016-07-18)

  • Use Dnsmasq dynamic binding option to avoid race conditions with Docker
  • Remove direct dependency on the apt cookbook

v3.0.1 (2016-06-03)

  • Make the greeting output great (and colorized) again

v3.0.0 (2016-06-03)

  • Convert the MOTD into an interactive user greeting

v2.1.0 (2016-05-19)

  • Offer an attribute-y means of passing in Docker options
  • Install dnsmasq and use it for Docker's DNS queries

v2.0.0 (2016-05-16)

  • Install Docker and optionally pull in some images
  • Drop compatibility with Chef 11
  • Update apt, firewall, and x2go-server dependencies

v1.1.0 (2016-05-06)

  • Add a configurable MOTD

v1.0.0 (2015-10-26)

  • Replace Auditd with Snoopy for logging execve calls
  • Install Oracle Java with the other dev tools

v0.3.0 (2015-10-08)

  • Install a limited set of dev tools--Git and Ruby

v0.2.0 (2015-09-25)

  • Install auditd and log all of the things

v0.1.0 (2015-09-16)

  • Initial release; Ubuntu only

v0.0.1 (2015-09-04)

  • Development started

Collaborator Number Metric
            

4.0.0 failed this metric

Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

4.0.0 passed this metric

Foodcritic Metric
            

4.0.0 passed this metric

No Binaries Metric
            

4.0.0 passed this metric

Publish Metric
            

4.0.0 passed this metric

Supported Platforms Metric
            

4.0.0 passed this metric

Testing File Metric
            

4.0.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

4.0.0 passed this metric