Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

The libuuid-user cookbook has been deprecated

The libuuid-user cookbook has been deprecated and is no longer being maintained by its authors. Use of the libuuid-user cookbook is no longer recommended.

RSS

libuuid-user (3) Versions 1.0.0

Set a non-login shell for the libuuid user on Ubuntu/Debian and validate that it is correct.

Berkshelf/Librarian
Policyfile
Knife
cookbook 'libuuid-user', '= 1.0.0'
cookbook 'libuuid-user', '= 1.0.0', :supermarket
knife cookbook site install libuuid-user
knife cookbook site download libuuid-user
README
Dependencies
Changelog
Quality

libuuid-user

Set a nologin shell for the libuuid user on Ubuntu/Debian and validate that it is correct.

This cookbook serves two purposes.

  1. Remediate the issue reported in Ubuntu and Debian regarding the libuuid user missing a shell that disables login.
  2. Provide examples that show the difference between Chef's audit mode (which uses Serverspec), and "regular" Serverspec.

Usage

Include recipe[libuuid-user] on any nodes that need to have this user updated to ensure that the shell is set correctly.

Include recipe[libuuid-user::verify] on any node where audit mode should be used to verify that the libuuid user's shell is set correctly.

The verify recipe can be used independently on nodes with audit mode set to :audit_only (chef-client --audit-mode audit_only) to check for non-compliant systems before using the default recipe.

Audit Mode

Use the default and verify recipes and run audit mode with :enabled. The test validates that the policy is correct:

The libuuid user should have its shell set to /usr/sbin/nologin

The control has a single test that the user's shell is set to /usr/sbin/nologin, as that is the defined policy. We want a nice message to someone attempting to su, which is why we use nologin instead of /bin/false, as that would simply exit with no informational message.

Serverspec

Use test kitchen from this cookbook's repository with kitchen test or kitchen verify to run the default and verify recipes and run the tests with Serverspec.

The test verifies that the root user cannot su to the libuuid user. This is subtley different than the audit mode test, as the implementation of the shell is not the important part to test. It's the inability to login that is most relevant.

Requirements

Chef 12.1.0+

Ubuntu 14.04 or Debian 7.8.

Other platforms are not supported. Older versions of Ubuntu or Debian may work with or without modification.

License and Author

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

v1.0.0

  • Initial release

Foodcritic Metric
            

1.0.0 failed this metric

FC031: Cookbook without metadata file: /tmp/cook/730b062645de424f8990e958/libuuid-user/metadata.rb:1
FC045: Consider setting cookbook name in metadata: /tmp/cook/730b062645de424f8990e958/libuuid-user/metadata.rb:1