cookbook 'libuuid-user', '~> 1.0.2'
The libuuid-user cookbook has been deprecated
Author provided reason for deprecation:
The libuuid-user cookbook has been deprecated and is no longer being maintained by its authors. Use of the libuuid-user cookbook is no longer recommended.
libuuid-user (3) Versions 1.0.2 Follow2
Set a non-login shell for the libuuid user on Ubuntu/Debian and validate that it is correct.
cookbook 'libuuid-user', '~> 1.0.2', :supermarket
knife supermarket install libuuid-user
knife supermarket download libuuid-user
libuuid-user
Set a non-login shell for the libuuid user on Ubuntu/Debian and validate that it is correct.
This cookbook serves two purposes.
- Remediate the issue reported in Ubuntu and Debian regarding the
libuuid
user missing a shell that disables login. - Provide examples that show the difference between Chef's audit mode (which uses Serverspec), and "regular" Serverspec.
Usage
Include recipe[libuuid-user]
on any nodes that need to have this user updated to ensure that the shell is set correctly.
Include recipe[libuuid-user::verify]
on any node where audit mode should be used to verify that the libuuid user's shell is set correctly.
The verify
recipe can be used independently on nodes with audit mode set to :audit_only
(chef-client --audit-mode audit_only
) to check for non-compliant systems before using the default
recipe.
Audit Mode
Use the default and verify recipes and run audit mode with :enabled
. The test validates that the policy is correct:
The libuuid user should have its shell set to /bin/false
The control has a single test that the user's shell is set to /bin/false
, as that is the defined policy. We use /bin/false
instead of /usr/sbin/nologin
because in Ubuntu 15.04 or Debian 8 and newer releases, the user is set to use /bin/false
as the shell.
Serverspec
Use test kitchen from this cookbook's repository with kitchen test
or kitchen verify
to run the default and verify recipes and run the tests with Serverspec.
The test verifies that the root
user cannot su
to the libuuid
user - the su
command will return exit status 1 when attempting to log in with a user that has their shell set to /bin/false
. This is subtley different than the audit mode test, as the implementation of the shell is not the important part to test. It's the inability to login that is most relevant. If the shell were set to /usr/sbin/nologin
, for example, it would still exit with a status of 1.
Requirements
Chef 12.1.0+
Ubuntu 14.04 or Debian 7.8.
Debian 8+ is not affected. It appears that Ubuntu 15.04 is not affected either.
Other platforms are not supported. Older versions of Ubuntu or Debian may work with or without modification.
License and Author
- Author: Joshua Timberman joshua@chef.io
- Copyright (c) 2015 Chef Software, Inc. legal@chef.io
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
libuuid-user Cookbook CHANGELOG
This file is used to list changes made in each version of the libuuid-user cookbook.
1.0.2 (2017-05-30)
- Use standard rubocop file
- Add contributing doc
- Add cookbook version and Travis CI badge
- Add additional metadata for supermarket
- Update chefignore
- Use SPDX standard license string
- Update chefspec matchers
- Convert from Rakefile to Delivery local mode
- Add chef_version metadata
- Add more platforms to the kitchen config
- Add a kitchen-dokken config
v1.0.1
-
#1 Use
/bin/false
instead of/usr/sbin/nologin
.
v1.0.0
- Initial release
Collaborator Number Metric
1.0.2 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
1.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Cookstyle Metric
1.0.2 failed this metric
Chef/Deprecations/EOLAuditModeUsage: The beta Audit Mode feature in Chef Infra Client was removed in Chef Infra Client 15.0. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_eolauditmodeusage): libuuid-user/recipes/verify.rb: 21
Run with Cookstyle Version 7.32.1 with cops Chef/Deprecations,Chef/Correctness,Chef/Sharing,Chef/RedundantCode,Chef/Modernize,Chef/Security,InSpec/Deprecations
No Binaries Metric
1.0.2 passed this metric
Testing File Metric
1.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.2 failed this metric
1.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Cookstyle Metric
1.0.2 failed this metric
Chef/Deprecations/EOLAuditModeUsage: The beta Audit Mode feature in Chef Infra Client was removed in Chef Infra Client 15.0. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_eolauditmodeusage): libuuid-user/recipes/verify.rb: 21
Run with Cookstyle Version 7.32.1 with cops Chef/Deprecations,Chef/Correctness,Chef/Sharing,Chef/RedundantCode,Chef/Modernize,Chef/Security,InSpec/Deprecations
No Binaries Metric
1.0.2 passed this metric
Testing File Metric
1.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.2 failed this metric
Run with Cookstyle Version 7.32.1 with cops Chef/Deprecations,Chef/Correctness,Chef/Sharing,Chef/RedundantCode,Chef/Modernize,Chef/Security,InSpec/Deprecations
1.0.2 passed this metric
Testing File Metric
1.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.2 failed this metric
1.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number