cookbook 'bastion', '= 1.0.0', :supermarket
bastion (14) Versions 1.0.0 Follow1
Configures a node to be a bastion host
cookbook 'bastion', '= 1.0.0'
knife cookbook site install bastion
knife cookbook site download bastion
A Chef cookbook for configuring a server to be used as a bastion host for remote access to and administration of an otherwise walled-off network.
This cookbook is written to hopefully work on, or be expandable to, other distros, but is currently only tested against Ubuntu Linux.
Some of the dependencies are pinned to older versions in order to maintain compatibility--for now--with Chef 11.
Override any included attributes as needed and add
bastion to your run_list.
Refreshes the APT cache and configures the firewall and remote desktop (below).
Installs certain base dev tools--currently Git and Ruby.
If the firewall enabled attribute is set to true (the default), enables the system firewall and pokes holes in it for SSH (port 22) from an attribute-specified set of trusted networks.
If the firewall is not set to enabled, it disables it.
Installs X2go, Google Chrome, and Firefox.
Installs + enables + starts Auditd, using rules based on the base STIG ruleset.
default['bastion']['firewall']['enabled'] = true
Whether or not the system firewall should be enabled. This can be overridden to false if, for example, port access is instead being handled solely in your cloud provider's security configuration.
default['bastion']['firewall']['trusted_networks'] = %w( 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 )
The set of CIDR ranges to allow access from in the system firewall.
- Fork it
- Create your feature branch (
git checkout -b my-new-feature)
- Add tests for the new feature; ensure they pass (
- Commit your changes (
git commit -am 'Add some feature')
- Push to the branch (
git push origin my-new-feature)
- Create a new Pull Request
License & Authors
- Author: Jonathan Hartman email@example.com
Copyright 2015 Socrata, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
|java ~> 1.35|
|snoopy ~> 1.0|
|x2go-server ~> 0.1|
|firewall ~> 1.1.0|
|apt ~> 2.0|
There are no cookbooks that are contingent upon this one.
Bastion Cookbook CHANGELOG
- Replace Auditd with Snoopy for logging execve calls
- Install Oracle Java with the other dev tools
- Install a limited set of dev tools--Git and Ruby
- Install auditd and log all of the things
- Initial release; Ubuntu only
- Development started
1.0.0 passed this metric
1.0.0 passed this metric