Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

cerberus (4) Versions 2.1.0

Installs/Configures Cerberus firewall manager for Windows 2003 and 2008

Policyfile
Berkshelf
Knife
cookbook 'cerberus', '~> 2.1.0', :supermarket
cookbook 'cerberus', '~> 2.1.0'
knife supermarket install cerberus
knife supermarket download cerberus
README
Dependencies
Quality 0%

Description

https://github.com/cixelsyd/cookbooks/tree/master/cerberus

Installs/Configures cerberus firewall manager for Windows. Supports 2003 and 2008. The key thought behind Cerberus' modus operandi is simple: define the permitted ports and protocols in one databag and the permitted IP addresses / ranges in another. Any IP inside the ip_permit databag would have access to all of the declared ports.

http://bit.ly/chefcerberus

Cerberus >= 1.0.0 handles a significant bug in (both architectures of) Windows 2008 advfirewall manager whereby the "remoteip=" string has a short character limit. Instead of concatinating all the permitted ips onto one line, cerberus now writes a rule for every remoteip. This is a bummer, actually, because the netsh advfirewall command takes an extremely long time to run on Windows 2008 i386. An. Extremely. Long. Time. Note, this slow behaviour seems to build over time, and regular reboots seem to mitigate the issue significantly. This issue does not seem to impact Windows 2008 R2 x86_64. If you can migrate your machines from Windows 2008 i386 to Windows 2008 R2 x86_64, this is highly recommended.

Updated to support opening http to facebook, twitter, and AWS networks.

Cerberus >= 2.1.0 is a complete re-write for chef-client version 11! Although the supporting structure is identical and compatible with previous versions of the cookbook, the internal logic has received a significant upgrade. Cerberus now creates json templates internally with information from the ip_permit and firewall_rules data bags, and only instructs windows to edit the firewall rule if it changes. Previously, the entire ruleset was removed and replaced during each chef run, which could cause connections to stutter. Cerberus now runs much more quickly and is more robust.

Requirements

Windows 2003 or 2008, a data bag to hold permitted ip addresses and a data bag to hold protocol details. Also requires the twitter cookbook to tweet service status changes; this dependency can be broken and removed easily.

Attributes

The Windows 2003 version uses a few attributes to point at the the "inf" file used for rule deployment; however, the vast majority of the information is stored inside data bags. Logging of dropped connections and packets is now stored inside an attribute.

Usage

Create two data bags and add the permitted ips to the first and the permitted ports to the second as such:

ip_permit (sample item below)
{
"name": "data_bag_item_ip_permit_www",
"raw_data": {
"netmask": "/32",
"comment": "example host description here",
"fqdn": "www.smashrun.com",
"ipaddress": "192.168.0.110",
"id": "www",
"owner": "Joe User"
},
"json_class": "Chef::DataBagItem",
"data_bag": "ip_permit",
"chef_type": "data_bag_item"
}

firewall_rules (sample item below)
{
"name": "data_bag_item_firewall_rules_3389",
"raw_data": {
"name": "rdp",
"protocol": "tcp",
"id": "3389",
"permit": "enabled",
"description": "Remote Desktop (tcp 3389)"
},
"json_class": "Chef::DataBagItem",
"data_bag": "firewall_rules",
"chef_type": "data_bag_item"
}

Then add the cookbook to the runlist and watch it go!

Collaborator Number Metric
            

2.1.0 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

2.1.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

2.1.0 failed this metric

FC064: Ensure issues_url is set in metadata: cerberus/metadata.rb:1
FC065: Ensure source_url is set in metadata: cerberus/metadata.rb:1
FC066: Ensure chef_version is set in metadata: cerberus/metadata.rb:1
FC069: Ensure standardized license defined in metadata: cerberus/metadata.rb:1
FC104: Use the :run action in ruby_block instead of :create: cerberus/definitions/sentry_json.rb:20
FC104: Use the :run action in ruby_block instead of :create: cerberus/definitions/sentry_json.rb:24
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

No Binaries Metric
            

2.1.0 failed this metric

Failure: Cookbook should not contain binaries. Found:
cerberus/templates/default/netfw.inf-off.erb
cerberus/templates/default/netfw.inf-on.erb

Testing File Metric
            

2.1.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

2.1.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number