Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

The libuuid-user cookbook has been deprecated

The libuuid-user cookbook has been deprecated and is no longer being maintained by its authors. Use of the libuuid-user cookbook is no longer recommended.

RSS

libuuid-user (3) Versions 1.0.2

Set a non-login shell for the libuuid user on Ubuntu/Debian and validate that it is correct.

Berkshelf/Librarian
Policyfile
Knife
cookbook 'libuuid-user', '~> 1.0.2'
cookbook 'libuuid-user', '~> 1.0.2', :supermarket
knife cookbook site install libuuid-user
knife cookbook site download libuuid-user
README
Dependencies
Changelog
Quality 89%

libuuid-user

Build Status Cookbook Version

Set a non-login shell for the libuuid user on Ubuntu/Debian and validate that it is correct.

This cookbook serves two purposes.

  1. Remediate the issue reported in Ubuntu and Debian regarding the libuuid user missing a shell that disables login.
  2. Provide examples that show the difference between Chef's audit mode (which uses Serverspec), and "regular" Serverspec.

Usage

Include recipe[libuuid-user] on any nodes that need to have this user updated to ensure that the shell is set correctly.

Include recipe[libuuid-user::verify] on any node where audit mode should be used to verify that the libuuid user's shell is set correctly.

The verify recipe can be used independently on nodes with audit mode set to :audit_only (chef-client --audit-mode audit_only) to check for non-compliant systems before using the default recipe.

Audit Mode

Use the default and verify recipes and run audit mode with :enabled. The test validates that the policy is correct:

The libuuid user should have its shell set to /bin/false

The control has a single test that the user's shell is set to /bin/false, as that is the defined policy. We use /bin/false instead of /usr/sbin/nologin because in Ubuntu 15.04 or Debian 8 and newer releases, the user is set to use /bin/false as the shell.

Serverspec

Use test kitchen from this cookbook's repository with kitchen test or kitchen verify to run the default and verify recipes and run the tests with Serverspec.

The test verifies that the root user cannot su to the libuuid user - the su command will return exit status 1 when attempting to log in with a user that has their shell set to /bin/false. This is subtley different than the audit mode test, as the implementation of the shell is not the important part to test. It's the inability to login that is most relevant. If the shell were set to /usr/sbin/nologin, for example, it would still exit with a status of 1.

Requirements

Chef 12.1.0+

Ubuntu 14.04 or Debian 7.8.

Debian 8+ is not affected. It appears that Ubuntu 15.04 is not affected either.

Other platforms are not supported. Older versions of Ubuntu or Debian may work with or without modification.

License and Author

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

libuuid-user Cookbook CHANGELOG

This file is used to list changes made in each version of the libuuid-user cookbook.

1.0.2 (2017-05-30)

  • Use standard rubocop file
  • Add contributing doc
  • Add cookbook version and Travis CI badge
  • Add additional metadata for supermarket
  • Update chefignore
  • Use SPDX standard license string
  • Update chefspec matchers
  • Convert from Rakefile to Delivery local mode
  • Add chef_version metadata
  • Add more platforms to the kitchen config
  • Add a kitchen-dokken config

v1.0.1

  • #1 Use /bin/false instead of /usr/sbin/nologin.

v1.0.0

  • Initial release

Collaborator Number Metric
            

1.0.2 passed this metric

Contributing File Metric
            

1.0.2 passed this metric

Foodcritic Metric
            

1.0.2 passed this metric

License Metric
            

1.0.2 passed this metric

No Binaries Metric
            

1.0.2 passed this metric

Publish Metric
            

1.0.2 failed this metric

libuuid-user is deprecated

Supported Platforms Metric
            

1.0.2 passed this metric

Testing File Metric
            

1.0.2 passed this metric

Version Tag Metric
            

1.0.2 passed this metric