Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

RSS

duosecurity (10) Versions 1.2.0

Installs/Configures duosecurity two-factor system authentication on Ubuntu/Debian

Berkshelf/Librarian
Policyfile
Knife
cookbook 'duosecurity', '= 1.2.0'
cookbook 'duosecurity', '= 1.2.0', :supermarket
knife cookbook site install duosecurity
knife cookbook site download duosecurity
README
Dependencies
Changelog
Quality

duosecurity Cookbook

====================

Installs and configures login_duo for unix

Attributes

  • node["duosecurity"]["integration_key"] - Required. Integration key, recommended to set from an encrypted value.
  • node["duosecurity"]["secret_key"] - Required. Secret key, recommended to set from an encrypted value.
  • node["duosecurity"]["api_hostname"] - Required. API hostname for your Duo account.
  • node["duosecurity"]["groups"] - Optional. If specified, Duo authentication is required only for users whose primary group or supplementary group list matches one of the space-separated pattern lists.
  • node["duosecurity"]["failmode"] - Optional. On service or configuration errors that prevent Duo authentication, fail "safe" (allow access) or "secure" (deny access). The default is "safe".
  • node["duosecurity"]["pushinfo"] - Optional. Include information such as the command to be executed in the Duo Push message. Either "yes" or "no". The default is "no".
  • node["duosecurity"]["http_proxy"] - Optional. Use the specified HTTP proxy, same format as the HTTP_PROXY environment variable. (honored by wget, curl, etc.).
  • node["duosecurity"]["autopush"] - Optional. Either "yes" or "no". Default is "no". If "yes", Duo Unix will automatically send a push login request to the user's phone, falling back on a phone call if push is unavailable. If "no", the user will be prompted to choose an authentication method. When configured with autopush = yes, we recommend setting prompts = 1.
  • node["duosecurity"]["motd"] - Optional. Print the contents of /etc/motd to screen after a successful login. Either "yes" or "no". The default is "no". This option is only available for login_duo.
  • node["duosecurity"]["prompts"] - Optional. If a user fails to authenticate with a second factor, Duo Unix will prompt the user to authenticate again. This option sets the maximum number of prompts that Duo Unix will display before denying access. Must be 1, 2, or 3. Default is 3. For example, when prompts = 1, the user will have to successfully authenticate on the first prompt, whereas if prompts = 2, if the user enters incorrect information at the initial prompt, he/she will be prompted to authenticate again. When configured with autopush = yes, we recommend setting prompts = 1.
  • node["duosecurity"]["accept_env_factor"] - Optional. Look for factor selection or passcode in the $DUO_PASSCODE environment variable before prompting the user for input. When $DUO_PASSCODE is non-empty, it will override autopush. The SSH client will need SendEnv DUO_PASSCODE in its configuration, and the SSH server will similarily need AcceptEnv DUO_PASSCODE. Default is "no".
  • node["duosecurity"]["fallback_local_ip"] - Optional. Duo Unix reports the IP address of the authorizing user, for the purposes of authorization and whitelisting. If Duo Unix cannot detect the IP address of the client, setting fallback_local_ip = yes will cause Duo Unix to send the IP address of the server it is running on. If you are using IP whitelisting, enabling this option could cause unauthorized logins if the local IP is listed in the whitelist.
  • node["duosecurity"]["https_timeout"] - Optional. Set to the number of seconds to wait for HTTPS responses from Duo Security. If Duo Security takes longer than the configured number of seconds to respond to the preauth API call, the configured failmode is triggered. Other network operations such as DNS resolution, TCP connection establishment, and the SSL handshake have their own independent timeout and retry logic. Default is 0, which disables the HTTPS timeout.
  • node["duosecurity"]["install_type"] - Optional. Either "source" or "package". Defaults to "source" which will compile from source code and requires a working compiler (not managed by this cookbook).
  • node["duosecurity"]["use_pam"] - Optional. Either "yes" or "no". Default is "no". If "yes", Duo Unix will be setup as a pam module and ssh will be configured to use it rather than the login_duo binary.
  • node["duosecurity"]["protect_sudo"] - Optional. Either "yes" or "no". Default is "no". If "yes", then Duo two-factor authentication will be used for the sudo command if use_pam is also yes.
  • node["duosecurity"]["first_factor"] - Optional. Either "pubkey", "password" or undefined. pubkey will alter sshd configuration to use public key auth as first factor. password will alter sshd configuration to use password as first factor. Leaving undefined will not set default ssh authentication configuration. Requires use_pam to be yes.

Dependent cookbooks

sshd >= 0.0.0
pam >= 0.0.0
ark >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

duosecurity CHANGELOG

This file is used to list changes made in each version of the duosecurity cookbook.

0.1.0

  • [your_name] - Initial release of duosecurity

Check the Markdown Syntax Guide for help with Markdown.

The Github Flavored Markdown page describes the differences between markdown on github and standard markdown.

Foodcritic Metric
            

1.2.0 passed this metric