cookbook 'configure_and_deploy_ssc', '~> 16.11.0'
configure_and_deploy_ssc (1) Versions 16.11.0 Follow0
Configures and deploys the Fortify SSC Server WAR file.
cookbook 'configure_and_deploy_ssc', '~> 16.11.0', :supermarket
knife supermarket install configure_and_deploy_ssc
knife supermarket download configure_and_deploy_ssc
Configure and deploy HPE Fortify Software Security Center Chef Cookbook
The HPE Fortify Software Security Center is a Java-based web application used to aggregate the scan results of Fortify SCA, Fortify WebInspect and other software security vulnerability scanners. This cookbook downloads, configures and deploys Software Security Center, MySQL, and Tomcat 8.
This cookbook relies on the following files being placed at "['configure_ssc']['resource_url']" on your local network.
- HPE_Security_Fortify_SSC_XX.XX_Server_WAR.zip
- mysql-connector-java-5.1.26-bin.jar
- HP_Fortify_PCI_Basic_Seed_Bundle_20XX_QX.zip
- HP_Fortify_Process_Seed_Bundle_20XX_QX.zip
- HP_Fortify_Report_Seed_Bundle_20XX_QX.zip
Where "X" represents either the SSC or Seed Bundle release number for the files mentioned above.
See the "Resource Urls" and "Package Names" sections of the attributes/default.rb file.
PLEASE NOTE:
- This cookbook has been tested with SSC version [16.11]
- This cookbook does not upgrade existing SSC instances. If an instance of SSC is detected in the Tomcat webapps directory, execution will abort.
- The version number on this cookbook and also in future releases will match the Fortify release numbers.
- If there bug fix releases for the cookbook on a corresponding Fortify release, then the 3rd number in the version number will be incremented
- For example: 16.11.0 -> 16.11.1
- You NEED to set the attribute ['java']['oracle']['accept_oracle_download_terms'] to "true" in the attributes file in order for the oracle installation to work. The default setting is false due to licensing concerns.
Requirements
Platforms
- RHEL 7
- CentOS 7
Chef
- Chef >= 12.12. May work on earlier versions.
Additional Information
How this cookbook works:
This cookbook works by adding the OS specific recipe to the node's run-list. Major actions to install Fortify SSC are broken out in to their own recipes to make things a little more modular should the default recipes not be in line with your existing infrastructures current configuration or requirements.
For example the following is the hierarchy and order by which recipes will be executed for the recipe "configure_and_deploy_ssc::rhel":
- rhel
- rhel_install_java
- rhel_install_tomcat8
- rhel_install_mysql
- rhel_workspace_setup
- rhel_download_ssc_files
- rhel_create_db
- rhel_configure_war
- rhel_seed_db
- rhel_deploy_ssc_war
- rhel_node_security_settings
To-do items:
- Make it so that you can deploy/download the “fortify.license” file rather than distributing it as a template
- There seems to be a bug with trying to start tomcat 8 as a systemd service on CentOS/RHEL. The server will start up with no errors, but will fail to render any of the pages unless you start it manually as root. Need to investigate more.
- Re-Integrate the Windows attributes and recipe to this cookbook. Logic will need to be present so that the windows attributes will not activate when not being run on a Windows system.
- Update comments to inform the operator how to change attributes to handle different servlet containers besides Tomcat
- This may also entail having to have recipes for installing those other servlet containers (eg: jboss)
- Update comments to imform the operator how to change attributes to handle different databases besides MySQL
- This may also enatil having to have recipes for installing those other databases (eg: MS-SQL, Oracle, Derby, etc...)
- Create a recipe or new cookbook altogether to installing SCA
- Create recipes for hardening the database and app server installations
- Create a recipe to enable smart-card/CAC based authentication
- Create OS detecting attribute files
Quick Install
This assumes you're going to be uploading this cookbook to a chef server. There are some required dependencies that you'll need to download. Follow the instructions below to get this cookbook along with the other required cookbooks uploaded to your chef server quickly:
- Ensure you're running ChefDK version >= 0.19.6
- Copy this cookbook to your chef repo
- Open a terminal/console and change directory to this cookbook
- Copy the contents of your "fortify.license" file to "templates/default/fortify.license.erb"
- Set the attribute ['java']['oracle']['accept_oracle_download_terms'] to "true" in the attributes file
- Ensure the SSC zip, Seed Bundles, and MySQL JDBC jar are placed at "['configure_ssc']['resource_url']" on your local network
- Type in the following commands:
[dev@chef-ws1 ~]# berks install
[dev@chef-ws1 ~]# berks upload
- At this point the cookbook and it's needed dependencies should be on the chef server. Just add "configure_and_deploy_ssc::rhel" to that targeted node's run-list.
Dependent cookbooks
chef_handler >= 0.0.0 |
zipfile >= 0.1.0 |
java >= 0.0.0 |
tomcat ~> 2.3.3 |
mysql ~> 6.1.3 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Collaborator Number Metric
16.11.0 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
16.11.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
16.11.0 failed this metric
FC064: Ensure issues_url is set in metadata: configure_and_deploy_ssc/metadata.rb:1
FC065: Ensure source_url is set in metadata: configure_and_deploy_ssc/metadata.rb:1
FC066: Ensure chef_version is set in metadata: configure_and_deploy_ssc/metadata.rb:1
FC069: Ensure standardized license defined in metadata: configure_and_deploy_ssc/metadata.rb:1
FC121: Cookbook depends on cookbook made obsolete by Chef 14: configure_and_deploy_ssc/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
16.11.0 failed this metric
Failure: Cookbook should not contain binaries. Found:
configure_and_deploy_ssc/dependency_graph.png
Testing File Metric
16.11.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
16.11.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
16.11.0 failed this metric
16.11.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
16.11.0 failed this metric
FC064: Ensure issues_url is set in metadata: configure_and_deploy_ssc/metadata.rb:1
FC065: Ensure source_url is set in metadata: configure_and_deploy_ssc/metadata.rb:1
FC066: Ensure chef_version is set in metadata: configure_and_deploy_ssc/metadata.rb:1
FC069: Ensure standardized license defined in metadata: configure_and_deploy_ssc/metadata.rb:1
FC121: Cookbook depends on cookbook made obsolete by Chef 14: configure_and_deploy_ssc/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
16.11.0 failed this metric
Failure: Cookbook should not contain binaries. Found:
configure_and_deploy_ssc/dependency_graph.png
Testing File Metric
16.11.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
16.11.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
16.11.0 failed this metric
FC065: Ensure source_url is set in metadata: configure_and_deploy_ssc/metadata.rb:1
FC066: Ensure chef_version is set in metadata: configure_and_deploy_ssc/metadata.rb:1
FC069: Ensure standardized license defined in metadata: configure_and_deploy_ssc/metadata.rb:1
FC121: Cookbook depends on cookbook made obsolete by Chef 14: configure_and_deploy_ssc/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
16.11.0 failed this metric
Failure: Cookbook should not contain binaries. Found:
configure_and_deploy_ssc/dependency_graph.png
Testing File Metric
16.11.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
16.11.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
16.11.0 failed this metric
16.11.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number