cookbook 'r1337-sshconfig', '= 0.1.1'
r1337-sshconfig (7) Versions 0.1.1 Follow0
Configure OpenSSH with standard or hardened settings
cookbook 'r1337-sshconfig', '= 0.1.1', :supermarket
knife supermarket install r1337-sshconfig
knife supermarket download r1337-sshconfig
Chef Cookbook - r1337-sshconfig
This Chef cookbook will configure SSH on Linux servers to be compliant with Route 1337 security policies. There are a few versions of the configuration depending on the recipe that is chosen
SSH Config Recipes
- standardssh.rb is the standard recipe suitable for use on internal LANs or where networks are trusted to be secured
- hardenedssh.rb is a recipe for use in DMZs or other networks where sophisticated attacks are either expected, or where more stringent policies exist
Changes Performed
- Configures OpenSSH server with custom security settings depending on recipe selected.
- Ensures OpenSSH is installed, configured and enabled/running
Requirements
- Chef (Tested on Chef 13)
- Linux chef-clients (Tested on Ubuntu 14.04, Ubuntu 16.04 and CentOS 7.2 but kitchen will let you test anything you want)
- The openssh cookbook from Chef Supermarket
Installation Tips
- We personally use Berks to install this into Chef servers, because it will grab the dependencies for you as well.
- You must set the attribute ['r1337-sshconfig']['sshpolicy'] to
hardened
if you want something stronger than the default. For most people the default is fine.
Limitations
- None so far :)
Known Issues
- None so far :)
Bug Fixes & Changes
- v0.1.1
- Set
AllowTcpForwarding no
on the Hardened configuration
- Set
- v0.1.0
- Initial release
Use Cases
Configuring SSH as part of a base security requirement
Donate To Support This Chef Cookbook
Route 1337, LLC operates entirely on donations. If you find this cookbook useful, please consider donating via one of these methods.
- Bitcoin: 1CnzzrPh3iirEkLRLiWFKXDV9i5TXHQjE2
- Bitcoin Cash: qzcq645swgd87s7t5mmmjcumf4armhtjt5euww5c29
- Litecoin: LWYbc9hf5ErJsF874Q3wwmMiASHRWgwrjR
- Ethereum: 0x117543aa7a4D704849171cA06568Ece71B111D18
Thank you for your support!
Dependent cookbooks
openssh >= 0.0.0 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Collaborator Number Metric
0.1.1 failed this metric
Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.1.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.1 failed this metric
FC069: Ensure standardized license defined in metadata: r1337-sshconfig/metadata.rb:1
Run with Foodcritic Version 12.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
License Metric
0.1.1 failed this metric
r1337-sshconfig does not have a valid open source license.
Acceptable licenses include Apache-2.0, apachev2, Apache 2.0, MIT, mit, GPL-2.0, gplv2, GNU Public License 2.0, GPL-3.0, gplv3, GNU Public License 3.0.
No Binaries Metric
0.1.1 passed this metric
Testing File Metric
0.1.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.1 passed this metric
0.1.1 failed this metric
0.1.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.1 failed this metric
FC069: Ensure standardized license defined in metadata: r1337-sshconfig/metadata.rb:1
Run with Foodcritic Version 12.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
License Metric
0.1.1 failed this metric
r1337-sshconfig does not have a valid open source license.
Acceptable licenses include Apache-2.0, apachev2, Apache 2.0, MIT, mit, GPL-2.0, gplv2, GNU Public License 2.0, GPL-3.0, gplv3, GNU Public License 3.0.
No Binaries Metric
0.1.1 passed this metric
Testing File Metric
0.1.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.1 passed this metric
0.1.1 failed this metric
Run with Foodcritic Version 12.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
0.1.1 failed this metric
r1337-sshconfig does not have a valid open source license.
Acceptable licenses include Apache-2.0, apachev2, Apache 2.0, MIT, mit, GPL-2.0, gplv2, GNU Public License 2.0, GPL-3.0, gplv3, GNU Public License 3.0.
No Binaries Metric
0.1.1 passed this metric
Testing File Metric
0.1.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.1 passed this metric
0.1.1 passed this metric
0.1.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.1 passed this metric
0.1.1 passed this metric